What’s all the buzz about biometrics?

biometrics, payments, authentication

Mobile Payments with Biometric ID System

How many times have we heard that the password is going away as a means of authentication? Users like simple passwords that aren’t secure, and for convenience sake, the same password is often used for multiple online services. This practice, combined with how easily passwords can be hacked, make online accounts vulnerable. Two-factor authentication is more secure but the National Institute of Standards and Technology (NIST) has said that security concerns around deliverability suggest it is time to move away from SMS text messages, the most widely-used factor.

Lately there’s been a lot of buzz around using biometrics for authentication, often as a second factor, along with a password or PIN. Let’s take a look at the different types of biometrics, as well as the issues around each.

Physical biometrics
When you hear “biometric,” the first thing you probably think of is a physical biometric such as a fingerprint or eye scan. Physical biometrics don’t have to be remembered, and they have been proven to have a high degree of reliability, but they do require effort on the user’s part. In addition, not every mobile device has a scanner; users have expressed concerns about the ability to access accounts if the technology malfunctions, as well as security concerns over having their fingerprints stored. A password can be reset; a fingerprint cannot. And despite the issues associated with passwords, a recent Yougov study revealed that 58% of Americans prefer them over physical biometric authentication methods. With this sentiment, a good deal of education and reassurance may be needed before this method becomes widespread.

Behavioral biometrics.
Behavioral authentication looks at how a person moves or interacts with their devices. Each user has a unique way they strike keys, use a mouse, walk and talk, and those patterns can be used as an authentication method. Behavioral biometrics can be simple and cost-effective to implement and use. There are drawbacks, however; a user’s keying and mouse movements may be consistent on a desktop or laptop, but may vary depending on when and how they are using a mobile device. A cold, a bad connection and background noise are a few factors that can affect voice recognition.

Social biometrics.
Social biometrics is a trademarked term for a patented solution from Socure. As the name implies, the basis for identity verification is a user’s social networks combined with other trusted online and offline data. Most users are probably aware that they are giving up some privacy when they post on social media, and many sign into other online accounts using their social media credentials, but they often send mixed signals as to how they feel about it. According to a Pew Research report on how Americans feel about privacy, 67 percent of adults have little to no confidence that their activity on social media sites will remain private and secure. In addition, 86 percent of internet users have taken simple steps such as avoiding certain apps or changing their privacy settings on social media to cover their digital tracks, and many say they would like to do more.

It is unclear if users have these same attitudes when it comes to using their information from social networks to verify their identity; that may depend on the user experience.

Digital biometrics.
Digital biometrics is our patented, privacy-compliant method of authentication that uses personalized data on a user’s smart phone. We continuously analyze this data — how it is used and how it changes over time — to create a digital biometric profile that represents the user, not just the mobile device. This digital biometric profile can be recognized across any registered device, even new ones. This combats malicious account takeover which can lead to fraud and an invasion of a user’s privacy. Speaking of privacy, the information we access to create the digital biometric profile is anonymized. We know what information is associated with a user, but not the user’s name or any other private information. Private user data is not stored on our servers so it is not vulnerable to data breaches. This method of authentication is secure and requires little, if any, effort on the part of the user.

As for ensuring the user really is who they say they are, user behavior is only one of six scoring aspects. Other aspects include: device recognition, network verification, software analysis, user secrets/biometrics and geolocation. Deviations in data or change will be immediately detected. And while it is possible for a hacker to steal a user’s anonymized data, create a hardware/network/software environment equivalent to the actual user, and behave as the user does, it is highly unlikely.

In testing using digital biometrics for authentication, we found a 93.8 percent recognition rate of returning users. Perhaps more importantly, impostors were recognized 99.1 percent of the time, reducing the risk of fraud.

While other biometric methods may have their disadvantages, digital biometrics is an authentication method that is secure, reliable and user-friendly.

Want to see Digital Biometrics in action? Request a demo!

On the Radar: mSIGNIA iDNA establishes identity using a digital biometric approach


With its data-based biometric approach, mSIGNIA iDNA analyzes the data users add and generate on their mobile devices and the way their behavior changes that data to verify the individual. Read more and get the report here.