The past 30 years have seen payments shift from cash and checks to debit cards and websites, and most recently to mobile phone apps, including Apple Pay and Venmo. But in a few years, you may not need anything you weren’t born with.
Some mobile technology and financial companies are hoping a quick imprint of your finger, scan of your eye or tap of an armband that links to your heartbeat will be easier and safer than using plastic.
Once used for doing high-level security clearances and criminal record checks, unique biometric identifiers — including fingerprints and iris patterns — are just starting to make inroads as payment.
Already, companies like Apple and Samsung have implemented fingerprint-scanning features in their latest smartphones. Their goal? To replace your need for schlepping around a credit card (in favor of a phone number) and remembering a PIN (swapped for your fingerprint).
Meanwhile, banks in the United Kingdom, Poland and elsewhere are set to release credit cards, online banking features and even ATMs where customers can approve payments or withdraw cash by scanning their finger and having their vein network read as a form of ID. In some cases, companies have recently started rolling out this technology.
Interest in this area has been driven, in part, by what seems to be a never-ending series of warnings about the problems with traditional credit cards and passwords. In the past year alone, more than 40 million credit card numbers have been stolen from Target and another 56 million from Home Depot. These breaches, combined with those involving millions of stolen passwords, have raised serious concerns at the helm of what financial analysts say is an imminent switch to biometric payments.
But are biometric payments any safer?
“The problem with fingerprints is that you can never change it, and you don’t know how it will be used in the future, so that limits your willingness to try new things that are driven by that thumbprint once it’s been stolen,” says Blane Warrene, an independent financial services technology analyst. “There’s a lot of Pandora’s box in this that has to be thought through.”
Such privacy issues are part of the reason the technology has taken off in emerging markets like Turkey and Russia rather than the West, The Guardian notes.
Companies in this sector say they’re trying to address security concerns while also making this new kind of payment technology easy to use.
“If biometrics are done right, we can get both,” says Jamie Cowper, the senior director of business development and marketing for Nok Nok Labs, a Silicon Valley-based authentication company that has partnered with Samsung and PayPal.
That’s why some industry players are keeping away from creating large, centralized banks of biometric information that would save your data. “If you build a big database of passwords or account numbers, you will get hacked,” says Cowper.
Indeed, decentralized data will likely be the name of the game going forward for biometric payment companies. Nymi, for example, has partnered with MasterCard and one of Canada’s largest banks to test its heartbeat-monitoring armband, which, when brought toward a payment terminal, could authorize a purchase.
Known as the Nymi Band, the $79 device is currently only available for preorder and features multiple layers of security that don’t rely on storing the unique electrical activity patterns of someone’s heart. CEO Karl Martin says the device uses biometric information to confirm a person’s identity, then encrypts the information with a key that can be read only by a payment terminal or another device that it’s communicating with.
Some companies see opportunity in potential skittishness about buying with your fingerprint: Deetectee Microsystems, another Canadian venture, aims to have people submit an application form (the length of which has yet to be determined) to confirm their identity, after which they would get a wearable device that would pair with their smartphone or computer. The device then could be identified by payment terminals up to 30 feet away, which would display your photo as a secondary form of ID.
The difference here, says Deetectee co-founder Brian Purdy, is that unlike iris scanners and facial recognition software that can identify anyone from a distance, users would be able to pick and choose who and what is allowed to identify them.