SoylentNews is people
SoylentNews
from the biometrics-are-the-"account"-not-the-"password" dept.
Visa's vision for the future of payments is password-free
Visa believes the payment industry can move away from passwords in the next five years thanks to advancements in authentication and anti-fraud technologies that are already making "static" cardholder verification (CVM) methods such as signature and PINs optional.
With the ability of financial institutions and merchants to share 10 times more data with each other than ever before, and the growing sophistication of artificial intelligence (AI) that is making fraud detection faster and more accurate, Visa head of product Axel Boye-Moller believes that as this ecosystem evolves to be more secure, and AI and biometrics capabilities further mature, there is a future where legacy verification methods are eventually eliminated.
"Over the last few years as mobile technology has evolved, we're seeing increasingly biometrics included in mobile hardware -- that's really starting to take off as more and more banks and other providers start rolling out mobile payment solutions," Boye-Moller told ZDNet.
"But there's still a lot of ground to cover. Passwords can be incredibly frustrating. You forget them and they can be stolen."
[...] Additionally, Boye-Moller said as more payments are conducted via a mobile device, it becomes "very fiddly" to enter a password on smaller devices.
Increasingly, he added, there has been an explosion in the amount of connected devices that are accompanied by more online accounts and subscription-based payment requirements.
"We think biometrics is absolutely a critical part of that solution -- both convenient and secure," he said.
"The way they rolled out [mobile payments] standards is that every single transaction that is done or adopted is biometrically authenticated with a fingerprint or facial recognition."
While he said biometrics is part of the solution of moving to a password-free world, he believes it requires many other layers on top of that to drive more secure and convenient solutions.
"We believe that if we continue to collaborate strongly across industry we can we can reduce the current fraud rates by half by 2025," Boye-Moller added.
(Score: 5, Insightful) by stormwyrm on Tuesday July 16 2019, @05:03AM (4 children)
"Passwords can be incredibly frustrating. You forget them and they can be stolen." True, but they have one advantage that biometrics lack: passwords can also easily be changed. The same is not true for biometrics. I don't know if Boye-Moller is also aware that biometrics can also be stolen, and once they're stolen they are stolen forever. If someone is able to impersonate them somehow there is no way to change them later. They're my fingers. I have only ten. There's no way to get back to a secure situation if someone somehow manages to copy them sufficiently to impersonate them to services that use them for authentication. Using biometrics improperly is very easy [schneier.com], hopefully they don't make those same dumb [soylentnews.org] mistakes. [soylentnews.org]
Numquam ponenda est pluralitas sine necessitate.
(Score: 2, Funny) by Anonymous Coward on Tuesday July 16 2019, @05:27AM (2 children)
It's funny that everyone thinks biometrics are a good idea because they're "futuristic" and used in sci-fi, and also every sci-fi show that has ever used them involves someone breaking the biometric "authentication" through the use of some absurdly easy, low-tech method like knocking out the guard and holding his hand up to the scanner, or recording someone's voice and playing it back, or, you know, any of the other unsolvable problems that are intrinsic to pretending you can use biometrics for authentication.
Even the Schneier article you link is excessively optimistic about biometrics. It is only sort of mildly inconvenient to put a false fingerprint on your finger. Eye scanners will be fooled by contact lenses. These things only keep honest people honest, they are absolutely no barrier at all to criminals. They're no better than signatures. Facial scanners will never work because too many people look alike. Twins, of course, but even beyond that, facial recognition is only really viable to distinguish "maybe the person in question" from "definitely not the person in question." That's fine if you're the police and need to narrow a crowd of ten thousand people to ten possible suspects, useless for actually establishing identity firmly.
What is baffling is that anyone whose business is at least somewhat hampered by fraud would actually want biometrics anywhere. They don't help anyone except criminals. Sure, Google wants you to use your fingerprint to unlock your phone because Google is in the business of spying on you anyway, they don't really care if your phone has no security whatsoever. But Visa? Fraud causes them at least a little discomfort, even if they aren't actually on the hook for the losses (they pass those on to the businesses that accept their cards and aren't at fault).
Biometrics are one of the worst ideas that have ever been conceived in the world of technology. If you took 3D glasses and a CueCat and attached them to a Gizmondo and then ran systemd on it, it would still be a better idea than biometrics.
(Score: 0) by Anonymous Coward on Tuesday July 16 2019, @09:37AM
I think, that like calling algorithms "AI", this is all about stock price. "Look!", cries the CxO, "Biometrics!".
Stock price rises, millions are to be had for those with options, and actual security is not really part of the equation. It's all about "feels good".
(Score: 0) by Anonymous Coward on Tuesday July 16 2019, @11:48AM
Our company has RSA SecurID dongles. Not that expensive, easy to deploy, replace, and increases security sufficiently for most purposes.
(Score: 2) by JoeMerchant on Tuesday July 16 2019, @12:51PM
Your fingerprints can be surgically altered... though, if you're going that far, you'd probably rather just get a programmable RFID chip implanted instead.
What they're talking about is "good enough" security for the masses. The real security is the same as cash: you hold on to the card. That covers 99% of security right there. Now, you give it to waiters/waitresses to "go run it for you" (and make a copy while they're at it), so we've got to have another layer to handle the 1% of those cases where the vendor is also a thief.
When a nefarious actor, in person or online, manages to copy and use your card number - the banks' AI pattern recognition figures out that the charges don't make sense based on your prior spending patterns, and once fraud is confirmed, you get a new card number. Like all cryptography: limited lifetime keys, except these are replaced after a confirmed breach - which, for us, tends to happen an average of once every 2-3 years.
Facial recognition by cameras at the checkout points is coming, soon, don't kid yourself - they're drooling at the prospect of getting high quality pictures of everyone's faces at every purchase point. It will help to ID fraudsters, but it's worth far more to marketers for understanding how to manipulate you into spending more of your money on their products and services.
🌻🌻 [google.com]