Biometrics: the Future of Mobile Payments?

Biometrics: the Future of Mobile Payments?

by Dr. Grigorios Fragkos, VP Cybersecurity

Billions of people are now using smartphones, even in the most remote areas of the planet. Global adoption of these new mobile technologies opens up the discussion for more advanced methods of identification, authentication, and verification, especially when it comes to protecting against fraud, identity theft and financial crime.


One of these promising new technologies, available to end users as a result of the acceptance of mobile devices such as mobile phones, tablets, and laptops, is biometrics.


Biometrics look promising when it comes to simplifying the processing, authentication, and confirmation of transactions in general, but more importantly when it comes to payments. Technological advances, along with pattern recognition and multi-factor biometrics, are expected to tackle cybercrime by making it very expensive and time-consuming for cybercriminals to attempt to target these systems.


Cybercriminals are opportunists and will always go after the low-hanging fruit. Another consideration is that security experts are already working hard to enable use of these technologies not only in an efficient, but also in a secure manner too.  


Indeed, biometric authentication may well be the method by which Payment Service Providers and other impacted financial entities fulfil the requirement for strong customer authentication, which is included in the European Banking Authority‘s Guidelines for the security of internet payments and in the recently approved EU Payment Services Directive (PSD2). 


Strong customer authentication requires two-factor authentication; a biometric could provide the second authentication factor, in addition to the typical knowledge factor: the customer’s password.


Webpage URL

Find out more about our PCI DSS compliance services by clicking the button below


The future?

However, answering the question of whether biometrics are the future of payments, is a bit more complicated than one may suspect. The quick answer is yes, biometrics are proliferating at the moment, and major technological advances have been achieved in the past few years in that sector.  Currently biometrics are a form of authentication, a significant step away from the era of memorising passwords.


There are a number of biometric technologies available such as hand scans, face recognition, etc. but the most commonly used is fingerprints. For example using your fingerprint with ApplePay in order to perform and approve a transaction.


However, in real life these technologies are not perfect and do fail under certain circumstances, for example a burnt finger cannot be scanned; multi-factor biometric authentication can tackle those flaws, for example, triggering the request for a ‘selfie’ (face recognition) if the fingerprint scan fails.  


To that extent, the use of biometric identification technologies is expected to further reduce fraud and hopefully financial cybercrime.


Before putting forward a more in-depth response to the question regarding biometrics being the answer to, and the future of payments, we actually need to take a step back and discuss if this is the right question to ask.


More specifically, biometrics may only be the future of payments if an identification process based on a biometric authentication factor inherent in, and therefore indisputably tied to the individual, will reduce fraud.


No silver bullet

Only a couple of months ago, a US government hack allowed 5.6 million fingerprints of federal employees to be stolen.  Fingerprint’s are an inherent authenticating factor and can’t be changed, unlike a password or a token; reliance on a single biometric as an authenticating factor could be more of a risk than a factor that can be changed or replaced if it is compromised. 


There is no silver bullet in security, and these biometric authentication systems will need to be protected against threats and cyber-attacks, as they will clearly start becoming the next targets.


That said, biometric authentication is clearly the way forward as it proves to be a boost to the current level of security, providing a greater level of assurance in the claimed identity of the individual, compared to the process of selecting, remembering and protecting different passwords and PINs.


Use of biometrics may enable the payment process to become more efficient and enhance the customer experience while allowing legitimate payments and transactions to become trivial to verify.


In the era of Internet of Things (IoT) trusting your wearable device to order a new pair of shoes when it detects your soles are losing friction without the need to authorise the transaction each time will be a reality at some point, and I really hope during my lifetime!


Sysnet has extensive experience in compliance and security. Our passion for pragmatic and innovative solutions when it comes to addressing cybersecurity problems allows us to be the thought leaders in the market when it comes to addressing such multi-layered and complicated challenges related to security.


Like this Article?

Subscribe to receive more tips & news about Cyber Security, Compliance and a lot more!

  • Sysnet Global Solutions will use the information you provide on this form to be in touch with you regarding non-promotional as well as promotional material by email and phone. If you agree to same, then please select the ‘I consent’ box after reading the terms and conditions listed below in relation to consent. You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, update your preferences for communications, content etc. by clicking on the update my preferences button in any email we send you or by contacting us at We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms. We use Pardot as our marketing automation platform. By clicking below to submit this form, you acknowledge or agree that the information you provide will be transferred to Pardot for processing in accordance with their Privacy Policy and Terms