Skip to content

Our Privacy Statement & Cookie Policy

All Thomson Reuters websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.

technology

Is biometric authentication the death of the password?

Jennifer Singh  Senior Director, Strategic Product Management

Jennifer Singh  Senior Director, Strategic Product Management

No one remembers every password to every website. Advances in biometric authentication mean soon, we may not have to.

Digital commerce is disrupting traditional businesses because of the convenience it provides.  We can purchase, transact and communicate online, all without leaving our homes. And yet, we all still experience some degree of frustration when transacting online, particularly due to poor digital customer experience.  The biggest complaints: Continuously needing to prove our identity credentials and managing our passwords.

A recent poll conducted by Intel Security found the average person has 27 discrete online logins, which is a lot of passwords to remember.  In fact, 37 percent of people forget a password at least once a week, which leads to frustration, password resets and sometimes abandonment.  This is a headache for businesses, too, because they have to bear the customer service cost of password resets and associated revenue losses from abandonment. Passwords, particularly insecure passwords, can also be a security risk subject to criminal hacking.

To balance security with convenience, enterprises are rethinking digital identity. The forerunners are leveraging advanced technologies like biometric authentication to provide a seamless experience for their customers.

What is biometric authentication?

Biometric authentication uses unique physical attributes and body measurements as a method for identification and access control. Physical characteristics that are often used for authentication include fingerprints, palm prints, voice recognition, face recognition and iris scans, because these are unique to every individual. Service providers are using biometric authentication to reduce access friction because it’s much faster and more seamless for a customer to use his or her biometrics than it is to remember and type a password.

Mobile devices, including both iPhone and Android devices, have spurred the adoption of biometric authentication.  According to a Deloitte survey, 28 percent of UK smartphone users have used fingerprint recognition, up about 33 percent since last year.  While adoption of other biometric authenticators is still low, the recent release of Face ID on the iPhone X is expected to spur adoption of other modalities.

Another example of increasing biometric authentication adoption is across airports around the world.  CLEAR, at select United States airports, is a faster alternative to TSA PreCheck for passing through airport security.  A traveler skips having his or her physical ID documentation (drivers license or passport) reviewed by a TSA agent by authenticating with two forms of biometrics and a boarding pass.  This service eliminates the need to carry physical documentation and is a much faster security process.  Airlines like Delta and JetBlue are also experimenting with facial recognition as a replacement for scanning physical boarding passes when boarding a plane.

A person uses a sensor for biometric identification on a smartphone in Berlin, Germany REUTERS/Fabrizio Bensch
A person uses a sensor for biometric identification on a smartphone in Berlin, Germany REUTERS/Fabrizio Bensch

Empowering transaction risk management

Institutions and service providers can be better assured of who they are doing business with in digital channels by combining comprehensive identity verification with ongoing biometric authentication.  One example is with digital banking.  New customers are onboarded to new bank accounts by enrolling online or with a mobile device.  A comprehensive identity verification solution that looks at all aspects of an individual’s identity – biographical, legal, electronic and behavioral attributes – answers the questions “Is this a real person?” and “Is this who the person says she is?”

Once the account is established, biometric authentication can be used to complete high-risk transactions such as completing a wire transfer to another account or completing a high value purchase on a website.  The bank can send a request to a smartphone requesting a fingerprint or another biometric in order for the transaction to complete.  This gives the bank assurance that it is still the same registered user completing the transaction and not a criminal trying to commit fraud.

A court officer conducts an eye scan on mixed martial arts fighter Conor McGregor (L), during his arraignment in a New York City courtroom on charges of assault in New York, NY, U.S., April 6, 2018. Mary Altaffer/Pool via REUTERS
A court officer conducts an eye scan on mixed martial arts fighter Conor McGregor (L), during his arraignment in a New York City courtroom on charges of assault in New York, NY, U.S., April 6, 2018. Mary Altaffer/Pool via REUTERS

The next frontier – continuous authentication

While biometric authentication is often seen as a customer experience improvement over traditional passwords, some organizations want to remove all friction out of the authentication experience.  Rather than push requests to a mobile device for biometric authentication, some firms are using behavioral biometrics to continually authenticate a user.

Behavioral biometrics can measure specific behavioral patterns and create a unique algorithm to tell users apart.  For example, the specific way that an individual uses a smartphone – how he or she pinches and zooms, the pressure exerted on the keyboard, how he or she walks with their phone in a pocket – is very unique.  The algorithms can be set up in various ways: some sending risk flags or notifications back to a service provider when a change of control is calculated; some providing scores at the service provider’s request.

Continuous authentication is still an emerging technology and lags adoption when compared to traditional biometric authentication.  While the new technology might replace biometrics in some cases, many expect that both types of authentication will be used hand-in-hand.  In the case of completing a wire transfer, if behavioral authentication fails to validate a user, that user could be asked to provide a biometric to complete a transaction.  This enables enhanced customer experience and reduces the likelihood that a user is denied access to a service. At the same time, it provides enhanced security and protection for both the user and service provider against fraudulent activity.

A man looks over a 3D scan of his face after trying out a Bellus3D face scanner during CES Unveiled at the 2018 Consumer Electronics Show in Las Vegas, Nevada, U.S. January 7, 2018. REUTERS/Steve Marcus
A man looks over a 3D scan of his face after trying out a Bellus3D face scanner during CES Unveiled at the 2018 Consumer Electronics Show in Las Vegas, Nevada, U.S. January 7, 2018. REUTERS/Steve Marcus

Learn more

Register for our Public-Private Partnership Forum events April 24 in Charlotte, North Carolina, and April 26 in Washington, D.C.

Want to stay up-to-date on our thought leadership pieces and other topics such as anti-money laundering and fraud? Sign up for the CLEAR Picture newsletter, a free, bimonthly e-newsletter developed for professionals working on anti-money laundering, Know Your Customer, and other high-risk rules and regulations compliance.

  • Facebook
  • Twitter
  • Linkedin
  • Google+
  • Email

More answers