Research survey: The adoption time frame of biometrics in the payments sector

Alex Nasonov, Founder and CEO of Worldcore

If you are living in the payments ecosystem in 2017, there is no doubt you have been inundated with a deluge of hot topics ranging from AI to APIs. At most of the conferences we attend, we find no fewer than half a dozen so-called “game-changers” being discussed. Still, not all of them will make their way into the product offerings of banks, payment service providers, and the like.

Hardest to get right about new technologies may very well be the acceptance (i.e. timing) of these technologies, rather than the development of them. It makes little sense for firms to spend significant funds to implement technologies if clients will not use them. It is the old “chicken and egg” problem.

Of course with all the sexy marketing hype surrounding each year’s hottest technologies, product managers lick their lips at the possibility of implementing the latest and greatest, knowing full well they could never expect to implement everything they see. Our method for sorting the product road map is to first determine cost and difficulty of implementation, and second to survey potential or existing clients. Balancing these two often proves a challenge, as the rate of technology development does not always match the rate of increased user acceptance.

At Worldcore, we thought it would be interesting to gauge the views of consumers on the subject of biometrics in the payments sectors, so we commissioned a survey to see what people thought about paying with modern identity tools. We were a little surprised by some of the results, but others were in line with announcements and marketing efforts by larger players in the technology space. For example, when asked which security measure is the safest to protect you when making a payment, more than a quarter (28%) opted for fingerprint, with nearly the same number favouring ‘a combination of traditional password and biometric’ security features (22%). This is probably in parity with the efforts by technology giants like Apple and Samsung. Payment methods have increased significantly in recent years with contactless payments platforms from hardware/operating system providers like Apple Pay, Android Pay, and Samsung Pay leading the way.

Surprisingly, ‘iris scanner’ was chosen by 14% of people, which was only marginally lower than the top non-biometric security measure – a 4-digit PIN code (14.3%). We should note that while PIN codes have the advantage of being easy to share, this also makes them less secure.

As we suspected, many agree that the use of biometrics provides the safest security method when making a payment (70%). So it appeared that people were ready and willing to accept biometric security into their lives, but then we wondered why this might be ­- so we got to the bottom of it.

In our survey, 60% agreed that using biometric identification will make it harder for someone to hack an account, while 53% said that an advantage of biometric identification was that it reduces the need to remember lots of passwords. There is, however, a belief among a sizeable minority (42%) that using a mixture of both biometrics and traditional passwords adds an extra layer of security, so there doesn’t seem to be an appetite for ditching incumbent CHIP and PIN security just yet.

Financial crime is on the rise: Fraud losses across payment cards, remote banking, and cheques totalled £768.8m in 2016 across 1,857,506 cases of financial fraud. Financial Fraud Action UK, a financial fraud watchdog, stated: “During 2016, criminals’ use of impersonation and deception scams, as well as online attacks to compromise data, continued to be the primary factor behind fraud losses. In all of these methods, criminals target personal and financial details, including card data, which are used to facilitate fraud. In an impersonation and deception scam, a criminal purports to be from a legitimate and trusted organisation, such as a bank, the police, a utility company or a government department. These scams typically involve the fraudster contacting a customer through a phone call, text message or email.”[1]

In terms of payment cards fraud, 2016 saw total losses of £618m,[2] which was broken down as follows:

  • Remote purchase fraud: £432.3m (1,437,832 cases)
  • Lost and stolen fraud: £96.3m (231,164 cases)
  • Card ID theft: £40m (31,756 cases)
  • Counterfeit card fraud: £36.9m (108,597 cases)
  • Card not received fraud: £12.5m (11,377 cases)

Bearing in mind that 2016 saw consumers spend £647bn with payment cards across 14.8 billion card transactions,[3] it becomes apparent why increasing payment security is one of the top priorities for the industry.

Introduced in 2006, Chip and PIN represented a major leap forward in card security, but the PIN has innate weaknesses, and the increasing use of contactless payments have raised further security issues. It’s not surprising that attention is being increasingly shown to biometric identification techniques as a method to fight identity theft/fraud and to improve security.

The financial services industry has not been immune to the global onslaught of data breaches in recent years. November 2016 saw thousands of Tesco Bank accounts hacked with an estimated £2.5m stolen from 9,000 accounts. This reminds us why the enhanced identification verification options available through biometrics are being increasingly developed and used to beef up security, raising the bar above and beyond the traditional password and personal identification number based security systems.

Fighting fraud helps to protect both consumers and businesses, but with many individuals either averse or slow to adopt new technology, considerable attention needs to be paid to educating and familiarising users – a crucial step to embracing change. That said, if it’s merely a question of making a payment by using your fingerprint, which is significantly easier than remembering and inserting a PIN number, the vast majority should view it as both easy to use and a welcome method of enhancing security.

There appears to be little doubt that biometric identification verification will become widespread. The number of mobile payments authenticated by biometrics will rise to nearly 2 billion in 2017, up from just over 600 million in 2016.[4]

The change toward biometrics is certainly forthcoming, but the finance and biometrics industries need to employ a change management methodology to assure adoption of biometrics in financial security. People need to understand that security, in terms of the banking and payments industry, isn’t just about a guard standing in front of a vault anymore. Today, there are myriad ways in which a person’s financial security can be compromised.

Our research (and others) generally indicates that people are aware of the lack of security at many institutions, particularly retailers. Identity theft is generally so rampant that one cannot operate online today without being at risk of victimization. Though some elderly consumers may not be living online, you can bet that the number of people who have never shopped or transacted financial affairs online will dwindle as the older generations fade into history.

Of course, with more victims of online financial crime, the banking and payments industry will see increased desire for better security. That marks a boon for biometrics firms to sell their solutions to financial institutions and retailers.

The next step for the financial services industry will be to educate clients about how to switch to the biometric security solutions that providers implement. One can have many methods for authenticating to an account, but if clients do not understand how to use the tools you provide, they will not be empowered to change to a more secure authentication method. Financial firms also need to explain why biometrics are safer, at least in terms of privacy, than traditional password options.

Thinking of biometrics as the future and actually executing that vision are distinct, so we sought consumer opinion on the catalyst driving biometric technology adoption in the financial services market. Most popular were statements of proof or reassurance with 34% confirming that ‘a proven, fool-proof, or scam-proof model’ would encourage them to use biometrics, and a further third of people (32%) agreeing that ‘reassurance from my bank about the added level of security it would give me’ would be important.

Roughly a quarter of respondents attested to needing little persuasion, confirming that ‘I wouldn’t need persuading. If I was given the option, I would take it.’ The same number of respondents would first look for clarity about where their personal details would be held.

Some were more downbeat. 14% said that they would never choose to use biometric identification unless their bank enforced it. 9% thought it would be a ‘total change’ to the way they usually manage their money. When it comes to making payments, it’s a fairly common reaction to want evidence that new payments technology works, and works safely, before clients take the plunge.

Ongoing communication from firms and solicitation of feedback from clients is going to be key for implementation at financial services providers. If a provider can discern which methods may, first, provide better security, and second, be easier for usability, they can spend more resources to educate and reinforce the change. Sometimes, a simple reminder that a particular tool exists is enough to increase adoptions by a few percentage points.

It’s only a matter of time – and further industry investment – before biometric identification becomes the norm, and while it will clearly take time to perfect and implement, businesses can expect to see their existing card terminals and payment gateways altered as biometric identification technology is progressively advanced in the interests of increased payments security. If it cuts down on fraud, it should reduce costs for all parties involved.

For a payments provider like Worldcore, the conclusion is that biometrics is the way forward because it provides security and ease of use in an otherwise complex and dangerous world of cyber threats. It can be implemented with reasonably low cost and short timeframe. With that information and conclusion in hand, we launched FaceKey and VoiceKey in February 2017, making us the first facial recognition and voice recognition implementation for a payments provider in the EU.

Alex Nasonov is founder and CEO of Worldcore, a brand owned by EUPSProvider s.r.o., a Czech Republic-based payment institution launched in 2015.

A Russian entrepreneur and investor focused on the fintech and digital entertainment industries, Nasonov noticed that, in Europe, there was no solution providing an all-in-one online platform for global payments suitable for any needs. That idea led to the concept for Worldcore, which has become the leading, award-winning payment institution in the Czech Republic with over 50 employees across the globe.

[1] “Financial Fraud Data for 2016 Published: Financial Fraud Action UK”. N.p., 2017. Web. 19 May 2017.

[2] “Financial Fraud Data for 2016 Published: Financial Fraud Action UK”. N.p., 2017. Web. 19 May 2017.

[3] “Financial Fraud Data for 2016 Published: Financial Fraud Action UK”. N.p., 2017. Web. 19 May 2017.

[4] “Https://Www.Juniperresearch.Com/Researchstore/Commerce-Fintech/Mobile-Identity”. Juniper Research. N.p., 2017. Web. 19 May 2017.

Related reading