How Visa looks to help consumers bypass the insecure login and password combination by advancing biometric intelligence was at the center of a presentation CU InfoSecurity 2017 conference in San Diego.
With the arrival of mobile phones with fingerprint sensors and high-quality cameras a new biometric authentication phase opened to consumers. Yet many users often revert to their insecure login/password combo when the biometric sensors fail.
Joseph Pham, senior director, risk and authentication for Visa explained how deploying advanced biometric technologies so that one option fails, user can simply switch to another convenient biometric option, can solve that problem. He also showed you how various authentication methods can work across multiple devices.
Pham also described how today complexity makes authentication more challenging. There are multiple channels and devices to protect in different environments such as in-store, online, mobile and internet of things. Making things even more difficult is rapid innovation, evolving technologies, and sophisticated and adaptive criminals.
The payment industry currently sees a demand to include more advanced technology and dynamic data. Primarily existing security today includes “what you have,” cards, chips, and mobile; and “what you know,” password, PIN, signature, address, and security questions. But emerging authentication can answer “who, what, and where you are” with biometric markers, physical location, behaviors and contextual data.
Visa sees biometrics as the next logical step because it provides security through a complex and unique identifier, and is difficult to steal and forge on a large scale. It also provides convenience because it is impossible to forget, removes friction and improves the user experience.
Commercially available biometric solutions, plus pilots and proofs of concepts with limited commercial adoption uses in the financial services industry today include mobile wallets, banking and retail apps; biometric ATMs, telephone banking. EMV chip cards.
Experimental concepts involve behavioral biometrics such as keystroke dynamics and multimodal instruments.
Visa also invests in liveness detection to reduce the risk of spoofing because fraudsters can collect biometrics covertly. Liveness detection capabilities, which look for pulse, expression and other micromovements, make it very difficult to synthesize that data to commit fraud.
However, Pham suggested liveness detection needs intelligence as well. That means combining biometric intelligence such as texture, reflection, skin distortion, voice patterns, nodding, blinking and video); device intelligence including identity and reputation, location, malware; and behavioral intelligence encompassing interaction, navigational and transactional patterns.
