Biometrics heralds e-shopping shift
The growing presence of biometrics in consumer electronics foreshadows the future of e-commerce, which will ultimately see biometrics being a standard augmentation of SA's online retail platforms.
This is according to Simon Leps, CEO of e-commerce development house Fontera Digital Works, and is an outlook that comes in the wake of smartphone giants Apple and Samsung's inclusion of fingerprint scanners in their latest flagship phones.
Leps says while many users believe the biometric fingerprint authentication technology found its way on to the devices for device security reasons, it will ultimately be used for e-commerce purposes - and soon.
Users will use their fingerprint to make online mobile payments, purchase merchandise offline, and sign in to online banking without the use of codes or credit card details, says Leps. "The touch of a finger can now be used to replace the multiple alphabetical, numerical and symbol logins and passwords and credit card details needed to make online purchases, streamlining and enhancing the online point of sale process significantly."
How it works
Biometric fingerprint authentication technology consists of biometric sensors, processors, algorithms and modules that can be used separately or combined. "The process starts by scanning a fingerprint either on a compatible mobile phone touch-screen device, or via USB fingerprint scanner," explains Leps.
When it comes to scanning a fingerprint to verify making a purchase, the verification is determined by the patterns of the fingerprint and whether they match the patterns in the pre-scanned image. Leps notes that only the specific characteristics that are unique to every fingerprint are saved as an encrypted biometric key or mathematical representation.
Images of fingerprints are never saved, says Leps. Rather, the image and certain points are encrypted and then become only a series of numbers, which is used for verification when purchasing. "The algorithm cannot be reconverted to an image and, therefore, cannot be stolen and duplicated, nor can be reverse-engineered to reconstruct personal information."
He notes that passwords and PINs have long been the method of accessing devices, bank accounts and online services, and in many cases passwords have been hacked or even guessed. "Sure, consumers using smartphones to make online purchases will be more confident about using the latest e-commerce technologies. However, biometric fingerprint authentication technology is more about making the online payment process easier and effortless for the user in order to boost e-commerce growth and sales."
Kenny Matima, security consultant at Wolfpack Information Risk, says the future of e-commerce is "certainly headed" in the direction of fingerprint biometrics as a verification technology for making purchases.
However, from a security perspective, Matima says only if biometrics is used as an additional form of authentication and not as the sole authentication mechanism, is the technology a sound means of verification. He cites the recent bypassing of both the iPhone 5S and Galaxy S5's fingerprint scanners with "dummy fingers" as an indication that the technology, as a standalone feature, is not yet secure enough.
"Furthermore, if a database containing passwords is stolen, users can be advised to change their passwords. However, a user cannot change their fingerprints if a database containing biometric data is stolen. It would not take long for cyber criminals to come up with interesting ways to use biometric data. Researchers have already reverse-engineered iris codes to create iris images to trick commercial iris recognition systems."
As far as usability is concerned, says Matima, the use of biometric technologies for authentication makes sense in light of consumers' penchant for convenience. "It is certainly more appealing to have access to all those e-commerce services by simply placing your finger on a fingerprint scanner (USB fingerprint scanner or on mobile phones) than inputting PINs and passwords."