According to new research from Visa, consumers across Europe are interested in using biometrics when making a payment – especially when integrated with other security measures.
Nearly three-quarters (73 per cent) see two-factor authentication, where a biometric is used with a payment device, as a secure way to confirm an account holder. Two-factor authentication includes something you have, such as a card or a mobile device; something you are, such as a biometric; or something you know such as a PIN or password. When looking at the range of different payment situations at home or on the high street, over two-thirds (68 per cent) want to use biometrics as a method of payment authentication. Online retailers have the most opportunity for gain as nearly a third (31 per cent) of people have abandoned a browser-based purchase because of the payment security process.
Jonathan Vaux, Executive Director of Innovation Partnerships at Visa Europe said: “Biometric identification and verification has created a great deal of excitement in the payments space because it offers an opportunity to streamline and improve the customer experience. Our research shows that biometrics is increasingly recognised as a trusted form of authentication as people become more familiar with using these capabilities on their devices.
“However, one of the challenges for biometrics is scenarios in which it is the only form of authentication. It could result in a false positive or false negative because, unlike a PIN which is entered either correctly or incorrectly, biometrics are not a binary measurement but are based on the probability of a match. Biometrics work best when linked to other factors, such as the device, geolocation technologies or with an additional authentication method. That’s why we believe that it’s important to take a holistic approach that considers a wide range of enabling technologies that contribute to a better end-to-end experience, from provisioning a card to making a purchase to checking your balance.”
When looking at the benefits of biometric authentication – the process that validates a person’s identity by measuring an intrinsic characteristic specific to an individual such as fingerprints or iris patterns – half of Europeans (51pc) state that biometric authentication for payments could create a faster and easier payment experience than traditional methods. Similarly, a third (33pc) like the fact that biometric authentication means that their details would be safe even if their device was lost or stolen.
Vaux added that consumers will have an increasing number of choices in how they pay. “Just as the payment behaviour will change dependent on where you are and on what device you are shopping, the methods of authentication will need to be use-case appropriate. While biometric forms of authentication offer significant opportunities to achieve the right balance between convenience and security, they are not the only answer. In the future we will see a mix of solutions dependent on the purchasing situation. By adapting our standards to recognise these technologies as valid forms of authentication now, we can help provide the environment for payments to continue to take place securely, conveniently and discreetly.”
Fingerprint
In the study of over 14,000 European consumers, the research reveals that discretion and familiarity with biometric forms are important factors for uptake. With the advent of mobile payments, fingerprint recognition is deemed to be the most favourable form of biometric payment for its ease of use and security. When looking solely at the perceived security of biometric technologies, 81pc of consumers see fingerprints as most secure, followed by iris scanning (76pc). More than half (53pc) express a preference for fingerprint over other forms of biometric authentication when using it for payment. And an equal number of people (73pc) are as comfortable with fingerprint authentication as they are with PINs.
Across Europe, few people say they would prefer voice or facial recognition as a payment method in a range of payment situations whether physically in a shop paying for goods or services, or shopping online at home (12pc and 15pc, respectively). In the UK, these figures fall to 8pc and 12pc, respectively, for voice or facial recognition as payment forms.
Balance
With two-thirds (67pc) of consumers recognising the importance of security details to protect one’s identity, new forms of authentication must reach a balance between speed and security, the firm says. The research found that biometric authentication is almost equally valued in face-to-face payment situations where speed efficiencies are a priority as it is for online transactions. This is reflected in the findings:
– 48 per cent want to use biometric authentication for payments when on public transport
– 47 per cent want to use biometric authentication when paying at a bar or restaurant
– 46 per cent want to use it to purchase goods and services on the high street e.g. groceries, coffee and at fast food outlets.
– 40 per cent want to use it when shopping online
– 39 per cent when downloading content
When looking at the range of different payment situations at home or on the high street, over two-thirds (68 per cent) want to use biometrics as a method of payment authentication. Online retailers have the most opportunity for gain as nearly a third (31 per cent) of people have abandoned a browser-based purchase because of the payment security process.
About the research
Visa commissioned the biometric payments research with Populus. The research was conducted between 22 April and 6 May 2016 in seven European countries: UK, Sweden, Spain, France, Germany, Italy and Poland. The total sample size was 14,236 with around 2,000 respondents per country.
Comments
Richard Lack, Director of Sales – EMEA, Gigya, said: The news that two in three European consumers want to use biometric technology when making payments come as no surprise. Consumers tell us that they are struggling to remember what is now an average of over 100 passwords in Europe. At a time when the number of devices we own is rising sharply, this frustration has relegated the registration process to being the most broken thing about the internet. The future lies in methods of authentication without passwords, which consumers clearly favour, both in terms of convenience and enhanced security.
“Of course, scanning one’s finger or face is far more convenient than creating and remembering yet another username/password combination. What’s more, our most recent survey found that 80 per cent of all consumers believe that biometric authentication is more secure than traditional registration. Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security. This is a win/win scenario which sounds the death-knell for awkward and insecure passwords sooner than we may imagine.”
And Robert Capps, VP at NuData Security, a behavioural biometrics company said: “This study proves that there is a strong desire on the part of consumers to have secure AND frictionless user experiences when interacting and transacting online. The desire, however, might not match up with the reality of the situation. Physical biometrics such as fingerprints, selfies and voice authentication are seen by some as the ‘holy grail’ in user authentication, but they aren’t fool proof, and there are other challenges that may block their widespread adoption in non-face-to-face interactions.
“The fact that 53pc of respondents see fingerprints as a viable security solution isn’t surprising, given that they are already part of the authentication lexicon, and solutions such as Apple’s Touch ID have given consumers a glimmer of the future of biometrics, while delivering an outstanding user experience. Such solutions have a central place in the overall security mix, part of a good multifaceted approach, but they are still static data points that can potentially be misused in the wrong hands. While not generally acknowledged by the general public, fingerprints can be spoofed and unlike passwords, fingerprints last a lifetime. The lasting and permanent nature of fingerprint data may actually have more negative impacts than passwords which can at least be changed.
“Loss of fingerprint data is not just a theoretical concern, as several large breaches over the last couple of years have exposed fingerprint data en masse. As stolen data is often traded and consolidated into larger, more accurate consumer profiles that can be used for a number of nefarious purposes from espionage, to identity theft, and financial fraud.
“Selfies and voice biometrics also have contextual issues in that it may not always be appropriate to take a selfie or provide a voice sample to authorise an online transaction. Particularly in a place where such activity may be frowned upon or disruptive (such as a meeting, on public transit, airports, or in a culturally sensitive place). Beyond the social and cultural issues, there are concerns about how a move to physical biometrics may provide a false sense of security to consumers and institutions, given the wealth of physical biometric data that is shed by a person through their day to day life.
“While liveness verification has become a standard in modern physical biometric verification systems, they are not without flaws that allow pre-recorded or captured biometric data to be replayed. Voice samples are recorded with every voicemail you record. Fingerprints are left behind on every object you touch. Your iris and facial data is recorded with every photo you pose for. Recent data breaches have also shown that high fidelity physical biometric data can be stolen in bulk, just like credit card numbers and user credentials – effectively making these physical biometrics more static data that can be stolen and reused to impersonate you in non face-to-face transactions.
“The way forward is to balance the need for a frictionless customer experience and actual security that focuses on the use of non-static signals and indicators of human identity – signals that cannot be stolen, reused or replayed for impersonation.
“Passive biometric solutions identify suspicious activity in a completely passive and non-intrusive way by understanding how a legitimate user truly behaves in contrast to a potential fraudster with legitimate information. So, even if the fraudster has your spoofed fingerprint, and all of your account information, organisations can look at your behavioural events, biometrics, device, geography and other layers to determine if you are the real actor behind the device or fingerprint.
“Users can even be rewarded for good behaviour with a white glove experience, or extra perks and incentives, giving bands and e-commerce companies the unheard of potential to actually improve their brand experience with their security layer.”
