A new study from Juniper Research has found that the increased rollout of contactless payment services using fingerprint scanners will push the number of biometrically authenticated transactions to nearly 5bn by 2019, up from less than 130 million this year.
The research observed that at present, only 2 services – Apple Pay and Samsung – used fingerprint scanners for authentication, with availability currently limited to the US and UK for the former, and the US and South Korea for the latter. However, it argued that with both services expected to be launched in multiple additional markets during 2016, the convenience of the scanner is likely to make it a primary mechanism for transaction authentication.
The new research report – Mobile Identity, Authentication & Tokenisation 2015-2020, argued that incorporation into additional mobile wallets would be spurred by a greater availability of fingerprint scanners in mid-range smartphones. This, together with a growing take-up of contactless infrastructure at POS (Point of Sale), is likely to drive further adoption in the medium term.
However, the research cautioned that the security of biometric data was paramount, citing the case of the HTC One Max, where fingerprint data was mistakenly stored on the device in plaintext and in a world-readable location. While that mistake was rectified, research author Dr Windsor Holden warned that the implications to ensure secure storage could be devastating.‘When a password or PIN is hacked, the consumer can simply get a replacement. When biometric data – fingerprint, iris, facial – is stolen, the consumer’s online identity could be irretrievably compromised.’
Additionally, the research pointed out that the greater prevalence of cybercrime – more than 1 billion online records were exposed by data breaches in 2014 – meant that tokenisation was becoming an increasingly attractive proposition for acquirers and processors. It argued that the tokenisation process – wherein data with no intrinsic value replaces high value cardholder data – would significantly reduce exposure to fraud. Furthermore, with hackers merely obtaining tokens, which are meaningless in isolation, the scale of attacks on sites might also decline