Getting to the Point of Biometrics
January 1, 2014
6 minute ReadWhile most people pay for coffee by pulling out the wallet, swiping a card and entering a few numbers, that’s not how it’s done in Rapid City, S.D.
At a local coffee shop and on the campus of the South Dakota School of Mines and Technology, a caffeine fix is just a finger swipe away. Biometric payments — using fingerprints, voice or facial recognition technology to verify identity — are still in the earliest phases. But if Alan Maas, president of Nexus Smart Pay, has anything to do with it, cash will be out in Rapid City — and eventually the world.
“We believe this could turn out to be the only way that you pay for stuff,” Maas said. “It offers the most secure form of one-to-one authentication out there.”
Maas and his company are at the forefront of a movement that has seen its stops and start through the years. Some may remember Pay by Touch, a company that came onto the scene in 2007, signed up a slew of participants (including car washes) to allow biometric payments, and then crashed spectacularly.
But biometric payments are making another attempt, pushed by Apple’s inclusion of a fingerprint sensor on the iPhone 5, though currently it only unlocks the phone and allows purchase at Apple and iTunes stores. And the continual hacking of large retailers’ computer systems — where credit card data, personal identification numbers (PINs) and passwords are contained — is driving the need for a more secure way of verifying identity.
“It’s going to be everywhere,” said Matthew Silverstone, CEO of the London-based facial and voice recognition software Facebanx. “Passwords are a 40-year old technology. Every single person’s online password has been hacked. It may not have been exploited yet, but someone has the details.”
Granted, online payments may be what propel biometrics initially. But it could just as easily become the latest version of a debit card or near-field communication (NFC) payment system.
The Rapid City Experiment
While each system works differently — a complicating factor that has slowed the adoption of biometrics to date — the general principle is that some form of disbursement is tied into a biometric identifier. Then, when a person proves their identity biometrically, money is deducted from the banking account to pay for the purchase. In Rapid City, those who wish to participate visit a local bank to set up the identification — though they may use any method of payment, including accounts at other banks.
“It’s one physical face-to-face encounter, and after that, all you need is your finger,” Maas said. In addition to the coffee shop and locations on the college campus, the payment system is currently accepted at a local hookah bar, something akin to a smoking lounge. Last summer, it was accepted as a payment for concessions at the weekly music festival there. That latter use provides another potential benefit: The biometric payment system also could have provided proof of legal drinking age if desired.
While Nexus Smart Pay currently is used in retail settings, a USB device can tie into a computer for online verification. Maas says Nexus is talking to a college about using it to verify attendance in online learning courses.
A Few Steps Ahead
Around the world, biometrics is being used in creative ways. In India, it’s used in government welfare benefits programs, which had been rife with corruption prior to the new verification. In Europe, Silverstone said, facial recognition is used as a biometric passport allowing those who input their faces into a database to breeze through security checkpoints.
The most promising application is in fraud prevention online and in mobile payments, he believes.
“If you ask financial institutions what the biggest problem is with mobile and Internet payments, it is, ‘How do you actually confirm that customers are who they say they are?’” Silverstone said. “The problem that they’re also talking about is a frictionless payment system, so that the customer doesn’t have to do more. I don’t see this type of technology ever coming to the small retailer — the person with a $5 to $10 transaction. But mobile wallet offers a lot of potential. Everyone wants a piece of this golden vein. They all think they’re going to make money.”
While Silverstone says that much of the interest in Facebanx currently is coming from American companies, he points out that the U.S. has been slow to adopt the chip-and-PIN system that is commonly used in Europe. The system combines a computer chip in the credit card which must be used in conjunction with a PIN. It’s a costly proposition for every U.S. credit card to be replaced, which has slowed its adoption here. Add in that it hasn’t really proven effective in reducing fraud, and it likely never will.
The Future For Biometric Payments
There are numerous hurdles for biometrics payment to overcome before wide adoption. There is the high cost of installation, for example, the need for integration with existing point-of-sale systems and a lack of consistent standards.
“The question is how biometrics will work within the online retail space or within the normal retail space,” Silverstone said. “When people pay for gas, how is the fingerprint going to be used? Or will it ever be used? I don’t see face and voice recognition moving into retail because the customer has to enroll, and there’s no great advantage to do so.”
He sees healthcare and financial institutions on the forefront of voice and facial recognition, with adoption growing in 2014. The technology is there. “All the hardware has a camera and a microphone built in, and everyone is using it to do selfies. All you’re doing is taking it one step further to confirm that you are who you say you are.”
While biometric payments may be a bit in the future for small and medium businesses (SMBs), there are some immediate changes that make sense, John Kendall, director, national security program, Unisys APAC, told PC Quest magazine. “While resource management is a key function of any organization, it assumes even greater importance for an SMB given that the bottom line is tied directly to employee attendance and productivity. Additionally, while misuse of data due to data breaches or identity theft can prove to have dire consequences for large enterprises, they can prove absolutely devastating for an SMB.”
For his part, Maas isn’t so quick to bypass biometric payments for smaller retailers. Nexus Smart Pay currently has 50 card readers it is installing throughout Rapid City. Some requesting the service include casinos, bars and members-only clubs. And he has a couple of friends who own car washes who are lobbying for the service as well.
While it’s currently limited to Rapid City, Maas believes that once South Dakota proves how it can be done, biometric payments will take off.
What is Biometrics?
Simply put, biometrics is a system that uses a unique feature to verify identity. This may be fingerprints, voice, iris scans or facial recognition. And while it’s hardly common use in payments, it’s not such a far-off concept. Biometrics already is in use in a variety of ways, including:
• Keyless entry systems for secure facilities, like a car dealer’s vault where vehicle keys are stored.
• Electronic time clocks to ensure that employees actually have shown up for work, and not just had someone else log them in.
• Facial recognition at airports, particularly in Europe.
• Access to electronic health records at healthcare offices, as well as at blood banks to verify donor information.
• Computer log-ins at financial companies.
• Membership access at gyms and swim clubs.
Top Passwords...
Despite the millions of potential passwords, people tend to gravitate toward just a few, making them easier to hack. According to password management company SplashData, the top five passwords of 2013 were:
1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
A payment system in operation on the South Dakota School of Mines and Technology campus.