Payments Journal – Human Biometrics in Online Authentication

February 23 — Human Biometrics in Online Authentication: Risks and Options

NuData’s Robert Capps has a feature article in Payments Journal where he talks about the difference between physical biometrics and behavioural biometrics, and why e-commerce and financial institutions are avoiding the former in favor of the latter.

The password isn’t dead – it just can’t be the sole means of online user authentication anymore as a deluge of breached data has let lose millions of login credentials to the black market. Those stolen credentials have spawned a huge wave of account takeovers. To stop rising fraud rates, merchants and financial institutions have for the most part deployed unwieldy and consumer-unfriendly security techniques that fail to catch all the fraud that is occurring and wrongly flagging good users. Companies have to move on  from static, reusable data when authenticating. But how?

The search for meaningful alternatives has sparked increased interest in the use of physical biometrics for authentication. Unfortunately, the term biometrics has become an industry buzzword that encompasses a number of second-factor solutions that include everything from facial recognition, to fingerprints, iris scans, and voice – even the human heartbeat.

But what works face-to-face doesn’t always work online. When faced with an in-person security challenge, the person in question can readily and effortlessly comply. A person doesn’t keep a fingerprint on file that they then provide to a machine; the person lets the machine read their fingerprint at the security threshold. Adding a physical biometric for the online user means it’s more than just the user and a website – we need a third piece of technology to authenticate.

For the complete article, go here.