Security Experts:

Connect with us

Hi, what are you looking for?


Identity & Access

Survey Shows Users Ready for Biometric Payments

Two-thirds of European consumers want to use biometrics to make payments easier and more secure. This is the finding of new research commissioned by Visa Inc and undertaken by Populas during late April and early May 2016.

Two-thirds of European consumers want to use biometrics to make payments easier and more secure. This is the finding of new research commissioned by Visa Inc and undertaken by Populas during late April and early May 2016. More than 14,000 people were questioned in France, Germany, Italy, Poland, Spain, Sweden and the UK.

The figure rises to three-quarters who consider that a biometric used as a second factor combined with a payment device will be secure.

Jonathan Vaux, Executive Director of Innovation Partnerships at Visa Europe commented, “One of the challenges for biometrics is scenarios in which it is the only form of authentication. It could result in a false positive or false negative because, unlike a PIN which is entered either correctly or incorrectly, biometrics are not a binary measurement but are based on the probability of a match. Biometrics work best when linked to other factors, such as the device, geolocation technologies or with an additional authentication method.”

Biometric Payments Using Smartphone

Fingerprints are the favored biometric, with a 53% approval rating. This is followed by a combination of PIN and a biometric at 29%, retina scanning at 23% and facial recognition at 15%. It is noticeable that the preferred biometrics can all be associated with mobile devices such as a smartphone — and this may indeed be behind the specific consumer preferences.

There is little surprise at this growing acceptance of biometrics. Richard Lack, sales director at Gigya, commented, “The news that two in three European consumers want to use biometric technology when making payments comes as no surprise. Consumers tell us that they are struggling to remember what is now an average of over 100 passwords in Europe.”

“The use of biometrics for payments,” Alan Goode, MD of mobile and biometrics consultancy Goode Intelligence told SecurityWeek, “is another indication of how this very personal form of customer authentication is being accepted. The replacement of inconvenient PINs and passcodes for payment authentication and authorization by biometrics is a natural progression to a frictionless payment experience.”

The reality is that passwords alone have been considered insufficient for years. It’s not so much the technology that is weak, but that the process causes friction between the user and the service. This results in users cutting corners for ease and speed; and it is the cut corners that cause the weakness. A new report on card fraud published this week claims that nearly 30% of consumers have experienced card fraud in the past five years, and that 54% of consumers in European countries exhibit at least one ‘risky behavior’.

“There is always a balance between usability and security,” says the report, “and if security becomes too onerous for the users, they find a way around it (such as writing down PINs or passwords). Too high of a barrier actually motivates users to engage in risky behaviors.

More firms are looking for ways to improve customer experience and security at the same time. Passive biometrics and more intelligent monitoring tools are two examples of techniques used to improve security while avoiding negative user impact. As mobile banking and card payments grow in adoption, there are new risks with users securing, or failing to secure, their devices.”

It’s all about removing the friction; and the Visa survey demonstrates that European consumers believe that biometrics is the way to do this. It has to be said, though, that not everybody believes they are choosing the right method. ‘Behavioral biometrics’ had the lowest acceptance rate at just 10%; but behavioral or passive biometrics generate the least friction of all methods. 

“Passive biometric solutions,” explains Robert Capps, VP at NuData Security, “identify suspicious activity in a completely passive and non-intrusive way by understanding how a legitimate user truly behaves in contrast to a potential fraudster with legitimate information. So, even if the fraudster has your spoofed fingerprint, and all of your account information, organizations can look at your behavioral events, biometrics, device, geography and other layers to determine if you are the real actor behind the device or fingerprint.”

While the security industry has advocated a more secure method of authentication than passwords alone, the Visa survey now confirms that users are ready. This does not, however, mean that Visa will automatically move towards a biometric payments solution.

“In the future we will see a mix of solutions dependent on the purchasing situation,” Vaux continued. “By adapting our standards to recognize these technologies as valid forms of authentication now, we can help provide the environment for payments to continue to take place securely, conveniently and discreetly.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...