MasterCard: Biometrics Use Set to Rocket
According to new research from leading payment provider MasterCard, biometric technology is set to become an integral part of all online shopping, as tighter regulations concerning online fraud are introduced. For instance, new EU regulations come into effect next September, which will increase the number of transactions subject to two factor authentication, known as “Strong Customer Authentication” (SCA).
MasterCard has been a board member of The Fast IDentity Online (FIDO) Alliance since 2013. FIDO is a global non-profit trade association developing technical standards and certification programmes for simpler, stronger authentication.
Andrew Shikiar, CMO of The FIDO Alliance, comments: “MasterCard is spot on in its assessment; the use of passwords is woefully outdated as a means of online authentication. The problem has long been overreliance on yesterday’s approach and a reluctance to embrace the ways in which technology has transformed both our habits and the options available to us. It’s encouraging to see that the tide is finally turning, thanks in large part to evolving regulatory requirements in response to escalating levels of online fraud. Far more secure methods of authentication, including biometrics, are now readily available at our fingerprints, which can greatly improve security and privacy for consumers accessing online services, while improving the user experience into the bargain.
“As the range of activities we undertake online using mobile devices continues to rise, the more sensitive transactions – such as payments and money transfers – can be facilitated using device-enabled strong authentication. However, its success hinges on the industry’s ability to offer this at internet scale. Biometric modalities deliver a number of user experience benefits, but not all biometric systems are built on secure, tried-and-true public key cryptography. Biometric authentication relies on matching an input to a held piece of original data, and how that matching process is managed - and in particular how identifying data is stored - raises a host of security and privacy questions. For instance, if data is held in an online central database, a breach of that data could be catastrophic.
“On the contrary, a decentralised approach allows users to authenticate by using a private key on their personal device to sign a cryptographic authentication challenge from the service provider’s server. With this approach, the service provider only stores a public key associated with that user’s account, which cannot be leveraged by a hacker having infiltrated a database. This is one of many reasons why leading service providers like Google, Facebook, Microsoft, Dropbox and many more have deployed FIDO Authentication to protect hundreds of millions of consumers around the world, while reducing the outdated reliance on passwords.”
(Source: The FIDO Alliance)