Biometric authentication is similar to traditional password security because it also involves two-factor authentication. In security realms, two-factor authentication requires users have two of the three following types of information:
- Something you know, such as a password.
- Something you have, such as a smartphone.
- Something you are, such as biometric data.
The first two options don’t necessarily identify a consumer uniquely, as a password and smartphone can be stolen and used by anyone. That’s the difference and the power of biometric authentication – it proves that you are you. Yet despite this unique feature and apparent advantages, Worldpay’s Future of Digital Payments study found 52 percent of consumers still have concerns over personal security and privacy when it comes to biometric authentication methods.
Worldpay US Vice President of Design and Innovation Joe Kleinwaechter says an effective way to overcome these concerns is through disclosure. Developers and merchants can make it easy for consumers to understand what you are doing with their information, why you are doing it and how you are protecting their interests. There are two easy actions developers can take:
- Remove their products out of the information loop by using techniques like end-to-end tokenization. This ensures the user’s biometric data is strictly kept between the user and financial institution.
- Make security and privacy positions available for consumers to see within the app’s menu structure. The description should be simple and use language consumers will understand. For example, “Our biometric information is tokenized and therefore cannot be reverse engineered to determine any information about you.”
For more information about biometric authentication and data security in payments, read the full Worldpay Future of Digital Payments study.