Why you should care
Because (almost) every part of your body is being tested as a way to make payments.
Forget about whipping out your credit card. The next time you have to buy milk, condoms or whatever else you need, some mobile technology and financial companies are hoping you’ll give a quick imprint of your finger, scan of your eye or tap of an armband that links to your heartbeat.
Once used for getting high-level security clearances and criminal record checks done, biometric security features — fingerprints, iris scans and other unique human identifiers — are just starting to make inroads as forms of payment. Already, companies like Apple and Samsung have implemented fingerprint-scanning features into their latest smartphones. Their goal? To replace your need for schlepping around a credit card (in favor of a phone number) and remembering a PIN (which could be done through your fingerprint). Meanwhile, banks in countries such as the United Kingdom and Poland are set to release credit cards, online banking features or even ATMs where customers can approve payments or withdraw cash by scanning their finger and having their vein read as a form of ID. In some cases, companies have recently started rolling out this technology.
Changing a credit card number is one thing. But what do you do with a fingerprint?
Interest in this area has been driven, in part, from what seems to be a never-ending series of warnings about the problems with traditional credit cards and passwords. Over the past year alone, more than 40 million credit card numbers have been stolen from Target and another 56 million from Home Depot. These breaches, combined with those involving millions of stolen passwords, have raised serious concerns at the helm of what financial analysts say is an imminent switch to biometric payments.
But are biometric payments any safer? After all, changing a credit card number or creating a new password is one thing. But how do you do that with someone’s iris or fingerprint? “The problem with fingerprints is that you can never change it, and you don’t know how it will be used in the future, so that limits your willingness to try new things that are driven by that thumbprint once it’s been stolen,” says Blane Warrene, an independent financial services technology analyst. “There’s a lot of Pandora’s Box in this that has to be thought through.”
Companies in this sector say they’re trying to address these kinds of security concerns while also making this new kind of payment technology easy to use. “If biometrics are done right, we can get both,” says Jamie Cowper, the senior director of business development and marketing for Nok Nok Labs, a Silicon Valley-based authentication company that has partnered with Samsung and PayPal. That’s why some industry players are keeping away from creating large, centralized banks of biometric information that would save your data. “If you build a big database of passwords or account numbers, you will get hacked,” says Cowper.
One company is testing a heartbeat-monitoring armband, which when brought toward a payment terminal could authorize a purchase.
Indeed, decentralized data will likely be the name of the game going forward for biometric payment companies. Nymi, for example, has partnered with MasterCard and one of Canada’s largest banks to test its heartbeat-monitoring armband, which when brought toward a payment terminal could authorize a purchase. Known as the Nymi Band, the $79 device is currently only available for preorder and features multiple layers of security that don’t rely on storing the unique electrical activity patterns of someone’s heart. While pointing to the Nymi Band on his wrist — from the boardroom of Nymi’s Toronto headquarters — CEO Karl Martin notes the device is meant for one person and doesn’t actually transmit any biometric information. Instead, it confirms a person’s identity then encrypts the information with a key that can only be read by a payment terminal or another device that it’s communicating with.
Yet some companies see another opportunity here: Why not introduce an alternative form of gadgetry that can still make payments but without the need for biometrics? Deetectee Microsystems, another Canadian venture, aims to have people submit an application form (the length of which has yet to be determined) to confirm their identity, after which they would get a wearable device that would pair with their smartphone or computer. The device can then be identified by payment terminals up to 30 feet away, which would display your photo as a secondary form of ID. The difference here, says Deetectee co-founder Brian Purdy, is that unlike iris scanners and facial recognition software that can identify anyone from a distance, users will be able to pick and choose who and what is allowed to identify them. Then again, you could always just stick to your credit card.