CNP Expo: Are Biometrics the Authentication Answer?

May 20, 2014

CNP Expo: Are Biometrics the Authentication Answer? Moderator Andi Cook of Transaction Network Services kicked off the Tuesday afternoon educational program at the CNP Expo by defining biometrics as an automated system that can identify an individual through physiological or behavioral analysis.

Each company represented on the panel had experience with a different biometric measure: authenticID, which provides facial recognition software; Spindle, which employs mostly voice recognition in its mobile app; and NuData Security, which analyzes behavioral patterns.

In the past, the cost of adoption was a barrier, but over time, biometric technology has become less expensive and more accessible, the panelists agreed. authenticID’s CEO Blair Cohen used the example of his iPhone 5S with fingerprint verification: “I don’t have to enter my PIN any more, I just touch the button and I can access my phone more easily and securely than I could before.”

Biometrics are hard for scammers to fake, and they can’t be lost or left at home by accident. Biometrics are easy and quick, convenient and, in some cases, invisible to customers. So does this mean biometrics are the authentication answer?

Though they are difficult to spoof, biometrics are not hackproof. A fingerprint can be stolen by creating a mold, or it can be registered at a biometric enrollment center under a false identity. Chris Bailey, CTO of NuData Security, noted that fraudsters are less likely to be able to imitate a customer’s behavior on a Website, or their voice on a phone transaction, particularly since these dynamic biometrics are invisible to the customer. Still, all three panelists agreed that biometrics should be just one more authentication tool in a company’s fraud prevention arsenal. According to Clark, “there should be layers of security, and biometrics is just one part.”

And though extensive consumer enrollment in biometrics programs is probably in the distant future (if it ever happens), Clark pointed out that technology has made great strides, and “we should be able to move beyond the 1983, signature-on-the-back-of-the-card security.”