Biometrics have arrived, and not a moment too soon.
The so-called Heartbleed vulnerability has just about everyone worried about the fidelity of passwords, which are hard to remember and not secure anyway. Fingerprint scanners and other forms of biometric authentication are both easier and far safer and have long been held up as potential saviors for the “password problem.”
PayPal explained the authentication process in detail in a blogpost this past Friday.
PayPal has emerged as the leader in the field since the unveiling at the Mobile World Congress in February of its fingerprint authentication that works with various Samsung devices, as shown in the video below. PayPal, with 143 million active accounts, could lead the way to consumer acceptance of the technology, which in turn could lead to mobile payments at the point-of-sale finally becoming a reality for mainstream consumers.
Some banks are on board as well — but not in the U.S. Westpac New Zealand, which was early out of the gate with a snartwatch app, has also enabled login to mobile banking using fingerprints on biometric-capable Samsung devices.
A database of fingerprints would be a goldmine for hacker’s but the PayPal/Samsung method, similar to that used by Apple, keeps the information locked in the device hardware. An encrypted key is sent to PayPal’s servers for verification of identity. In other words, there is apparently no database of fingerprints for a hacker to steal, but rather just encrypted components that cannot be usefully exploited by fraudsters.
Passwords and voice keys can be changed, but fingerprints are a trickier matter — once they’re compromised, they cannot be safely used as an authentication method. The U.S. government has large records of fingerprints collected from both citizens and visitors to the country, but says little about how they are stored or what measure are taken keep them secure.
As biometrics become increasingly common on mobile devices, using them as authentication for rotine transactions should soon appear less exotic.