Digital Identity and Biometrics: A Powerful Combination
Posted April 20, 2018
The combination of digital identity and biometrics could help payments and financial services brands meet the strong customer authentication requirements under the EU’s new Revised Payment Services Directive (PSD2) while delivering a whole new level of convenience.
At least, that’s one recommended strategy coming out of the Mobile World Congress, which took place in Barcelona last month. Here’s why it may be a good idea.
Into the ‘Bio’sphere
Using biometric technology in conjunction with digital identity is a strategy we have discussed often, including in the Definitive Guide to Digital Identity. So it’s encouraging to hear others echoing these ideas and recognizing the inherent value of this combination.
The ease and convenience of using biometrics to do things like unlock a mobile device or access an app seems to have caught on with today’s digital consumer, and device manufacturers have clearly taken notice. Just about every mobile device available today comes with a fingerprint scanner, facial recognition system or some other biometric technology.
By all accounts, biometrics have proven adept at recognizing users. But, biometrics are not fool-proof. And failures can lead to fraud, friction and frustrated users – a troublesome notion considering that even 10 seconds of user friction can send digital consumers moving on to competitors. For organizations in the financial industry, that translates to at least a 4-percent loss in sales and overall transaction volume.
When biometric recognition fails, the typical fallback is to revert back to a static password or passcode as a prerequisite for login. The problem: Thanks to corporate data breaches, fraudsters can often acquire these credentials on the dark web. There’s also little in the way of a fraudster armed with account credentials from associating a compromised account with their own biometric.
Two for the Road
But, what might be more worrisome for businesses looking to securely grow their mobile channels is the increasing threat of account takeover attacks. According to the latest ThreatMetrix Cybercrime Report, account takeover attacks in the fourth quarter of 2017 increased 182 percent compared to the previous year.
Of course, biometrics were never designed to identify compromised devices (e.g., rooted device) or applications (e.g., malware and Trojans), or to detect when the user’s authenticated session has become vulnerable to hacking and snooping. Biometrics also can’t recognize spyware or stop a man-in-the-middle attack.
Perhaps that’s why recommendations emanating from the Mobile World Congress suggest digital identity could be an important complement to biometrics – as detecting these and other threats is a vital, and often overlooked, element of digital identity.
Digital identity detects apps that have been compromised as well as devices that are vulnerable. Layering digital identity on top of biometrics enables dynamic risk-based authentication and more.
Strength in Numbers
Biometrics are not perfect. But, combining biometrics with digital identity brings this popular technology closer to what it was intended to be – an effective part of a sophisticated method of authentication that helps drive profitable growth and deliver an elegant digital experience.
With capabilities such as Strong ID for web and mobile, digital identity binds a specific device to a user identity, so that the device can be used as an authenticator for enabling a safer and more convenient digital experience—while at the same time complying with provisions such as strong customer authentication for PSD2.
Now that sounds like the makings of a successful partnership.
To learn more about how biometrics work with digital identity, check out The Definitive Guide to Digital Identity, an online resource designed to further the understanding of how digital identity can help businesses thrive in the digital age.