Fingerprint, iris, voice, face and even gait recognition – biometrics covers “all computer technology used to identify individuals based on their physical, biological or behavioral characteristics1 ”.
The use of fingerprints as a means of authentication dates from the end of the 19th century and a new direction with the digitization of society in the 1990s. Since the 2000s, numerous identity documents have become biometric, for example passports, and they increasingly contain data relating to civil status, a digital photo and, in some cases, fingerprints.
Biometrics to secure our everyday life
As a result of the roll-out of smartphones around the world and the deployment of increasingly powerful sensors, biometric authentication is now emerging from the Sovereign shadow and becoming part of normal everyday life. One of the promises of biometrics is that it allows everyone to identify and authenticate themselves rapidly and reliably using their unique biological data, in order to replace the daily use of PIN codes, security codes and passwords.
Presented as a link between our physical identity and our digital identity, biometrics is part of society’s increasing digitization, implying a growing need for security, particularly with the development of the Internet of Things and the multiple interactions between humans and connected objects. Using their fingerprints, iris, voice or face, users can already cross borders and will soon be able to access their cars.
From authentication to payment: biometrics replaces PIN codes
Biometrics can also be used to secure payments. The Apple Pay contactless payment system, for example, is built on NFC (Near Field Communication) contactless communication technologies combined with the capture of fingerprints to authenticate consumers. At the opening speech at CeBIT, Jack Ma, Executive Chairman of leading Chinese e-commerce firm Alibaba, demonstrated payment via “selfie”, based on face recognition. Microsoft and Samsung are also introducing iris sensors to unlock a smartphone by simply looking into the camera. Finally, the latest generation card from OT, F-Code, replaces the PIN code with the cardholder’s fingerprint, thanks to a reader incorporated into the thickness of a classic payment card. Biometrics, whose use is currently subject to regulations, could also be used when strong authentication is required, for example when making payments online. The more critical the transaction to be carried out, the greater the need to secure it by authenticating ourselves. Biometrics provides a response to this challenge, while offering increased ease of use.
A challenge: protecting biometric data
Several alternatives are available for storing users’ biometric data, either within a central file, or via a secure element embedded in the user’s smartphone. These embedded Secure Elements are like a personal safe, enhancing the security of the user’s biometric data and considered to be tamper-proof. Storing data in the eSE avoids using a central database, a practice which has become highly controversial in recent times. The biometric data therefore remains under the user’s control at all times, a vital prerequisite to ensure widespread adoption of the solution.
Public roll-out of biometrics
According to a study conducted in 2016, 52% of users in the United States and England prefer an alternative method of authentication to traditional passwords and 20% of users prefer biometric authentication. A recent study carried out in seven European countries, involving 14,0002 respondents, indicated that almost two-thirds of consumers would like to use biometrics when making payments and 50% believe that biometrics will make payments faster and easier. Simplicity and security are undoubtedly the two key factors for ensuring the continued spread of biometric authentication.
1 CNIL – French Data Protection Agency
2 European consumers ready to use biometrics for securing payments https://www.visaeurope.com/newsroom/news/european-consumers-ready-for-biometrics