Smartphones unleash the next biometric revolution
Biometric sensors embedded in smartphones, tablets and wearable devices for identification and authentication purposes are expected to shape the future of mobile security.
While many core biometric technologies have been around for a long time, particularly in finance and government biometric databases, according to security experts, the mobile biometrics market is experiencing strong growth, as the need for identification and authentication grows across the globe.
Broader mobile banking penetration, the increasing rate of fraud, and innovative industry collaborations are among the factors driving this market growth, as more financial institutions, e-commerce platforms and mobile apps embed authentication systems such as fingerprint, facial, speech, iris and signature recognition instead of PIN numbers and passwords.
"Biometrics are a natural fit for the smart mobile devices that we literally hold onto nearly every waking hour," says Maxine Most, principal at Acuity Market Intelligence.
"The explosion in the use of smart devices over the past five years, along with anticipated growth over the next few years, especially in developing economies, will bring biometrics into the daily lives of half the global population. By 2020, 100% of smart mobile devices will include embedded biometric sensors as a standard feature."
Some technology experts predict the traditional PIN number and passwords will be obsolete within the next few years, while others disagree.
According to a Juniper Research report, mobile biometrics will authenticate $2 trillion worth of in-store and remote mobile payment transactions annually by 2023. The fastest growth will come from biometrically-verified remote m-commerce transactions, reaching over 48 billion in volume, making up around 57% of all biometric transactions.
Biometric sensors are embedded in various ways: in smartphones, as biometric apps offered by biometric vendors via Android and iOS stores, or by mobile service providers such as banks, payment processors, retailers and online identity providers.
The Motorola Attrix and iPhone 5S were reportedly among the first devices to debut the fingerprint sensoras a feature in 2010 and 2013, respectively.
Since then, many other next-generation smartphones have incorporated multiple biometric options that users can set for different purposes. These models include Samsung's Galaxy S8 and S9, LG V30, OnePlus 5T, HTC U11, Huawei P10, Moto G5, Xiaomi Mi 6, and Xiaomi Mi MIX 2.
Apple's latest range, the iPhone X, XS and XR, has swapped out the fingerprint sensor in favour of a facial recognition system based on infrared scanning software.
Biometric mobile apps
In a software update last week, WhatsApp added a new biometric authentication feature for iOS.
The new setting, called 'Screen Lock', on version 2.19.20 of the WhatsApp iOS messaging app, allows an additional layer of security by requiring either the user's face biometrics or a fingerprint to unlock the app.
If users have an iPhone X model, they are able to log in using facial ID, or if they have an iPhone with a fingerprint sensor, they can use the fingerprint Touch ID option.
The long list of biometric-enabled apps available on Android and iOS stores includes FbF MemberSAFE (Android), which provides easy-to-use biometric functionality for tracking and managing employees; BioID Facial recognition (iOS), a multifactor user authenticator with face login; and various fitness apps which leverage biometrics to track the user's fitness level.
"Biometric security is now implemented on many new smartphones to bring convenience and ease of use to the user," says Xavier Larduinat head of marketing, banking and payment at Gemalto.
"WhatsApp, like many other mobile apps, simply uses the original equipment manufacturers' application programming interface to use the device's biometric resources and securely store the username and password. This is a very common step taken and many apps are already doing so."
Biometric vendors, phone-makers and developers are entering into mergers and acquisitions to sustain competition in the arena, he adds.
"Handset-makers provide an application programming interface to app developers to securely store the username and password in the device and use biometrics to perform user authentication," notes Larduinat.
"When authenticated via a fingerprint or facial recognition, the app fetches the stored username and password from the device. This can be done either from a security framework such as the 'secure enclave' on iOS devices, a trusted execution environment, a secure element or a Sandbox (software secured partition). This brings convenience to the user and improved security, as no password entry is needed, protecting the user from key-logger malware and eye-dropping types of attacks."
Research firm Gartner predicts that by 2022, 70% of organisations using biometric authentication for workforce access will implement it via smartphone apps, fuelled by lower costs and improved user and customer experience.
While mobile biometric technology is expected to soar in the next few years, experts warn of its many security risks, such as network hacking, rapidly evolving fraud capabilities, familiar fraud (usually caused by a family member or friend), spoofed sensors and sensor inaccuracy.