When your Body BECOMES your PASSWORD

Written By Cabiri

We flagged this last year in our trends article and suffice to say that 2023 was a busy year for biometric authentication announcements, with recent a recent whitepaper indicating a steep upward trend. Not wanting to miss the hype, Cabiri are looking forwards by linking with specialist suppliers to integrate biometric payment into composable ecosystems. Solutions like Apple Pay and Samsung Pay have already made facial recognition commonplace, enabling in-store payments by smartphone and enhanced checkout experiences. For bricks-and-mortar stores this enhancement is paramount.

The “Your Body as Your Password” shift is not unfounded. In their recent January 2024 whitepaper Jupiter’s researchers have put data behind it stating that “by 2028, there will be a substantial growth of 138% in the number of transactions carried out via biometric enabled POS terminals, up from 19.5 billion in 2023” and that it's likely that “90% of the retail industry will use biometric technology in the future”. Attributing this among other factors to rapid customer onboarding; personalised shopping experiences; enhanced loyalty schemes with seamless enrollment; customer service improvement with efficient returns/exchanges; all leading to a competitive edge. We took a look at who was doing what last year.

Three Authentication Factors

Firstly, its important to take a quick peek at the three core factors for biometric authentication. Each of which can be used in isolation, but are more commonly found in pairs. Forming what we know as multi-factor authentication (MFA) or two-factor authentication (2FA). By combining factors, businesses can design strong security ecosystems, with the combination of knowledge and inherence ranking as the most robust.

  1. Knowledge = something you know, e.g., password

  2. Possession = something you have, e.g., mobile phone.

  3. Inherence = something you are, e.g., fingerprint.

Knowledge + Possession = User enters a password (knowledge) and provides a one-time code sent to a mobile phone (possession) to access online data. Combining both something they know with something they have.

Possession + Inherence = User scans a fingerprint (inherence) on a mobile phone (possession) to unlock a secure application. Combining something they have with something they are.

Knowledge + Inherence = user enters a password (knowledge) and scans a fingerprint (inherence) to access a secure building. Combining something they know with something they are.

Enrollment & Checkout Process

Most commonly, biometric data input happens during enrollment as a biometric reference for that individual, with information recorded either in its raw form (fingerprint image) or as a digital template. Templates are created by extracting and processing key features of a physical characteristic and storing it in a database. During checkout, authentication and the individual's characteristics are detected, extracted and matched against these templates to authenticate or identify that individual.

In the context of bricks and mortar outlets, a customer first registers for biometric payment by providing identity and bank account information. The physical component (index finger, eye, palm) is scanned and encrypted alongside their banking information. Taking a fingerprint example, at the point of sale (POS) a customer index finger can be scanned prior to them inputting their PIN code - Knowledge + Inherence. The system compares this new scan against the stored encrypted version for payment authentication, approving or declining the transaction and debiting the customers account accordingly. Not entirely frictionless but this purchase wouldn't need a wallet or a phone.

Industry Leaders 2023+

Already freed from carrying wallets, Chinese citizens can leave their phones at home. Beating rivals to the post, TENCENTS launched WECHAT PAY’s fully frictionless palm recognition method on the Beijing Metro last summer. WECHAT PALM is Inherence + Inherence authentication, a step up from our example. It’s palm print + palm vein recognition, allowing passengers to enroll, activate and use their palms to swipe through the metro gates. This no physical media, non-contact, hygienic, convenient and secure method has the potential to simplify day to day transportation operations on a global scale and since users don’t need to get their wallets or phones out, its less susceptible to crime.

Last July Amazon launched their own palm payment method AMAZON ONE, describing it as a “free, contactless service that lets you use your palm to pay, enter, or identify yourself.” US account holders can pre-enroll online and complete the enrollment process in person at one of the designated 200 US locations. Setting the pace this Inherence method has already been re-imagined for alternative uses, with IHG utilising the service for staff access to secure systems. Coors Field baseball stadium (Colorado) are using it as a palm-based identity tool for their visitors to provide proof of age, quite an ingenious idea.

Having launched biometric for mobile payments in 2014 ALIBABA are veterans. As Chinese tech firms race to explore frictionless biometric transactions, their fintech affiliate Ant Group filed a patent combining both facial recognition and palm recognition for their "Face and Palm Swipe Fusion Payment" method. Inherence + Inherence, those two high level authentication factors.

Following on from a smile to pay pilot in 2022 in Brazil, MASTERCARD announced their Asia Pacific biometric payment plans and a strategic partnership between Mastercard and NEC Corporation. With an intention to combine NEC’s face recognition and liveliness verification technology with Mastercard’s payment enablement to drive global scale. With loyalty programs integrated into checkout flow, offers can be tailored at purchase, proving that biometrics can help build more engaging relationships customers while driving sales. Mastercard Biometric Checkout Program Consumer Research (2022) found that “82% of Asia Pacific consumers already use at least one form of biometric. 63% would shop more frequently at a store that has a biometric service. 75% said that using biometric is safer than using a card”. This also predicted that “by 2025 biometrics will authenticate over $3 trillion in payment transactions” - a pretty compelling statistic.

Both Mastercard and Visa exhibited at the Singapore Fintech Festival last November. Having first showcased their NFC wearable payment wristband back in 2015, guests were invited to use VISA’s new palm reader and link their biometric signature to their payment card for a transaction. In an interview Kunal Chatterjee, Head of Innovation at Visa Asia Pacific added to the biometric payment conversation, commenting that it’s set to revolutionise the retail experience.” Whilst this may feel far-fetched and futuristic to some, its on the way and retailers should get ready.

Conclusion

Jupiter's findings indicate that consumers continue to prioritise convenience with a growing inclination towards premium-grade products and services. Whilst security and privacy questions continue to merit discussion, biometric evolution is noteworthy. Reflecting a strategic response to the increasing dominance of digital transactions in the retail sector and move towards a frictionless approach. Mirroring broader industry trends, where adaptability to emerging digital payment methods and consumer preference becomes increasingly vital. This shift is more than a hallmark of financial agility. It’s not just a system upgrade but a strategic alignment to stay ahead. Paving the way for a frictionless future where seamless, secure, hygienic and efficient define the 2024’s dynamic payment landscape. Biometric payment systems have the potential to deliver a high return on investment in the longer term by streamlining checkout processes.

As can be seen from Figure 2 below (Jupiter Research), with evolution on fast forward European bricks and mortar retailers should consider research and investment now, to ensure they do not get left behind by more agile competitors elsewhere. By acting sooner rather than later, benefits can be assessed, planned and balanced alongside privacy and security concerns, and retailers can be ready to move quickly.

One to Watch

At IRISGUARDs headquarters in Milton Keynes (UK) a team of highly skilled engineers focus on continually developing their iris recognition technology. Launching in 2001 with an Iris-Border control system they’re well established with key humanitarian donors, UN agencies and international NGOs. With three core solutions EyeBank®, EyeCloud® and EyePay® (including a network payment platform), Irispay are in circulation around the Humanitarian Aid, Financial, Government to Citizen and Healthcare sectors. With a mightily impressive approach to innovation and managing data, Cabiri are keeping an eye on them.

How Biometric In-Store Payments Are Reviving Retail - Jupiter January 2024

How Biometric In-store Payments are Reviving Retail - Jupiter Research, Jan 2024

Cabiri
Previous

Beyond the Buzzword - What happens next?
Next

How Cabiri Reduces TCO