Biometrics and payments are increasingly becoming coupled through a variety of devices and initiatives. Biometrics as an authentication tool has been around for some time, but in the advent of Apple’s TouchID, biometrics really started to gain popularity and become a well-known alternative to the password.

 A simple fingerprint on a mobile phone and you can pay for your tall, iced skim Latte (no foam) in a matter of seconds. No fumbling around with a wallet or cards. Just some simple NFC technology and your own, unique fingerprint.

It’s magical. But it’s also facing increased scrutiny as this technology becomes more prevalent within the payments space.

Biometrics – The End-All-Be-All?

On one hand, biometrics can seemingly put an end to annoying hackers that aim to steal sensitive payment data by hacking poorly constructed passwords. It heightens security while also improving customer experience – a silver payments bullet. What’s more, biometrics has become increasingly accepted by the masses as a perceived “safe way to pay,” making it a preferred authentication mechanism for merchants and consumers alike.

It’s ease-of-use is the main draw. Consumers, now suffering from password-fatigue, don’t have to remember anything. By using a fingerprint (or voice sample or iris scan), they simple need to use something that is a part of them. In that sense, the body becomes the password – and one that is ever-present, hard-to-hack, and easy to use.

It’s an attractive option for merchants who need to balance fraud prevention and risk mitigation with customer experience. The benefits cover all three:

  • Secure transactions – Biometrics in payments is an intrinsically secure authentication method. There are no passwords to lose and no two biometrics are alike. The user simply uses what they already have (a fingerprint, iris, vocal pattern, heartbeat) to authenticate payments on-the-fly.
  • Simplified transactions – Online payments have always had a tough wrap. With card-not-present payments, there is inherent risk that the person entering payment information is not who they say they are. Biometrics squashes this. MasterCard was quick to establish this with its Identity Check aka “selfie pay” initiative, where users simply take a selfie to verify their identity to make an online payment. It’s seamless and fun for consumers while ensuring that online checkout is secure.
  • Cost-effective transactions – biometrics technology saves merchants in both time and money. It reduces the time spent managing user passwords and enables businesses to invest more where it matters – in their core business.

Challenges Remain

According to Juniper Research, downloads of biometrics authentication apps will hit 770 million in the next two years. As major brands continue to roll out this technology in popular new products (e.g. facial recognition in the iPhone X), the trend will continue to rise in popularity and use.

There are still challenges within this technology, including user adoption and education. Shoppers are still wary of new payment methods as well as what happens to their data online. Mega retail breaches have raised red flags for many who are slow to adopt new technologies. Biometrics in payments is a particularly sensitive topic as consumers do not necessarily know how their biometrics data will be used.

These concerns are not totally unwarranted. Biometric data is just like any other data – the potential for it to fall into the wrong hands is there. But just as with other data, there are solutions to prevent this. Tools like tokenization can replace the secure data with a token or special string of numbers that is used to make the payments. The biometric data is obfuscated before being transmitted to protect the consumer’s sensitive information.

Despite this positive momentum, biometrics in payments is not perfect – yet. The technology still yields false positives and negatives. It is also typically used with another authentication method as part of a multi-factor authentication (MFA) process. Since it is linked to other factors (e.g. geolocation ID, password, device ID, etc.), some of the technical glitches can be overcome.

All things considered, payments are moving away from the password and closer to biometric authentication. As some of the wrinkles get ironed out and as people become more familiar with the technology, we will continue to see this option rise the ranks as a preferred way to authenticate.