A new research report from Mercator Advisory Group titled Biometrics: A New Wrinkle Changes the Authentication Landscape is a primer on the fundamentals of biometrics for authentication of consumers’ identity. The report explains the need for multimodal biometric authentication and describes many types of biometrics available from various technology providers. The report shows how biometrics technology has shifted from a primarily hardware-based solution to a software-and cloud-based solution enabled by smartphones that have become much more secure. With voice and face recognition, and now the addition of behavioral biometrics, this shift will drive rapid new innovation and will tip the market in favor of the mobile architecture.
“Behavioral dynamics will play an increasingly important factor in establishing trust factors for the authenticating consumers’ identity across every channel and for establishing persistent identity,” said Tim Sloane, Vice President, Payments Innovation, at Mercator Advisory Group and author of report. “With the introduction of new authentication factors, new secure mobile platforms, and software- and cloud-based authentication mechanisms; it will be extremely risky for banks to make an investment decision that includes hardware and requires five-plus years to achieve a positive return on investment.”
Increasingly smartphones are shipping with trusted execution environments that can displace traditional hardware security fobs. These new smartphones are critical to this fundamental shift in biometrics.
Criminal theft of passwords has made passwords obsolete, and so a new factor is required for authentication. Biometrics will be that new factor. It increases security and will prove more convenient for the consumer than passwords as it transitions into a persistent identity over the next 5 to 8 years.
For persistent identity, authentication no longer entails just a single challenge event such as a fingerprint scan but evolves into a passive trust value uniquely associated with an individual, as is being pursued by Google. The trust value will be constantly updated based on multiple factors including location and passive sound (voice and ambiance) as well as facial recognition and a range of behavioral inputs.
With the mobile device formulating this trust factor, it is highly likely that Apple and Google will be critical partners in consumer authentication for the majority of access control scenarios, including call centers and physical access.
This reliance on the smartphone will help establish the FIDO (the Fast Identity Online) Standard as the appropriate architectural approach for managing authentication credentials. Keeping the credentials in the handset eliminates the honeypots that attract criminals, increases consumer trust, and converts the authentication infrastructure into a shared resource that will greatly lower deployment costs currently associated with all authentication solutions.
This research report is 44 pages long and has 8 exhibits.
Companies mentioned in this report include: AimBrain, Allscripts, Amazon, Apple, Arena, AstraZeneca, Balabit, Bank of America, Bank of Tokyo, Bayer, BehavioSec, BioCatch, BrowserSpy.dk, bunq, Chase, ContinUse, CO-OP Financial Services, Desert Schools Federal Credit Union, Diebold, Discover, E8 Security, Early Warning, Eli Lilly, Entrust Datacard, Etsy, Evernym, Exabeam, Facebook, FIDO Alliance, FIS, Fiserv, Fortscale, Fujitsu, GlaxoSmithKline, Google (Alphabet), Gurucul, HID Global, The Hiroshima Bank, HP, IBM, IDScan Biometrics, IEEE, LexisNexis, LG, Merck, National Westminster Bank, Nikon, NuData, Nymi, MasterCard, MicroBilt, Microsoft, Mitek, NetGuardians, PayPal, Plurilock, Qualcomm, SAFE-BioPharma, Samsung, SecureAuth, Securonix, Sovrin Foundation, Sqrrl, Telesign, Temenos, TMG, Twitter, UniCredit, USAA, US Defense Department, Veridium, Visa, VoiceVault, Wells Fargo, Yahoo, and Xiaomi.