Money20/20: Biometrics Gets Apple Pay Boost; Is Cloud Storage Next? (Nov. 5, 2014)
Apple Pay’s potential to change the game for NFC payments has been one of the dominant themes at the Money20/20 conference in Las Vegas this week. But the service—which uses the iPhone’s TouchID fingerprint sensor to validate users—also represents a major milestone for biometric authentication. That was the consensus among panelists in a session focused on how biometrics fit into the evolving mobile payments ecosystem.
“We’re really going to see significant ramp-up in terms of market penetration for biometrically enabled mobile payments,” over the short-term, predicted Maxine Most, principal, Acuity Market Intelligence, a biometric research and consulting firm. The world’s biggest smartphone manufacturers—Apple and Samsung—have “completely embraced” biometrics, she said, adding that 300 million smartphones were shipped worldwide during the third quarter.
But while biometric data stored on the device has arrived, the next leap forward could be the cloud. Some in the industry believe cloud-based storage presents too high of a risk by storing large amounts of data in one network, which could be hacked. But Most argued that such concerns are based on incomplete understanding of how cloud-based biometric data are stored. Instead of storing the data itself—a voice signature or fingerprint, say—cloud-based systems store a mathematical representation of that data, which is stored separately from any personal information, making it useless to anyone gaining unauthorized access.
Paul Burmester, CEO of telecom authentication provider ValidSoft, agreed. Recent high-profile security breaches, such as the Target and Home Depot attacks, have driven fear of large-scale attacks of centralized data. “But those were very different environments; they were storing names, addresses, credit card numbers,” all of which can be used by thieves, he noted, whereas cloud-based biometric data is a “meaningless set of encrypted numbers.” There is also the possibility of biometric data to control access to the data network itself, Burmester noted, adding that many of the recent data breaches were the result of hackers gaining access to a stolen password. “If you’re using biometrics to control access to the network, then you take away that risk as well … so the network itself can become more secure,” he said.
See related stories: