Biometrics heralds e-shopping shift

Bonnie Tubbs
By Bonnie Tubbs, ITWeb telecoms editor.
Johannesburg, 08 May 2014
In future, biometrics will become a pass to the workplace, mobile commerce or real-world shopping and events.
In future, biometrics will become a pass to the workplace, mobile commerce or real-world shopping and events.

The growing presence of biometrics in consumer electronics foreshadows the future of e-commerce, which will ultimately see biometrics being a standard augmentation of SA's online retail platforms.

This is according to Simon Leps, CEO of e-commerce development house Fontera Digital Works, and is an outlook that comes in the wake of smartphone giants Apple and Samsung's inclusion of fingerprint scanners in their latest flagship phones.

Leps says while many users believe the biometric fingerprint authentication technology found its way on to the devices for device security reasons, it will ultimately be used for e-commerce purposes - and soon.

Users will use their fingerprint to make online mobile payments, purchase merchandise offline, and sign in to online banking without the use of codes or credit card details, says Leps. "The touch of a finger can now be used to replace the multiple alphabetical, numerical and symbol logins and passwords and credit card details needed to make online purchases, streamlining and enhancing the online point of sale process significantly."

How it works

Biometric fingerprint authentication technology consists of biometric sensors, processors, algorithms and modules that can be used separately or combined. "The process starts by scanning a fingerprint either on a compatible mobile phone touch-screen device, or via USB fingerprint scanner," explains Leps.

When it comes to scanning a fingerprint to verify making a purchase, the verification is determined by the patterns of the fingerprint and whether they match the patterns in the pre-scanned image. Leps notes that only the specific characteristics that are unique to every fingerprint are saved as an encrypted biometric key or mathematical representation.

Images of fingerprints are never saved, says Leps. Rather, the image and certain points are encrypted and then become only a series of numbers, which is used for verification when purchasing. "The algorithm cannot be reconverted to an image and, therefore, cannot be stolen and duplicated, nor can be reverse-engineered to reconstruct personal information."

He notes that passwords and PINs have long been the method of accessing devices, bank accounts and online services, and in many cases passwords have been hacked or even guessed. "Sure, consumers using smartphones to make online purchases will be more confident about using the latest e-commerce technologies. However, biometric fingerprint authentication technology is more about making the online payment process easier and effortless for the user in order to boost e-commerce growth and sales."

In store

Kenny Matima, security consultant at Wolfpack Information Risk, says the future of e-commerce is "certainly headed" in the direction of fingerprint biometrics as a verification technology for making purchases.

ITWeb Security Summit 2014

The tailored tracks at the ITWeb Security Summit 2014 cover a wide range of topics, empowering information security professionals to select sessions of particular relevance to their roles within the enterprise. ITWeb Security Summit 2014 takes place from 27 to 29 May at the Sandton Convention Centre. Book your spot now.

However, from a security perspective, Matima says only if biometrics is used as an additional form of authentication and not as the sole authentication mechanism, is the technology a sound means of verification. He cites the recent bypassing of both the iPhone 5S and Galaxy S5's fingerprint scanners with "dummy fingers" as an indication that the technology, as a standalone feature, is not yet secure enough.

"Furthermore, if a database containing passwords is stolen, users can be advised to change their passwords. However, a user cannot change their fingerprints if a database containing biometric data is stolen. It would not take long for cyber criminals to come up with interesting ways to use biometric data. Researchers have already reverse-engineered iris codes to create iris images to trick commercial iris recognition systems."

As far as usability is concerned, says Matima, the use of biometric technologies for authentication makes sense in light of consumers' penchant for convenience. "It is certainly more appealing to have access to all those e-commerce services by simply placing your finger on a fingerprint scanner (USB fingerprint scanner or on mobile phones) than inputting PINs and passwords."