News from the Wire

Mercator reports biometrics reshaping authentication market

Friday, January 13, 2017 — 11:47:35 (EST)

Boston, Jan. 13, 2017 -- A new research report from Mercator Advisory Group titled Biometrics: A New Wrinkle Changes the Authentication Landscape is a primer on the fundamentals of biometrics for authentication of consumers’ identity. The report explains the need for multimodal biometric authentication and describes many types of biometrics available from various technology providers. The report shows how biometrics technology has shifted from a primarily hardware-based solution to a software-and cloud-based solution enabled by smartphones that have become much more secure. With voice and face recognition, and now the addition of behavioral biometrics, this shift will drive rapid new innovation and will tip the market in favor of the mobile architecture.

“Behavioral dynamics will play an increasingly important factor in establishing trust factors for the authenticating consumers’ identity across every channel and for establishing persistent identity,” said Tim Sloane, Vice President, Payments Innovation, at Mercator Advisory Group and author of report. “With the introduction of new authentication factors, new secure mobile platforms, and software- and cloud-based authentication mechanisms; it will be extremely risky for banks to make an investment decision that includes hardware and requires five-plus years to achieve a positive return on investment.”

Increasingly smartphones are shipping with trusted execution environments that can displace traditional hardware security fobs. These new smartphones are critical to this fundamental shift in biometrics.

Criminal theft of passwords has made passwords obsolete, and so a new factor is required for authentication. Biometrics will be that new factor. It increases security and will prove more convenient for the consumer than passwords as it transitions into a persistent identity over the next 5 to 8 years.

For persistent identity, authentication no longer entails just a single challenge event such as a fingerprint scan but evolves into a passive trust value uniquely associated with an individual, as is being pursued by Google. The trust value will be constantly updated based on multiple factors including location and passive sound (voice and ambiance) as well as facial recognition and a range of behavioral inputs.

With the mobile device formulating this trust factor, it is highly likely that Apple and Google will be critical partners in consumer authentication for the majority of access control scenarios, including call centers and physical access.

This reliance on the smartphone will help establish the FIDO (the Fast Identity Online) Standard as the appropriate architectural approach for managing authentication credentials. Keeping the credentials in the handset eliminates the honeypots that attract criminals, increases consumer trust, and converts the authentication infrastructure into a shared resource that will greatly lower deployment costs currently associated with all authentication solutions.

Highlights of the report:

• Given the effectiveness of cybercriminals, security will continue to be at risk until passwords are eliminated entirely.

• Consumers are wary of biometrics today but will come to accept it just as they did mobile banking.

• Apple and Google will continue to upgrade and extend the security and biometrics implemented in hardware and operating systems and, due to the broad visibility that these operating systems have into the life of the mobile device user, will have more data than all others for authenticating the individual.

• Authentication will move from a single challenge event, as done today with fingerprint readers, and evolve into a passive persistent identity trust value. The trust value will be based on multimodal biometrics to include geolocation, known commute and work patterns, passive voice and face recognition, and a range of behavioral inputs. As these improve in verifying authenticity, the challenge event will become relatively rare and specific only to high-risk situations.

• Smartphone technology is rapidly becoming more secure and broadly available in the U.S. population, which means that broad deployment of biometric hardware by financial institutions is likely to be obsolete in less than 5 years.

• It is probable that Apple and Google solutions will become critical hardware and software authentication suppliers for the majority of access control scenarios, including devices, call centers, cloud and application authentication needs.

• Biometric tags and trust decisions should be held and calculated in the device to mitigate risk associated with central storage of credentials and is critical for increased consumer trust. Centralized repositories, no matter how secure, represent a liability from the consumer’s perspective.

• The FIDO authentication architecture will establish an authentication framework that moves much of the hardware and software into a shared asset resident on the mobile phone, which will greatly lower the cost of deploying authentication solutions.

• Financial institutions should plan for the biometric world described above. This suggests utilizing the mobile device for authentication wherever possible and to avoid the collection of biometric data centrally as much as possible, as that data represents yet another target for criminals.

This research report is 44 pages long and has 8 exhibits.

Keywords: behavioral biometrics, authentication, persistent ID, FIDO, federation, multimodal biometrics, identity as a service

Companies mentioned in this report include: AimBrain, Allscripts, Amazon, Apple, Arena, AstraZeneca, Balabit, Bank of America, Bank of Tokyo, Bayer, BehavioSec, BioCatch, BrowserSpy.dk, bunq, Chase, ContinUse, CO-OP Financial Services, Desert Schools Federal Credit Union, Diebold, Discover, E8 Security, Early Warning, Eli Lilly, Entrust Datacard, Etsy, Evernym, Exabeam, Facebook, FIDO Alliance, FIS, Fiserv, Fortscale, Fujitsu, GlaxoSmithKline, Google (Alphabet), Gurucul, HID Global, The Hiroshima Bank, HP, IBM, IDScan Biometrics, IEEE, LexisNexis, LG, Merck, National Westminster Bank, Nikon, NuData, Nymi, MasterCard, MicroBilt, Microsoft, Mitek, NetGuardians, PayPal, Plurilock, Qualcomm, SAFE-BioPharma, Samsung, SecureAuth, Securonix, Sovrin Foundation, Sqrrl, Telesign, Temenos, TMG, Twitter, UniCredit, USAA, US Defense Department, Veridium, Visa, VoiceVault, Wells Fargo, Yahoo, and Xiaomi.

Members of Mercator Advisory Group's Emerging Technologies Advisory Service have access to this report as well as the upcoming research for the year ahead, presentations, analyst access, and other membership benefits.

Please visit us online at www.mercatoradvisorygroup.com .

For more information and media inquiries, please call Mercator Advisory Group's main line: (781) 419-1700, send e-mail to info@mercatoradvisorygroup.com . For free industry news, opinions, research, company information and more visit us at www.PaymentsJournal.com . Follow us on Twitter @ twitter.com/MercatorAdvisor .

About Mercator Advisory Group: Mercator Advisory Group is the leading, independent research and advisory services firm exclusively focused on the payments and banking industries. We deliver pragmatic and timely research and advice designed to help our clients uncover the most lucrative opportunities to maximize revenue growth and contain costs. Our clients range from the world's largest payment issuers, acquirers, processors, merchants and associations to leading technology providers and investors. Mercator Advisory Group is also the publisher of the online payments and banking news and information portal PaymentsJournal.com .

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information: bankcardlife.com?orid=33533&opid=1 .

Source: Company press release.