A new study from Juniper Research has found that the increased rollout of contactless payment services using fingerprint scanners will push the number of biometrically authenticated transactions to nearly 5-billion by 2019, up from less than 130-million this year.
The research observed that at present, only two services – Apple Pay and Samsung – used fingerprint scanners for authentication, with availability currently limited to the US and UK for the former, and the US and South Korea for the latter.
However, it argued that with both services expected to be launched in multiple additional markets during 2016, the convenience of the scanner is likely to make it a primary mechanism for transaction authentication.
The new research report – Mobile Identity, Authentication & Tokenisation 2015-2020, argued that incorporation into additional mobile wallets would be spurred by a greater availability of fingerprint scanners in mid-range smartphones.
This, together with a growing take-up of contactless infrastructure at POS (point of sale), is likely to drive further adoption in the medium term.
Exposing biometric data ‘riretrievably compromises’ online identity
However, the research cautioned that the security of biometric data was paramount, citing the case of the HTC One Max, where fingerprint data was mistakenly stored on the device in plaintext and in a world-readable location. While that mistake was rectified, research author Dr Windsor Holden warned that the implications to ensure secure storage could be devastating.‘
“When a password or PIN is hacked, the consumer can simply get a replacement. When biometric data – fingerprint, iris, facial – is stolen, the consumer’s online identity could be irretrievably compromised,” he says.
Additionally, the research pointed out that the greater prevalence of cybercrime – more than 1 billion online records were exposed by data breaches in 2014 – meant that tokenisation was becoming an increasingly attractive proposition for acquirers and processors. It argued that the tokenisation process – wherein data with no intrinsic value replaces high value cardholder data – would significantly reduce exposure to fraud.
Furthermore, with hackers merely obtaining tokens which are meaningless in isolation, the scale of attacks on sites might also decline.
JP Morgan takes up the challenge
In other news, JP Morgan announced it had launched Chase Pay, which it described as a better payments experience for in-store, in-app and online purchases.
“Chase Pay solves a number of pain points for consumers and merchants. It will improve the customer experience and drive down the cost of payments,” said Gordon Smith, CEO of Consumer & Community Banking at JPMorgan Chase & Co. Smith made the announcement about Chase Pay at the Money 20/20 conference in Las Vegas.