Biometrics in Payments – Irresponsible Demand Generation

Demand generation is defined as; “The focus of targeted marketing programs to drive awareness and interest in a company’s products and/or services.”

Done responsibly it can be a very effective tool in any organisation’s marketing/PR tool-set, and I applaud anyone doing it well. Done irresponsibly it can lead target organisations to make very poor decisions that they will end up bitterly regretting. Yes, each organisation is responsible for making their choices, and for performing proper due diligence, but in an industry as complex as payments, vendors are often seen as the experts.

This position must NEVER be abused!

The example of demand generation that I invariably use is that of the smartphone. Until I saw one I had no idea I needed so much functionality in a mobile device. Now, quite literally, I cannot do my job without it.

Off the bat, that suggests 3 things:

  1. Smartphone manufacturers were justified in their aggressive marketing efforts …eventually;
  2. The drive by each vendor to win the entire market for themselves, while promoting competition, has left us with an enormous variety of devices and technologies that are difficult to adopt for fear of backing the wrong horse, and;
  3. I’m not smart enough to be a futurist.

But what if they had worked together on standardisation in the beginning (like with bloody power adapters for example!), how much better off would we be?!

Now biometrics vendors are the vultures over the kill, and the password is the corpse (harsh I know, but the alternative is wolves, but they work in unison for the good of the pack).

Biometrics companies are spending vast sums on marketing and PR resources to become the next big thing in authentication, All the while completely ignoring the fact that they are offering something little different (single-factor, static authentication), and side-stepping the most basic of practicalities; ease of adoption, and future-proofing.

The FACT remains that implementation of effective biometrics is extremely difficult. Distribution, false positive rates, disability support, privacy issues and a plethora of other challenges will continue to ensure that single-factor authentication with biometrics will not replace the 4 digit cardholder PIN any time soon. Nor should it.

It’s not about replacing the PIN, it’s about seamlessly combining the PIN with other forms / factors of authentication like biometrics. Anything else is irresponsible in the extreme given that most smart phones are capable of all 3 authentication factors multiple times each! Passphrase, PIN, fingerprint, voice recognition, iris, geo-fencing, device registration, device profiling, social media profiling you name it, can all be entered into a mobile device through normal and already established consumer use.

The following is not necessarily an endorsement of Fast Identity Online (FIDO) Alliance, but you can see from their Mission that they fully appreciated the importance of evolutionary change, not revolutionary change:

“The Mission of the FIDO Alliance is to change the nature of online authentication by:

  • Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.
  • Operating industry programs to help ensure successful worldwide adoption of the Specifications.
  • Submitting mature technical Specification(s) to recognized standards development organization(s) for formal standardization.”

Reliance on single factor authentication with biometrics is a mistake, so avoid any organisation who adopts the ‘password is dead’ stance and just do your homework based on a business need, not a buzz-phrase.

If you think I'm wrong, please tell me why!

This site uses Akismet to reduce spam. Learn how your comment data is processed.