Mobile biometrics are making it into the hands of end users everywhere and in more ways than one. While Touch ID is often credited for bringing biometrics to consumers, a combination of password fatigue, demand for security, and exciting use cases has helped next gen mobile authentication reach a critical mass.
Here are four ways mobile biometrics are making it into the hands, pockets, and accessories of end users all over the world.
Smartphones are going multimodal
Just this week Apple released yet another iPhone with Touch ID. The fingerprint sensor has, in the time between now and September 2013 when the iPhone 5S was launched, become a standard feature on handsets. No longer exclusive to flagship devices from the world’s top manufacturers, fingerprint sensors on either the rear of a smartphone or embedded into the home button are on nearly every newly announced mobile. But fingerprints are only part of the larger trend happening in mobile identity.
According to recent research from Acuity Market Intelligence, more than 200 smartphone models have been introduced since Q3 of 2013. That number isn’t exclusively fingerprint sensor smartphones either. It includes phones that support iris scanning and eye vein authentication. The latest Lumia devices, which run Windows 10, offer iris scanning for access control, which despite reports from users as slower than they’d prefer, remains a popular security function. The Fujitsu Arrows smartphones offered through NTT Docomo, meanwhile, sport Delta ID iris scanning, and their release marked the very first time such a modality was made available on smartphones.
In terms of software, Android has improved its once maligned Face Unlock facial recognition, and some smartphones, like the ZTE Axon series, ship with Eyeprint ID. These situations mark the collision of modalities on the same device, with Android supporting fingerprint scanning too, and the ZTE phones each featuring a fingerprint sensor of their own.
Apps are coming with built-in biometrics
While biometrics are standard features on nearly all new smartphone models, not everyone can be expected to upgrade to the most recent handset as soon as it comes available. Many people use the same phone for years, and when they upgrade, they still have non-biometric legacy options. So, if a service provider or app developer wants to give users biometric authentication regardless of their smartphone model, they have the option to take the software route.
Biometric SDKs are available to developers who want to include software modalities – usually face and voice – into their apps. This is popular with financial services providers as they look to offer more convenient and secure ways for customers to manage their assets on their phones.
Take the USAA app, for instance, which can be downloaded onto a smartphone and configured to offer face biometrics, voice biometrics, or a combination of both, depending on a user’s preference. Leveraging the front facing camera and microphone built into all modern handsets, the app turns non-biometric devices into strong authentication machines. Furthermore, the IdentityX platform that powers the app is future-proof, allowing it to expand to support other modalities—indeed, fingerprint smartphones can also be used for USAA app login.
Building biometrics into apps is key to getting strong authentication used by consumers. When I spoke with Todd Mozer, CEO of Sensory Inc., about his company’s TrulySecure 2.0 offering, he told me about the importance of bringing biometric software straight to the developers in order to achieve this. Sensory had just launched its Starter Partner Program for exactly this purpose. Sometimes all it takes to get biometrics in to the hands of end users it to give developers the tools to replace PIN or password security.
“…if somebody had an application where they use the PIN to access it, the application is already done,” said Mozer. “They just have to take out that PIN interface and put in our interface. And we give them all the sample code to get going with that.”
Exciting new payment methods require biometrics
Giving users a reason to actually enroll their biometrics into their devices and match them on a regular basis plays a major role in demystifying the technology. Fingerprint, face, and iris scanning have a long history in sci-fi and cyberpunk pop culture, lending them a sort of fantastical aura to the layman. But biometrics are also intuitive, easy to use, and unobtrusive. Once you are using a fingerprint sensor every day as part of your routine, biometrics shed their stigma and become a regular part of your life. That’s why mPayments are the current killer app for consumer biometrics.
Apple Pay and Samsung Pay are major applications of consumer fingerprint biometrics, allowing users to pay at retail points of sale with the tap of their phone and a scan of their finger. It is easy to do and highly incentivized, with both companies offering free services and gifts to mobile wallet adopters.
Facial recognition is making it into the mPayment space too, and if selfie-based payments like MasterCard Identity Check or the upcoming biometric version of Android Pay take off as well as their fingerprint-based cousins have, we can expect the face modality to also become commonplace. Visa is even looking to iris biometrics for payments, as we observed in Barcelona at this year’s Mobile World Congress.
Wearables demand biometrics
Wearable tech is a frontier for mobile biometric authentication, with a recent survey conducted by Centrify pointing out that unmanaged smartwatches are presenting a security vulnerability, specifically in the workplace. And while wearables tend to depend on the security of their tethered devices, they also offer the opportunity to bolster a user’s own mobile ecosystem.
Speech recognition and vital sign monitoring seem to be the entry point for biometric security on wearables. Cardiac signal reading sensors are in high demand when it comes to the smart accessories thanks to their fitness, health, and sports applications, but as readers of FindBiometrics will be aware, heart signals are unique enough to use for ID verification. Speech recognition, meanwhile, as the primary mode of interface on smartwatches, is getting users over the awkwardness barrier that has prevented voice recognition from really taking hold in the smartphone arena.
The technology to authenticate by both of these modalities already exists, with the Nymi Band wearable having authenticated payments and physical security via heartbeats, and a great number of instances of voiceprint authentication being used on larger mobile devices. Adopters of wearable tech are already using speech and vital biometrics regularly, so it seems like only a matter of time before those features are used to lock down this mobile vector of vulnerability.
Stay posted to FindBiometrics throughout March as we continue to examine mobile biometrics in our featured articles section. Be sure to follow us on Twitter so you don’t miss a beat.
March 23, 2016 – by Peter B. Counter