Jonas Andersson, Head of Standardization at Fingerprints
Data privacy is high on the global agenda. In the wake of data protection policies such as Europe’s GDPR, ensuring the integrity of personal data is an increasingly pertinent subject. This is a governmental and corporate policy reflection of the fact that our lives are moving increasingly online and, with it, our personal data is facing new and increased threats.
For all access to private data or services, we must be authenticated – this is the basis of privacy in the online world. But as PINs and passwords are increasingly viewed as insufficient to tackle this new reality, the world is looking to stronger authentication solutions, such as biometrics.
When implemented in the right way, biometrics will bring multiple benefits. It already enabled consumers to add layers of authentication to personal data previously unsecured in their owned devices – from apps and e-commerce, to our homes and devices. But its potential is phenomenal. Consumer-driven authentication via our phones and tablets is already today by far the largest application of biometrics in the world, with figures in the billions that dwarf government-led identification schemes such as India’s Aadhaar and the FBI database.
Crucially though, it’s a privacy and security measure that consumers have the power and choice to implement. And as third parties, such as financial services, healthcare and enterprise organizations, increasingly accept consumer biometrics authentication for their services, supporting the market’s continued adoption is an important and timely topic. But first, as biometrics creates its own sensitive personal data, there are a few points to clarify and discuss…
Consumers need confidence!
Undeniably, the success of existing applications of consumer biometrics is based on the advantages they offer consumers. Just look at the penetration and use of fingerprint biometrics in smartphones. But the success of future adoption will be determined by how confident consumers continue to feel in new situations. We’re frequently reminded not to use the same password or PIN multiple times, so it’s only natural consumers are beginning to feel concerned of their biometrics integrity as they start to utilize their fingerprint on multiple devices and apps: their phone, tablet, card, USB dongle…
In fact, consumer device authentication utilizes a ‘privacy by design’ approach that inherently protects end-user biometric data with an on-device authentication approach – where biometric data is enrolled, stored and managed all on the same device. The following principles have been fundamental to biometrics’ privacy protection in mobile and are what will enable new benefits for consumers in other personal device-based scenarios:
Translating images to templates
It’s a common misconception that biometric data, such as fingerprints, are stored as images. And in turn, if this image is accessed, the corresponding fingerprint is permanently compromised and unable to be restored or used securely on other applications. You’ll have heard the argument about biometrics: “I can change my password any time, but I only have ten fingerprints; what happens if they’re all hacked?”
In fact, data from a biometric sensor is captured and stored as a template in binary code – or encrypted 0s and 1s. This mathematical representation makes hacking basically pointless as, even if fraudsters could access the template, they can’t do anything with it. Template code cannot be reverse engineered into the original fingerprint image, nor can it be linked to other services and, in turn, other personal data. Moreover, this template is unique to the device it is on, making it impossible to re-use between devices, even if the same fingerprint has been enrolled!
The consumer is in control
This neatly leads on to my next point regarding storage. In consumer authentication use cases, information remains solely on the unique consumer device on which the template was created, remaining physically in control of the user.
Our recent consumer research found 38% were unwilling to share their biometric data but, with this approach, no data needs to be shared with third parties or cloud-based databases as everything is stored, and the authentication process is contained, within a single personal device.
Layers of security
Layering defense mechanisms is standard best practice for a range of security implementations – biometrics is no different. In addition to the transformation of biometric data into an irreversible template, these templates are also later encrypted and further protected by hardware and software both at rest and during the matching process.
The most successful example of a biometrics use case, the smartphone, utilizes the highly secure software isolation of Trusted Execution Environment (TEE) technology for storage and matching of biometric templates on device. The hardware on which it runs is intrinsically secured through its high degree of integration, complexity, miniaturization and specialization.
This approach is also championed by new use cases such as biometric payment cards. Here, the Secure Element (SE) – the chip technology that secures the financial data in your bank card – is utilized to store, process and match biometric information within the confines of the card. This treats biometric templates with the same security as the PIN and other financial data that is stored on our payment cards.
Removing the weakest link
Nothing is ‘un-hackable’, this is the reality of security. With enough time, money and effort, it’s possible to get into anything. A safe, a bank vault. However, attackers take the path of least resistance, and often it’s the end-user that is the ‘weakest link’ in the security chain when it comes to social engineering attacks.
End-users are vulnerable to attacks, such as phishing, where they can be tricked into giving away information such as a PIN or password. With consumer biometrics, the user only presents their biometrics to their personal device and can’t give anything away. This also removes the risks generated by mistakes or complacency, such as creating a password that’s easily guessed.
More authentication = more protection
Biometric authentication can protect a whole host of other sensitive personal data, far more quickly, conveniently and securely than was ever possible with PINs or passwords.
Today however, passwords and PINs remain the most used authentication methods outside of smartphones – something increasingly problematic. The friction created by asking users to create a new password has a significant impact on drop-out rates – especially as new ‘best practice’ guidelines recommend complex requirements such as including numbers, capitals, special characters and length. NIST’s digital identity guidelines outline the importance of usability challenges and stress, fundamentally, “positive user authentication experiences are integral to the success of an organization achieving desired business outcomes.”
6 out of 10 consumers feel they have too many PINs and passwords and worry about forgetting them. Unsurprisingly, 41% also admit to re-using the same PIN code or password across multiple sites, apps and devices. So, not only are PINs and passwords frustrating for consumers, they’re also becoming less secure.
Biometrics can be the authentication silver bullet as it combines security and a convenient UX, with leading fingerprint sensors authenticating in under a second. Its capacity to bring security to devices and processes previously either unsecured, poorly secured, or secured with a poor UX is phenomenal. Mobile is the perfect example of how it has been able to transform a device from being unsecured most of the time, to now only unlocked when in use. And now, just look at how your bank accepts your fingerprint authentication on your phone for access to your account.
With consumer biometrics, its quick and effortless to enroll onto new services and subscriptions. Consumers are happy to authenticate more frequently, because it’s so simple and the action is so intuitive. Plus, you cannot forget your fingerprint…
Consumer biometrics: on the agenda
It’s clear that biometrics is key to many organizations’ plans for privacy and security, but don’t just take our word for it. Many industry and government initiatives are moving quickly.
Europe’s GDPR highlighted biometrics as ‘sensitive personal data’ which clearly needs to be protected in the right way. Meanwhile, the benefits and integrity of consumer device biometric authentication were also recognized by Europe’s financial services directive, PSD2, citing biometrics as a trusted factor under its strong customer authentication (SCA) mandates.
Looking to industry bodies, FIDO Alliance is gaining significant traction in formalizing the quality and security of personal authentication with biometrics. Its work is complementing rising initiatives such as Self Sovereign Identity (SSI) models, whereby individuals or organizations are endeavoring to have sole ownership of digital identities and control how this personal data is shared and used. With an owned, FIDO-certified biometrics-secured device, users can add another authentication layer over stored digital identifiers.
For several years, we’ve also participated in industry body GlobalPlatform’s work to verify and standardize the quality of security protection on TEE. The biometric API extension defines security protections specifically around biometrics and is highly referenced in mobile implementations, and increasingly in new devices such as key fobs and home security devices too. With the dawn of the biometric payment card, we’re also supporting GlobalPlatform to define an SE specification for biometric cards.
The combination of government and industry engagement is setting the scene for so much more to be achieved with consumer authentication using biometrics. Undoubtedly, biometrics’ role in an increasingly data-conscious world has only just begun to take shape, and excitingly, it’s consumers who have the power at their fingertips – quite literally!
WHY THE NORDICS WILL CONTINUE TO LEAD THE WAY IN DIGITAL PAYMENTS
Kriya Patel, CEO, Transact Payments
While the recent introduction of PSD2 — the second iteration of the EU’s Payment Services Directive — has undoubtedly had an effect on the entire continent of Europe, some regions have been in a better place to take advantage of it than others. Largely thanks to a historical willingness to foster and embrace innovation, the Nordic nations were already something of a global leader in the electronic payments space even before PSD2. Now, it looks as if the Nordics is on course to be the first region in the world to fully realise digital transformation in payments.
With a combined population of 21.39 million, the Nordic markets of Sweden, Denmark and Norway have the highest penetration of electronic transactions anywhere in the world. It’s estimated that cash is only used in 3% of transactions in Norway, with this number only slightly higher in Sweden. Given this context, it’s no surprise that there are nearly twice as many payment cards as there are people, at 41.86 million cards. These cards are used for around 7.8 billion transactions annually — worth more than £205 billion — made at just under 600,000 point of sale (POS) locations and online.
You could be forgiven for thinking that given the advanced state of play in the payments market that there would be few opportunities left for incumbents or new entrants to take advantage of. However, for those who are willing to innovate and diversify there could be market share up for grabs. And there are also plenty of things that payments players in other regions can learn from this market. In this article, we will examine what these opportunities and lessons are.
Highly developed market
E-commerce accounts for a very large proportion of overall electronic transactions in the Nordics at between 19 and 22%. It’s a segment that is continuing to grow rapidly, even though cards remain the preferred way to pay online and in person.
In fact, cards account for a huge 85% of all in-person transactions in the Nordics, with debit cards used for two-thirds of all purchases in Denmark, for example. In the background, this is enabled by a highly functional consumer-permissioned digital identification system known as BankID that makes Know Your Customer (KYC) compliance for e-commerce much more straightforward for vendors and customers. This scheme, which was first envisioned more than 20 years ago, is one of the key reasons why this region has made such strong advances in digital payments.
Since 2015, all three Nordic markets have embraced digital wallet solutions – Norway’s Vipps, Sweden’s Swish and Denmark’s Bankort. In the case of Denmark, their digital wallet grew from the Bankort debit card solution shared by major Danish banks. Across all three markets, these home-grown wallets have seen strong growth, with Swish reporting the fastest usage growth in the over-45 segment. These domestic wallets are currently looking to grow their functionality, with parking and bill payments being added on top of peer-to-peer (P2P) money transfers and a debit function.
Digital wallets to expand functionality
As digital wallets rise and cards continue to be used for a very wide range of purchases, the Nordic markets continue to seek opportunities to reduce cash use for everyday, low-value purchases such as parking and street vendors. This will create room for mPOS (mobile Point Of Sale) and soft POS systems providers, as well multi-function card products. Loyalty is also likely to be another area for growth, with players keen to ensure that they can retain existing customers and attract new ones from their competitors.
One of the most interesting areas in the Nordic region’s payments landscape is how these digital wallet solutions can expand internationally. While digital wallets are growing rapidly in the domestic space, the capacity of these wallets to be used outside the Nordic region is still very limited. Creating international links for Nordic-only solutions will certainly be an area of growth in the coming years, so providers looking to partner with banks or wallet providers should find a receptive audience in these markets.
As with other European markets such as Spain and Germany, we’re also seeing the rise of specialist banks built to meet the needs of smaller companies in the Nordics. Banks such as Norway’s Aprila are expanding rapidly by taking advantage of PSD2’s Open Banking mandate to access SME credit data and deliver innovative payment products and lending solutions. Corporate credit and debit card products will be a major growth area in the near future as SMEs will finally get the attention they deserve.
There’s a great deal that other regions can learn from the Nordics. While the combined population of the three countries adds up to only around one-quarter of Germany, for example, the relatively low population density has proved a fertile ground for digital payments. It will be interesting to see how some of the more innovative services we see in this region can make international links, or how players in other regions try to replicate them.
THE GROWTH OF DIGITAL BANKING: WHY COLLABORATING WITH FINTECHS IS CRUCIAL TO ADAPT TO CUSTOMER DEMANDS IN LIGHT OF THE PANDEMIC
The growing customer demand for a seamless digital banking experience looks set to transform how the entire banking industry operates. Traditional banks have been left playing catch up with the emergence of new fintech players and challenger banks. The demand for slick digitally finance solutions is led by the digital native generations, the millennials and Gen Z. However, the coronavirus pandemic accelerated the uptake of online shopping and remote working for whole swathes of the population. Even the older generations have been left wondering why accessing banking services online remains so cumbersome.
Consumers’ growing desire to access financial services through digital channels has already led to a surge in various new banking technologies which are reconceptualising the banking industry. Consumers have rapidly moved to adopt payment solutions such as those offered by apps like Revolut.
Retail banks continue to launch platforms in the Banking as a Service (BaaS) space, in an effort to remain competitive. An example of this in the UK is how NeoBank (Starling) used to only offer business to consumer (B2C) retail banking services. However, once it launched its BaaS platform, Starling was able to rapidly diversify to include consumer services.
New technologies like blockchain and artificial intelligence (AI) continue to evolve, and look set to have an enormous impact on banking over the next three to five years. The type of cryptocurrencies that we have seen to date look set to be far more tightly regulated, given significant governmental concerns about their potential for misuse in cybercrime and money laundering.
In the blockchain space, the transformative development which will accelerate the rise of digital finance is the advent of central bank-backed digital currencies. The US Treasury has described the creation of a digital dollar as a high priority project. China is already trialling its digital Yuan. Meanwhile, the ECB is actively pursuing its plans to launch a digital Euro. The launch of stable, highly secure digital currencies, underpinned by major central banks, looks set to ensure that digital finance will permeate every area of our lives in the not too distant future.
How we use digital finance is also set to change radically. We are used to seeing new technology emerge from Silicon Valley. However, an analysis by KPMG Australia suggests that a new breed of apps which prefigures the future of digital finance has already emerged in the East. The report notes that “super apps” are “already encroaching on traditional financial services territory”.
Super apps are defined as apps which “essentially serve as a single portal to a wide range of virtual products and services. The most sophisticated apps – like WeChat and Alipay in China – bundle together online messaging (similar to WhatsApp), social media (similar to Facebook), marketplaces (like eBay) and services (like Uber). One app, one sign-in, one user experience – for virtually any product or service a customer may want or need.
“Due in large part to their versatility, super apps have quickly become ingrained into users’ daily lives. It is not unusual for a WeChat user in China to set up a date with a friend via instant messaging, make dinner reservations, book movie tickets, order a taxi and pay for every transaction along the way, all using one single app.”
We are already beginning to see trends in this direction in the Western world, with Facebook launching a marketplace and even a dating service within its social network. Facebook also attempted to launch its own digital currency, Libra, but this move stalled when it ran into significant governmental opposition. However, Facebook hasn’t given up, and it is determinedly pursuing the launch of a revamped stablecoin, Diem, which has been redesigned to address regulatory concerns.
A group of Citi analysts recently wrote an interesting research paper, which predicts that “the story of digital money in the 2020s will be the growth of tokenised money”. Noting that both Big Tech and Central Banks “are building new payment formats and rails,” they say that “while stablecoins such as Diem await regulatory approval, they could benefit from the huge network effects of their Big Tech sponsors. In fact, Diem could be an effective tokenised payment format inside the Facebook universe.” The paper predicts that “Stablecoins, such as Diem, could benefit from the huge network effects of their Big Tech sponsors”. With 3.3 billion monthly users, Facebook certainly has remarkable global reach.
The idea of an integrated tech platform which enables people to interact and purchase goods and services – including financial services – is now being pursued by many major players.
Amazon has long been rumoured to be planning to launch its own bank. Yet, research by CB Insights concludes that, “from payments and lending to insurance and checking accounts, Amazon is attacking financial services from every angle without even applying to be a conventional bank.” This is perhaps not surprising. After all, tech companies rarely replicate existing models. They usually find disruptive new ways to achieve the outcomes that consumers want. Even the messaging service, WhatsApp, has recently moved into financial services with the launch of WhatsApp Pay.
As money becomes digitised and tokenised and ever more areas of our lives move online, the distinction between an online marketplace, a social network and a financial services provider will continue to blur. How traditional financial services companies react to these developments remains to be seen. Some may partner with tech companies in creating new services. For example, Visa and Mastercard were involved with Facebook’s Libra stablecoin project. Visa also responded to the popularity of peer to peer payment services such as Revolut by launching Visa Direct, which enables users to make payments directly to another account in 30 minutes. Most major banks now support Apple Pay, which enables users to authorise payment by scanning their face or thumb.
Banks can also collaborate with tech companies in terms of data sharing, in order to better understand what their customers want. A company like Amazon knows what books people like, what music they listen to and what they purchase. By combining such data with wider financial data, remarkably predictive Big Data models could be created. Some banks might increasingly pursue opportunities to monetise data, while others might make privacy their unique selling point.
The banking sector fundamentally deals with money. Yet, the very nature of money is set to change, as it becomes digitised. Banks are no longer merely competing with each other, but they are both competing and collaborating with tech companies and social networks. Looking ahead, the only certainty we have is that we are in for a period of remarkable change.
FINTECH COMPANY PAYEN CHOOSES AQILLA FOR ITS LIMITLESS SCALABILITY AND SUPERIOR MULTI-CURRENCY FEATURES
Payen is a fast-growing FinTech company that provides gateway Payment and FX services to online merchants. Having launched in 2010,...
THE ACCELERATION TOWARDS A MOBILE FIRST ECONOMY
By Brad Hyett, CEO at phos Over the last year, we have seen a big shift towards contactless payments....
NEW RESEARCH REVEALS KEY ROLE OF KYC COMPLIANCE IN DRIVING CUSTOMER LOYALTY, ADVOCACY AND NEW BUSINESS
The impact of financial crime for institutions goes beyond crippling fines A piece of original research conducted by RegTech...
HOW MERCHANTS CAN IMPROVE THE ONLINE PAYMENTS EXPERIENCE
By Alan Irwin, Senior Director of Product at Global Payments UK The dramatic increase in online shopping over the...
JUMP-STARTING PROCUREMENT TRANSFORMATION WITH A CLEAR AND REALISTIC PLAN
by Alex Klein, COO at Efficio Consulting Following a period of ongoing economic uncertainty, business spend has risen high...
NAVIGATING FINANCIAL SERVICES IN 2021: LOW-CODE TO THE RESCUE
Nick Ford, Chief Technology Evangelist, Mendix Financial services are the poster child of great digital transformation: today, Britons can...
PAYSAFECARD AND NEO EXTEND THEIR SUCCESSFUL PARTNERSHIP
paysafecard, a market leader in eCash payment solutions, and NEO, one of the most successful FIFA teams in the world,...
WHY THE NORDICS WILL CONTINUE TO LEAD THE WAY IN DIGITAL PAYMENTS
Kriya Patel, CEO, Transact Payments While the recent introduction of PSD2 — the second iteration of the EU’s Payment...
COMBINED RISE OF M&A AND CYBER RISK CREATES STORMY SEAS FOR INVESTORS
UK organisations carrying out merger and acquisition (M&A) activities must improve pre-acquisition due diligence of software vulnerabilities By Philippe Thomas,...
PPRO CLAMPS DOWN ON FINANCIAL CRIME RISKS, PARTNERING WITH AND INVESTING IN AI-DRIVEN TRANSACTION MONITORING STARTUP SENTINELS
PPRO, the leading local payments infrastructure provider, has today announced a strategic partnership and minority investment in Sentinels, Europe’s leading transaction...
EMV® IN TRANSIT: WHY AND HOW?
Taoufik Sakhi, Smart Mobility Technical Advisory Director at Fime Today, contactless cards provide a fast and frictionless payment experience,...
INSTANDA ENTERS THE MIDDLE EASTERN MARKETPLACE
INSTANDA expands global footprint by working with new client, NewTechMe First product distributed in the Middle East Announcement signals INSTANDA’s understanding of NewTechMe’s vision to drive digital transformation in UAE...
RGU LEADS EUROPEAN INTER-REGIONAL NORTH SEA PARTNERSHIP TO HELP HOMEOWNERS IMPROVE ENERGY EFFICIENCY
NB: Image from left to right includes: Mike Bauermeister, Kishorn Insulations, Jamal Alabid, RGU, Amar Bennadji, RGU, Richard Laing, RGU,...
JUMIO APPOINTS JENNIFER N. HARRIS TO BOARD OF DIRECTORS
Addition of veteran CFO comes amid period of record growth and product expansion at Jumio Jumio, the leading provider...
WISE LAUNCHES ASSETS, YOUR WISE ACCOUNT INVESTED IN THE WORLD’S LARGEST COMPANIES
Assets offers current account flexibility, with the potential for investment returns Wise, the global technology company building the best way...
A CHECKLIST FOR RETRENCHMENT READINESS
By Shelley van der Westhuizen, head of financial well-being strategy & applied research at Alexander Forbes Your health may not...
EQUIDUCT LAUNCHES TRADING IN EXCHANGE TRADED FUNDS FOR RETAIL INVESTORS IN EUROPE
Equiduct will offer 436 ETFs and ETPs for trading through Apex Equiduct, the pan-European retail exchange, announced today that...
THE IMPORTANCE OF MANAGING DATA RISK IN THE FINANCE FUNCTION
Written by Steph Charbonneau, Senior Director of Product Strategy, Vera by HelpSystems CFOs and financial controllers play a pivotal role in how organisations evaluate and manage...
THE DEMAND FOR BETTER B2B PAYMENTS
By Brandon Spear, CEO, TreviPay Business-to-consumer (B2C) payments started adapting to digital processes when consumer shopping habits began shifting...
HOW TO BUY USDT AND AVOID THE HIGH VOLATILITY OF CRYPTO
Understanding and breaking down all the different types of crypto can feel like a huge task—there are so many variations...