We may all be using them to unlock our smartphones and track our fitness, but when it comes to using biometrics to create secure, seamless customer payment experiences, we have long way to go. And although we won’t get there anytime soon, at least we’re headed in the right direction.
As a trio of executives told PYMNTS in an interview, using thumbprints and selfies to identify ourselves online involves too much friction right now — at least if the companies employing these methods for verification are doing so piecemeal. But put them together in the right way with a host of supporting technologies, and you can create an optimal, multilayered line of defense against fraudsters and phishing scams — and lengthen customer life cycles in the process.
The conversation came in advance of an upcoming report, done in collaboration between PYMNTS and Mitek, focused on how identity fits into the connected economy. Panelists included Betterment Vice President of Investing and Behavioral Finance Dan Egan; Stash Senior Director of Product Dan Mendes; and Mitek Vice President and Global Head of Product Sanjay Gupta.
Identity verification is integral to the secure use of digital platforms, many of which have become staples of consumers’ lives in recent years. For the merchants serving them, selecting from the broad array of solutions on offer — from traditional usernames and passwords and to biometrics like face and fingerprint scans — can be bewildering.
To get a sense of the scale of the challenge — and the inherent vulnerabilities — consider social media. Twenty-two percent of all consumers say they have increased their social media account use over the last 12 months. And, unsurprisingly, social media platforms are the most widely used digital accounts, as 44% of consumers use them. Next most popular are credit and debit card accounts (43%) and online retail store accounts (43%).
As to the vulnerabilities, 11% of all consumers have experienced fraud within the last 12 months with their credit or debit card digital accounts.
Some Vulnerabilities
Despite the “gee whiz” factor of fingerprint-based biometrics, the option is not ubiquitous. Roughly 80% of Android and iOS users are enrolled in biometric features tied to their devices — but that leaves 20% who aren’t going to use the biometric functions on offer.
Egan said there are a number of factors at play for users’ decisions not to use biometric verification — the most prevalent of which might be termed the “error” rate of its various forms.
Just a few years ago, for example, Apple debuted its Face ID feature — soon stymied, at least a bit, by the fact that over the past 18 months, we’ve all been wearing masks. You may recall, too, that six years ago, millions of fingerprints were stolen in a widespread hack of government databases.
As Egan said, “while I think that biometrics are incredibly convenient — and usually effortless for the consumer — there’s never going to be a 100% deployment, you know, like use case for everybody. It’s never going to be the only option.”
Mitek’s Gupta noted that fingerprints-as-identifiers have also faced additional headwinds.
“You can’t tell if the person is ‘live’ at the time that fingerprints are being scanned,” he said.
And in the drive for merchants and providers to offer seamless, omnichannel experiences for users, it’s been tougher to ensure that fingerprints “follow” their owners. Sensors differ greatly from device to device, and there’s no central way to store every fingerprint signature for every device.
An ideal biometric or unique identifier, said Mendes, will travel with their owners well beyond any digital “front door” across all manner of use cases.
At a high level, said Egan, there should ideally be “a new kind of key” to pass back and forth — although we’re a long way away from having that option. Until then, roughly 50% of Betterment’s login traffic coming through web channels have used fingerprints or biometric authentication in general. Other traffic, especially the movement of money, might leverage SMS or other tools. Yet 5% of the company’s client base declines to use a multifactor authentication option at all — probably because they find the processes too frustrating.
Multiple Biometrics
To gain universal acceptance, a successful approach to biometric verification will probably have to take several identifiers into account, the panelists said. Think combining fingerprints with heart rate/pulse monitors.
“If you have those two things together, then you have a much higher confidence,” that someone is who they say they are, said Egan. Gupta said that Mitek is exploring technology that will enable simultaneous verification via voice and photos — speech and selfies at the same time — as an upgraded test of “liveness.”
“We’re just trying to build a better mousetrap as the fraudsters are always out there,” he said.
No matter the biometrics used it is imperative that the verification processes be invisible to the end consumer, the panelists said.
As Gupta said, “The more consumers realize that they don’t have to do something ‘extra,’ and you move your head up and down, side to side or blink or smile — but do it in a way where it’s natural to them — then what you’re going to see is that much more trust of these types of devices and of the engagement that you have with the service that you’re offering.”
The greater the level of trust, the greater the level of customer loyalty.
Mendes pointed to the desire for customers to have more security rather than less, and that they might be willing to trade off a small amount of friction, initially, to get there. He offered an illustration: Consumers a few years ago would have been wary of two-factor authentication, worried about the intrusiveness of verification via text. But Stash, said Mendes, “turned on” two-factor authentication for all of its customers a few years ago — to resounding success.
In an ideal world, said Betterment’s Egan, biometrics could even help consumers make better decisions. An elevated heart rate, for example, might belie some hesitation about making a stock trade. A slight pause in the mix — spurred, well, by you not acting like you — may buy you valuable time to pause and reflect.
What Comes Next
Looking ahead, the panelists said, biometrics will become more ubiquitous, principally because, as Egan said, “they’re so convenient. We’re also going to get smarter about having multifactor” means of authentication that bring together disparate elements that “prove” someone’s identity.
In the next five years, said Mendes, “we’ll find the right mesh of tools to really gain confidence from the business perspective that you are who you are — while crafting delightful experiences for customers so that they feel they’re getting value out of these tools.”