Despite the lingering concerns about privacy and consequent judicial scrutiny over the almost daily breach of Aadhaar data, biometric authentication technology will soon replace the ancient password-based security system. For instance, according to the “Trust in Technology” report by HSBC, iris recognition is trusted by 26 per cent people to replace alphanumeric passwords that combine letters symbols and numbers. Voice and facial recognition follow at 18 per cent. In another survey conducted by Visa in 2017, out of 500 respondents, 99 per cent were interested in using at least one biometric method to verify their identity, and an equal percentage of the respondents were interested in using at least one biometric method to make payments. The survey concluded that “new forms of authentication, such as fingerprints, facial or voice recognition, can make unlocking accounts and payments much easier and more convenient than traditional passwords or PINs, which are difficult to type onto tiny keyboards, easy to forget, and can be stolen”.
Passwords are passe
Biometrics as a technology has been around for long and widely used in forensic science. In India, adoption of biometric technology has seen a significant increase over the last five years, thanks to government-aided projects, such as issuance of e-passports and visas. Aadhaar system under the Unique Identification Authority of India (UIDAI) has also boosted the use of technology. An estimation by BIS Research in its report “India Biometrics Authentication and Identification Market: Estimation & Forecast (2015-2020)”, the Indian biometric market value is anticipated to grow from $823.46 million in 2014 to $2.06 billion in 2020 at a CAGR of 16.47 per cent from 2015 to 2020. The research firm Technavio mentions in its market research report “Global Fingerprint Biometrics Market 2017-2021” that the global fingerprint biometrics market will grow at a CAGR of close to 12 per cent during the forecast period.
So, why do consumers prefer biometrics now? The biggest reason may be that people increasingly feel more comfortable using biometrics, as it is simpler than filling in passwords or drawing patterns. According to the Visa survey, nearly 81 per cent of consumers overwhelmingly perceive that biometrics are faster, while 84 per cent of them say it is easier than passwords. “Indian consumers have discovered the ease of biometric authentication and are open to using this technology for transactions going forward, which augurs well for the Indian payments industry,” Visa India and South Asia group country manager T R Ramachandran says in the report.
In another recent survey conducted by IBM Security in the US, Europe and APAC regions, called “IBM Future of Identity”, 75 per cent of millennials are comfortable using biometrics today, less than half are using complex passwords, and 41 per cent reuse passwords. Older generations showed more care with password creation but were less inclined to adopt biometrics and multi-factor authentication. But since millennials are becoming the largest represented segment in today’s workforce, they are likely to impact the decision of how employers and technology companies provide access to devices and applications in the near future.
People also have more understanding of technology now and are adventurous enough to use it. This enables tech companies to think of new ways to make the process faster and securer. Says V Srinivasan, founder and chairman, eMudhra, which enables digital transformation via smart solutions: “A few years ago, we were talking about 2FA. Now, the latest trends in authentication focus around using behavioural insights on users and how they log in (more simply, login behaviour) to identify behavioural anomalies. These anomalies then trigger additional layers of authentication or outright denial of access depending on the extent of the deviation. There’s an element of big data, behavioural analytics, and machine learning at play here.”
Says Amit Mathur, the chief operating officer of Ensurity Technologies, “Biometric technology ensures that the access to data, area, article is restricted only to the authorised person. The technology is also easy to execute, it is unique to an individual and difficult to forge. Smart handling of the fingerprint template makes the access nearly breach-proof.”
Voice and biometrics
A tech start-up Uniphore Software Systems has designed solutions to decipher human voice, which works on voice biometrics. According to Umesh Sachdev, its CEO and co-founder, people today want to explore exponential technology and methods that could make their life easier and secure. “Millennials have always welcomed and adopted changing technology with passing time. They believe in exploring and using latest technology and tools to make lives simpler, secure and convenient. The ‘biggest’ worry for Millennials today is ‘information security’. The smartphone generation understands the consequences of data theft and trusts biometrics solutions since they’re based on unique characteristics of the user.”
Security is another big reason why people prefer biometrics these days. A survey conducted by IBM states that people ranked security as the highest priority for logging in to the majority of applications, particularly when it came to money-related apps. When it comes to payment via biometrics, the perception is that this technology is more secure than passwords and PINs and gives the consumer the peace of mind. In fact, according to the Visa survey, “The payments ecosystem is witnessing a rapid change in the adoption of a new form of payments and modes of authentication. For financial institutions, the time has never been better to integrate biometric technology into banking apps and payments experiences for customers.”
Safe (mobile) banking
As consumers warm up to the idea of biometrics, even the more conservative sectors are thinking of ways to incorporate biometrics. Banks, for instance, are the conservative adopter of technology. But, in a report prepared by HSBC, Darryl West, its chief information officer, observes: “My objective when I finish my career in this industry is to eliminate passwords completely.” Many banks and financial institutions are replacing traditional multi-factor authentication system with a single interface using biometrics. The Reserve Bank of India and the Union finance ministry are already pushing banks to migrate to Aadhaar-based biometric authentication for electronic payment transactions, though most Aadhaar-centric policies are under litigation now. The push to biometrics is also driven by the proliferation of mobile phones.
According to Sachdev, people perceive biometrics as a safer option, especially when it comes to mobile banking. He says, “Indians are very receptive to this change, as it allows them to access banking and make payments in a secure and convenient manner without having to worry about data security concerns.”
Recently, an Indian mobile phone payment network called MoneyOnMobile launched a biometric-based ATM cash-out solution, which leverages the Aadhaar system and open banking APIs. This Aadhaar-Enabled Payment System (AEPS) allows ATM card consumers to withdraw cash by scanning their fingerprints. Ranjeet Oak, head, India operations of MoneyOnMobile, says, “The AEPS-based biometric service will enable our consumers to have an easy and quick access to their bank accounts.”
James Stickland, CEO of Veridium, a US-based biometric authentication provider, explains why the new security system matters. He writes in a blog post, “It seems like just a year ago that we were heralding the benefits of chip & PIN for securing our card-based transactions. But by the end of 2017, we saw statistics that financial fraud has actually risen since this technology was introduced in some areas. And now, some nations like India and China are already moving away from chip & PIN in favour of mobile biometric authentication.”
According to Stickland, India is doing better than other regions in the area of mobile payments. He writes, “India is setting a star example for proximity mobile payments currently, with 30 per cent of smartphone users expected to pay for goods with their smartphone, rather than a card, in 2018. This, combined with the push to embrace QR codes as the primary mode for digital payments, is expected to drive the Indian digital payments industry to grow to $500 billion by 2020. The Indian government is furthering these efforts by creating a policy environment to make digital transactions easier, issuing licenses for payments banks that will help fintech firms launch digital wallets and digital-only banking services.
“Paired with the Aadhaar project, this trend puts India at the forefront of secure biometric authenticated mobile payments.”
Businesses of biometrics
Whether it is large enterprises or small businesses, one can safely say that organisations are inclined to deploy biometrics to make things easier. For instance, ShepHertz, an omnichannel solution provider, has designed a face recognition solution, particularly for educational institutions, to curb ragging cases and make schools and colleges safer and secure. Its founder and CEO Siddhartha Chandurkar says, “Today, AI and biometrics are not restricted to research labs alone. In the coming years, just like with internet, these will have a great impact on our lives. This technology will allow parents and school management to have more control and thus increase the overall level of security.”
Another tech firm Ensurity Technologies, which offers cybersecurity solutions, has recently collaborated with the Sweden-based company Fingerprints to provide touch-sensor-based USB devices. Says the company COO Amit Mathur: “With the rise in adaptation and large-scale usage, the costs are coming down for devices enabled with biometric authentication. Moreover, secure storage and access USB devices with biometric authentication have high and immediate ROI, since they can be shared securely amongst a number of users. The mid-level businesses should be investing in cost-efficient and yet highly secure devices that can be used widely yet with clear data partitions and access controls.”
San Francisco based Engineers.ai designs software solutions around artificial intelligence and simplify them, so a non-technical person can also design an app or make their own website. According to co-founder Sachin Dev Duggal, “Biometric is a significant technology as cyber frauds are increasing with the country going digital and cashless. Moreover, it’s a critical part of the authentication infrastructure. Fingerprint, iris, facial and voice are now important tools in being able to seamlessly identify someone to be authentic. We have a number of building blocks that provide 2FA or biometric features; in fact, our own developer platform is going to start using facial recognition to authenticate developers on our platform.”
Adapting is still not easy for small businesses. V Srinivasan of eMudhra thinks that SMEs still have to be digitally sound to adopt biometrics. He said, “In the SME space, authentication has not quite evolved to the extent it has in sensitive large organisations like banks. Perhaps, because the risk exposure is lower. SMEs are still primarily on OTP authentication, username/password and 2FA.”
Cost is the biggest hurdle, especially for smaller organisations. While authentication is definitely becoming an important topic amongst large organisations and SMEs alike, however, the risk exposure level is significantly different between the two segments, as is the affordability and the importance given to the depth of authentication at play. Adds Srinivasan, “I think that once you cross SMS, OTP and 2FA, more advanced forms of authentication typically tend to be more expensive in multiple ways. Further, the Indian market does not have too many SaaS players offering advanced authentication on SaaS. That’s why SMEs either rely on third-party authentication (like Facebook, Google, etc.) or typically restrict their own authentication layers to 2FA using password and OTP.”
But, according to Sachdev, being expensive is a more a perception than reality. “Owing to its sophistication, there is a general tendency to consider this technology as ‘expensive’. On the contrary, it’s just a one-time installation/deployment. For example, voice biometrics is based on unique characteristics of human voice. Once a sample is recorded, it can be used as a base/reference umpteen times to authenticate a person’s identity using voice in sectors such as banking and telecom. Having said this, there are some solutions, such as fingerprint and iris, which require a device as a medium.”
Security is another challenge. Like any data, biometric data can fall into the wrong hands if not protected. But Sachdev feels that the cornerstone of biometrics is its ability to remain tamper-proof. “Yes, there are incidents reported which testify against this ability, but technology is moving at a lightning pace and there will be a day when leaks are plugged to make it 100 per cent secure.”