Decentralized biometric authentication reshapes mobile payments

Once trust is lost, it’s extremely hard to get it back.

facial recognition - biometric security identification
Thinkstock

In the continual digital transformation of retail and ecommerce, mobile payments are now at the forefront, moving away from any association with a physical card. The questions that follow require much more of a personal awareness about the very nature of transactions. 

If we don't have a physical card to give us the illusion of control, what can we use to ensure transactions? The answer? Ourselves. 

Biometrics uniquely tie a person and a transaction to the individual, and give us an added layer of security knowing they can't be copied. After all, you can get a new credit card, but you can't change your fingerprint. Modern implementations of voice, face, touch, eye, and palm scans ensure someone is exactly who they say they are as biometrics are completely unique to the user. 

In the old days, we used to be worried our biometric data might be used against us, like the plot of a bad sci-fi film. However, any scenario like this is the total opposite of what enterprise leads want. It's in their best interest to secure everyone involved: from consumers and employees, to the emerging integration of the IoT into our daily lives. The risk of an enterprise losing control of consumers’ personal biometric data is taken quite seriously. It erodes consumer trust at all levels, and always initiates cascading repercussions on the business side.

The key question turns to how to secure our personal data so it won't get caught up in a mass credentials breach. The answer? Decentralized authentication. 

Instead of storing personal credentials on a server, leaving them venerable to a breach, a decentralized model is significantly more trustworthy in that users' personal credentials always remain safe on their device. Understanding the need to secure trust, enterprises are making the shift.

Decentralized authentication makes all the difference. With user data always safe on their device, it is never stored in a centralized database or transmitted over the Internet. Just like your fingerprint can't be copied, the enterprise never has to secure something they never were responsible for securing in the first place. When user-specific biometric templates remain safe on a user’s device, all that is transmitted over the internet is a secure token authorizing the payment or action. This marriage of public-key cryptography and biometrics offers the best in security and usability, and transforms the technology atmosphere from the divergent interests of both. The result is a trustworthy environment — and all parties to the service or transaction win. Additionally, decentralized biometric authentication is faster. Logging into your favorite shopping app was never faster. 

The biometric landscape is quickly evolving. New algorithms, and the hardware that makes it all possible, are coming to market at a rapid pace. With such advances comes the ability to combine biometrics to add new levels of assurance. For example, the whites of your eyes might be compared against the way you execute keystrokes, or even combined with the way you walk. These capabilities are already integrated into billions of consumer-facing devices, including smartphones and even across the IoT. Multiply that by the biometric vendors whose algorithms are being integrated into cameras and microphones, and you can quickly grasp the how seriously the call to secure personal data truly is.

Enterprises that insist on investing resources to keep pace with hackers against the old model of central storage are trapped in a race to the bottom. They work tirelessly to thicken firewalls for example, when in fact mishandling and phishing of credentials are main causes of wholesale breaches. Relieving enterprises of the need to be concerned about the privacy of their users frees them up to build a better relationship with customers by focusing on a better user experience and additional services. What’s really at stake is maintaining trust with customers. They shouldn’t have to trade one for the other.

The recent Uber data breach incident demonstrates how damaging security incidents — and how they are handled — can be to large enterprises that handle a tremendous volume of account and payment data. Just like a broken user experience will drive customers toward an easier solution, data breaches cause acute, long-term financial consequences. Once that trust is lost, it’s extremely hard to get it back.

This article is published as part of the IDG Contributor Network. Want to Join?

SUBSCRIBE! Get the best of CSO delivered to your email inbox.