In a world of new and constantly evolving threats, there’s a distinct need for innovations in security, particularly authentication, to counteract cyber criminals wherever they lie. In many ways, there’s an arms race going on between those wishing to protect information and those hoping to exploit it. One of the key arenas of battle between these two parties is mobile. And it’s a battleground where the stakes have never been higher as we approach 5 billion unique subscribers worldwide. Of those, approximately 2 billion are smartphone users, accessing valuable and personal information every day.
One of the relatively recent innovations developed to protect end users has been the introduction of biometric authentication (despite biometry not being a particularly new concept). Indeed fingerprint recognition has become the go-to way to unlock smartphones since it debuted with the launch of the iPhone 5s in 2013 – global shipments of smartphones with fingerprint sensors are now expected to reach 1,082,000,000 units by 2018.
We’re also now seeing innovations focusing on other areas of the body such as facial recognition, iris scanning and voice recognition. Facial recognition in particular is tipped to make further growth next year. We’ve also seen a move from Sci-Fi into reality – many of us will remember when iris scanning was made famous by Tom Cruise in Minority Report, back in 2002.
When first mooted, some methods of biometric authentication were met with some distrust by consumers and privacy groups. Some asked: “what if a fingerprint is stolen due to the lack of adequate protection?” You can change your password, but you can’t change your fingerprint…
Many also asked whether it was necessary and ultimately more secure than previous methods. But as is the case with other new forms of technology, perceptions have changed and fears allayed over time, in fact, over half of 1,300 consumers we surveyed from around the world recently believe a fingerprint reader on their smartphone would significantly protect their mobile apps. We discovered this through the global survey we commissioned looking into consumer perspectives towards mobile app security.
Consumer sentiment regarding biometric authentication has proved particularly interesting. People are largely ready to embrace biometrics, and ready for a wide range of other areas such as mobile passports and digital national ID cards. They are even open to gaining access to their house or apartment through their mobiles. This raises the following question: will digital identity be used for all kind of authentications in the future? Public and private? Time will tell.
But all of this comes with one condition: 100% protection. Confidence in the security of their mobile devices is crucial for consumers. As you can see below, approximately 7 in 10 consumers would be ready for digital ID documents on their phone if security was guaranteed. This is a huge opportunity for the mobile industry – all we need to do is ensure consumer protection.
When consumers realize how the overall security infrastructure is in place for mobile, and how biometric authentication is secure, we’ll see a far wider adoption than we have today.
We can call this ‘the psychology of security’ – consumers want a reassurance that their private data stored in devices are safe. Sometimes, this means just seeing a symbol or shield on their screens to let them know security software is in use, protecting their data. This was another key finding from our report – over 80% of respondents said they’d feel more confident if their security app is visually displayed on their mobile phone screen.
But it’s not just about making the security at work visible. We need to ensure adaptable solutions are prioritized. We’ve already explained how threats are evolving – our solutions must be able to react and adapt at the same time. This could mean we see transactions on mobile increase (see page 12 of the report for details).
However, we must also remember not to forget the other side of this equation. A commitment to consumer convenience is still crucial. We must protect them, but not inconvenience them at the same time. Sometimes this can be difficult – but it is possible. And this is where biometrics can play its strongest hand. Fingerprint recognition, iris scanning, vein and/or facial recognition can all be completed very quickly and there is no need to remember any passwords. Biometric authentication, as long it remains an agile technology, one which can accommodate ranges of biometric tolerance, accuracy and retains a quick response time, could be the key to increasing overall user convenience and driving trust and adoption of new services. As we’ve said in our report:
“A good example of this can be seen in the announcement of MasterCard Selfie Pay or the iris scanning capability of some Samsung phones. Providers should continue to explore how they incorporate these features that are resonating with consumers. Providers can then use the subsequent user uptake as a positive proof point.”
It’s clear that because of the unique link to an individual, biometric data is particularly sensitive when compared to a password. However, when secure on-device secure storage is achieved (protecting the biometric data), we can see the truly great potential. Providing users feel secure (i.e. the psychology of security) and that biometric authentication remains quick and effective, it’s more than likely biometric authentication will become the dominant way for users to authenticate, with passwords becoming a fallback method.
For more information on end user expectations in this area, see the full report on consumer perspectives of mobile security, here.
(The Didier Benkoel-Adechy who works in Segment Marketing for Mobile at Gemalto. This article was first published on the Gemalto blog).