Are Biometrics More Secure Than Passwords?

Customers are becoming increasingly accepting and trusting of biometrics, thanks to Apple’s fingerprint recognition system. It’s easy to see why.

Instead of remembering complex passwords, all customers have to do is use a thumbprint, their face or even their voice to open accounts and process transactions.

Not only are biometrics more convenient, but many perceive them to be a safer way to access accounts. In fact, in a recent Visa survey, 48% of respondents believe biometrics are more secure than traditional passwords and PINs. But whether biometrics truly do protect consumers and their sensitive data may still be a point of contention.

Evidence That Biometrics Increase Online Security

One of the reasons biometric identifiers hold such promise is that they’re unique to individuals. Compared with token-based systems (like driver’s licenses) or knowledge-based identifiers (like passwords), biometric identifiers can more securely and confidently confirm identity.

What’s more, a customer’s unique features aren’t limited to just the physical ones, like eyes, ears and fingerprints. Some companies are also successfully confirming a user’s identity based on behavioral biometrics, like the pressure customers use when typing, the way they hold their smartphones, their speech patterns, or even the way they swipe a mobile device. Each of these behaviors is just as individual as a person’s physical features.

Think about when a customer signs their name. It’s automatic — they don’t even think about what they’re writing. Typing a user name and password isn’t much different. A biometric fraud prevention solution will notice a change in cadence in how the name is typed or when there’s more backspacing and retyping than usual. Either could be an indicator that a fraudster is trying to access the account.

Here are three other reasons why biometrics can offer greater security for online transactions.

Secure Storage

Sometimes, it all comes down to where companies store the biometric data. When it comes to a user’s fingerprint, for example, Apple stores it locally on the device’s chip — not in the cloud. This makes it nearly impossible for fraudsters to remotely hack the fingerprint information.

Difficult to Replicate

When it comes to biometric voiceprints, for example, they’re really sets of mathematical algorithms — not the customer’s actual voice. So even if a fraudster does hack a system and obtain a voiceprint, the algorithm is virtually useless to a fraudster. The fraudster might try to replicate a voice, but most biometric technologies also have fraud detection systems in place that can identify recorded and synthesized voices.

And while fraudsters might try to use a high-resolution photograph to fool facial-recognition software, the software is one step ahead, requiring the customer to perform a movement — like blinking — to prove they are who they claim to be and not a printed facsimile.

Limited Risk of Exposure

If a customer’s Apple Touch technology were to be hacked, what does that mean for the customer’s use of their thumbprint as a biometric identifier? Tom DeWinter, manager of business development for Iris ID Systems Inc., says that if a user’s fingerprint data at Apple is hacked, it might be compromised only for Apple products — not for all biometrics using thumbprints.

Biometrics Still Carry Real Risks

But biometrics are still not foolproof. When it comes to facial recognition, for example, many variables — including camera angle, lighting, and facial expression — can affect the accuracy and security of biometrics. So while consumers may feel comfortable using facial recognition to unlock smartphones, they might not be comfortable using it to access confidential financial or medical records. Here’s why biometric usage may still be considered a risky proposition.

Biometrics Can Be Compromised

It’s hard to fake someone’s ear or eye — because it’s so uniquely identifiable to that person. But what happens if that biometric is compromised? Its security can never be reclaimed. After all, you just can’t swap out an ear or a retina.

Data Can Still Be Hacked

In 2015, a hacking incident at the U.S. Office of Personnel Management resulted in 5.6 million Americans’ fingerprints being stolen. While individuals who have their password-protected accounts hacked can usually just change their login information to secure their accounts, changing fingerprints on a biometric-secured account isn’t an option.

Biometric technology has the potential to not only simplify the customer experience, but also prevent customers’ sensitive financial information from being compromised by fraudsters. By helping authenticate the true account owner with physical and behavioral biometrics, e-commerce businesses can prevent their businesses and their customers from becoming a target and a victim of scammers.

It’s important for e-commerce merchants to understand the latest technology trends — like chat bots, voice searches and biometrics — that are changing the online shopping experience. Stay ahead of the curve by downloading our latest white paper, “The e-Commerce Technology Trends That Will Shape 2019”. We explain the trends you need to be implementing to meet your customers’ increasing demands for convenience and personalisation.

New call-to-action