Emerging Technologies

Order Form

    This individual Report Biometrics: A New Wrinkle Changes the Authentication Landscape is available for purchase. This Report is available to members of Mercator Advisory Group’s Emerging Technologies Advisory Service. Please be advised that this Report is normally part of a research and advisory service that provides ongoing support throughout the year. As such, this Report contains significant depth of content that is selected for its strategic importance to our members. (For a description of these services, see our Advisory Services section).

    While the Report represents significant analyst time invested, there is no means of our ascertaining if it will fully meet your specific intended purposes. Typically, these Reports form the basis for future discussions with our clients where we are able to fine-tune additional information that we have gathered in the construction of the series of Reports (or locate new information rapidly due to our exclusive focus on gathering information in the payments industry) for specific member needs.

    Unfortunately, in fairness to our paying members, we are not able to offer this level of support for a single Report purchase. We will, however, credit any Research Document purchase against the future purchase price of the service should you become a member within 30 days of purchasing the document.

    The price for individual Report purchases is $2950 per document. 

     

    Use the form below to request this individual Report purchase or

    Click here for a fax-back order form

     

     

     

Biometrics: A New Wrinkle Changes the Authentication Landscape

January 13, 2017
Tim Sloane
Aaron McPherson

New biometrics technology is reshaping the authentication market
A new research report from Mercator Advisory Group titled Biometrics: A New Wrinkle Changes the Authentication Landscape is a primer on the fundamentals of biometrics for authentication of consumers’ identity. The report explains the need for multimodal biometric authentication and describes many types of biometrics available from various technology providers. The report shows how biometrics technology has shifted from a primarily hardware-based solution to a software-and cloud-based solution enabled by smartphones that have become much more secure. With voice and face recognition, and now the addition of behavioral biometrics, this shift will drive rapid new innovation and will tip the market in favor of the mobile architecture.

“Behavioral dynamics will play an increasingly important factor in establishing trust factors for the authenticating consumers’ identity across every channel and for establishing persistent identity,” said Tim Sloane, Vice President, Payments Innovation, at Mercator Advisory Group and author of report. “With the introduction of new authentication factors, new secure mobile platforms, and software- and cloud-based authentication mechanisms; it will be extremely risky for banks to make an investment decision that includes hardware and requires five-plus years to achieve a positive return on investment.”

Increasingly smartphones are shipping with trusted execution environments that can displace traditional hardware security fobs. These new smartphones are critical to this fundamental shift in biometrics.

Criminal theft of passwords has made passwords obsolete, and so a new factor is required for authentication. Biometrics will be that new factor. It increases security and will prove more convenient for the consumer than passwords as it transitions into a persistent identity over the next 5 to 8 years.

For persistent identity, authentication no longer entails just a single challenge event such as a fingerprint scan but evolves into a passive trust value uniquely associated with an individual, as is being pursued by Google. The trust value will be constantly updated based on multiple factors including location and passive sound (voice and ambiance) as well as facial recognition and a range of behavioral inputs.

With the mobile device formulating this trust factor, it is highly likely that Apple and Google will be critical partners in consumer authentication for the majority of access control scenarios, including call centers and physical access.

This reliance on the smartphone will help establish the FIDO (the Fast Identity Online) Standard as the appropriate architectural approach for managing authentication credentials. Keeping the credentials in the handset eliminates the honeypots that attract criminals, increases consumer trust, and converts the authentication infrastructure into a shared resource that will greatly lower deployment costs currently associated with all authentication solutions.

This research report is 44 pages long and has 8 exhibits.

Companies mentioned in this report include: AimBrain, Allscripts, Amazon, Apple, Arena, AstraZeneca, Balabit, Bank of America, Bank of Tokyo, Bayer, BehavioSec, BioCatch, BrowserSpy.dk, bunq, Chase, ContinUse, CO-OP Financial Services, Desert Schools Federal Credit Union, Diebold, Discover, E8 Security, Early Warning, Eli Lilly, Entrust Datacard, Etsy, Evernym, Exabeam, Facebook, FIDO Alliance, FIS, Fiserv, Fortscale, Fujitsu, GlaxoSmithKline, Google (Alphabet), Gurucul, HID Global, The Hiroshima Bank, HP, IBM, IDScan Biometrics, IEEE, LexisNexis, LG, Merck, National Westminster Bank, Nikon, NuData, Nymi, MasterCard, MicroBilt, Microsoft, Mitek, NetGuardians, PayPal, Plurilock, Qualcomm, SAFE-BioPharma, Samsung, SecureAuth, Securonix, Sovrin Foundation, Sqrrl, Telesign, Temenos, TMG, Twitter, UniCredit, USAA, US Defense Department, Veridium, Visa, VoiceVault, Wells Fargo, Yahoo, and Xiaomi.
Highlights of the report:

  • Given the effectiveness of cybercriminals, security will continue to be at risk until passwords are eliminated entirely. 

  • Consumers are wary of biometrics today but will come to accept it just as they did mobile banking.

  • Apple and Google will continue to upgrade and extend the security and biometrics implemented in hardware and operating systems and, due to the broad visibility that these operating systems have into the life of the mobile device user, will have more data than all others for authenticating the individual.

  • Authentication will move from a single challenge event, as done today with fingerprint readers, and evolve into a passive persistent identity trust value. The trust value will be based on multimodal biometrics to include geolocation, known commute and work patterns, passive voice and face recognition, and a range of behavioral inputs. As these improve in verifying authenticity, the challenge event will become relatively rare and specific only to high-risk situations.

  • Smartphone technology is rapidly becoming more secure and broadly available in the U.S. population, which means that broad deployment of biometric hardware by financial institutions is likely to be obsolete in less than 5 years.

  • It is probable that Apple and Google solutions will become critical hardware and software authentication suppliers for the majority of access control scenarios, including devices, call centers, cloud and application authentication needs.

  • Biometric tags and trust decisions should be held and calculated in the device to mitigate risk associated with central storage of credentials and is critical for increased consumer trust. Centralized repositories, no matter how secure, represent a liability from the consumer’s perspective.

  • The FIDO authentication architecture will establish an authentication framework that moves much of the hardware and software into a shared asset resident on the mobile phone, which will greatly lower the cost of deploying authentication solutions.

  • Financial institutions should plan for the biometric world described above. This suggests utilizing the mobile device for authentication wherever possible and to avoid the collection of biometric data centrally as much as possible, as that data represents yet another target for criminals.