Visa banks on backup biometrics to finally kill the password
Through multiple verified methods of biometric identification, Visa hopes it will be able to bring about the end of the password, instead turning to alternative scans as a failsafe method.
As financial institutions embrace biometric identification for security and convenience, they must still rely on traditional passwords as a backup in the event that biometrics fail.
But credit card giant Visa has partnered with biometric identity platform provider BioConnect in an effort to show authentication methods that securely work across various devices and operating systems. For example, if the user’s finger is wet and a fingerprint scan does not work, they could verify their identity instead by an alternative method, such as an iris scan or voice recognition.
While traditional passwords serve as a fallback in the event that biometrics fail, the continued existence of passwords, PIN numbers and the like are actually a security concern. While a fingerprint scan is difficult or potentially impossible to replicate, a password can be easily lost or stolen.
Visa and BioConnect have also proposed a system that could remotely verify a user’s biometric data from the cloud. The financial institution described a service that could identify and authenticate a user on a new device after their previous smartphone was broken or lost. Upon securely identifying the customer, the system could immediately sign in with their stored biometric data, without the need to re-enter any passwords or re-scan a fingerprint.
Of course, backing up such data remotely presents serious security concerns, which is precisely why companies like Apple store fingerprint scans in a secure enclave within the system’s hardware, and require a user to re-scan anytime they buy a new device. A potential hack could then leak information far more personal than a simple email or password, providing nefarious users with a database of fingerprints, iris scans, voice patterns or more.
While its partnership with BioConnect remains in the development stages, Visa says its eventual approach will take into account “unique preferences, habits and cultural attitudes” of customers around the world. That means different types of biometric identification in different parts of the globe, offering users the method that’s most comfortable for them.
“It will take time until we can fully eliminate PINs and passwords, since they are integral to payment infrastructure in many countries,” said Mark Nelson, senior Vice President of risk and authentication products at Visa. “Visa will continue to support and strengthen those means of authentication, while looking for new ways to incorporate biometric technologies and forgoing new ground in the world beyond passwords.”