What is biometric data? Privacy, payments and password protection

According to a report from the security firm Shape Security, 2.3 billion personal credentials were stolen in 2017. And to be honest, this is no surprise considering some of the most commonly used passwords out there are ‘123456’, ‘password’, and ‘sunshine.’

Since roughly 90% of passwords are easy to hack, it’s clear we haven't been the most vigilant about our online security. But what if our passwords were impossible to recreate?

That's where biometric data comes in. When you hear the term ‘biometrics’, it sounds straight out of a sci-fi movie, especially considering we were all on dial-up internet and listening to cassettes just 25 years ago.

Even if you don't know the term, you've probably used biometric data at some point, if not on a daily basis. After all, an estimated 90% of businesses will use biometric authentication technology by 2020 and 62% already do.

Whether you've been using fingerprints or face-scanning to make payments or you find the whole thing a bit daunting, biometric data will be a big part of our future. So let’s learn a bit about it.

What exactly are biometrics?

It's a fancy name, but a simple concept. Biometrics is the recognition of an individual based on their biological and behavioural characteristics. It uses your individual attributes to identify you and authenticate things like payments or logins.

So, what types of biometric data can be used for recognition?

  • Retinal recognition

  • Facial recognition

  • Handprints and fingerprints

  • Voice recognition

  • Vein recognition

  • DNA matching

  • Walking style

  • Odour

  • Typing or writing recognition

The possibilities are endless and quite literally right at your fingertips.

What are they good for?

Biometric data has been around for longer than you might think. Though it's usually associated with law enforcement, the government, or airport security, the public became aware of it thanks to smartphones and the shift to online banking.

A whopping 90% of smartphones can use facial recognition software and 80% support voice-activated identification. The iPhone X’s neural engine alone uses 30,000 dots and infrared imaging to confirm a user's identity. So it's no surprise that people are using fingerprint locks and facial scans instead of PINs.

Our whole worlds are on our phones, so it makes sense that companies like Apple are always improving their security. Anyone can guess your PIN through trial and error, but nobody else has the individual patterns on your thumb or the unique markings of your iris.

The technology isn't perfect yet, and nothing digital is 100% secure, but biometric keys are certainly safer than you might think.

Let’s talk about privacy

There's a lot of concern over how private biometric data is, since it doesn’t get more personal than fingerprints and facial scans. These things still feel a lot more invasive than a PIN. But the truth is, while not foolproof, biometric authentication can be much safer.

For example, when it comes to identity theft. In the UK alone, it is the most common type of fraud to take place against an individual, affecting an estimated 3 million people in 2016. The cost? £5.4 billion a year. Biometric data could drastically reduce those numbers. There are a few issues to consider first though.

When it comes to money, everything is already online, and people are used to digitalised credit. Like your credit, isn't biometrics a string of numbers in the cloud, but safer? Generally yes, but like any data, it can be hacked.

One of the only benefits of traditional identification like a PIN number has over biometrics is that you can change it. If someone knows your PIN, all you need to do is call the bank or go to an ATM machine. Biometric data isn’t something you can lose, but it's also not something you can replace. That means if it is hacked, you can't do too much about it.

But biometric data is still the safer option, especially combined with multi-factor authentication. A study by Juniper Research pointed out that biometric keys enable exceptionally secure cloud-based identity checks, so safety is improving. Researchers predict that by 2023 over 1.5 billion smartphones will use biometric technology.

Finally, victims of identity theft often point out that it's difficult to prove that the theft has occurred. But biometric data leaves no room for confusion. Take E-passports for instance – using biometric information at passport control is preventing identity theft document manipulation.

Public perception: How do we really feel about it all?

The International Biometrics Identity Association compiled various studies on how the public perceives biometric technology, and that perception is improving with time.

In 2016, Accenture surveyed citizens in six countries and found that 89% of people said they were willing to use biometric recognition software when travelling across international borders. 80% of Brits said they were willing to use biometric security instead of passwords and 53% said they would want their banks to use fingerprint recognition technology in digital banking. 3 in 5 people view biometric authentication software as being just as or more secure than password identification.

Unisys also discovered that 86% of Americans would prefer using biometrics for identity verification when making payments. The main driver behind this? Getting rid of all those pesky passwords. Intel Security estimated that the average person has 27 varying online logins, and unless you’re keeping them all in an encrypted spreadsheet, it’s hard to keep up and keep them safe.

One thing that these studies make clear is that people, especially millennials, are ready for biometrics and are starting to see them as better security alternatives.

Most backlash on the use of the technology comes from governments entering the equation. Former Biometrics Commissioner Alastair MacGregor pointed out “more people were concerned about Government use”, because of a fear of “state control and surveillance.” We don't see this issue with banks or payment providers.

Biometric payments

Juniper Research noticed something pretty interesting:

“2 billion biometrically authenticated payments were made in 2017. By 2021, 18 billion biometrically authenticated transactions are predicted.” They also expect mobile biometrics to authenticate 2 trillion dollars worth of sales by 2023. These seem like big numbers, but they make sense.

Take the smartphone for instance. Most of us are walking around with portable POS systems in our pockets. Every time you download an app, order something online, or update a subscription on your phone, you're making a transaction. And we can all agree that making mobile payments is ten times easier using a quick face or fingerprint scan.

Towards the end of 2017, research by Deloitte showed that 12 million UK smartphone owners use their fingerprint scanner and 35% of them use it as a means of payment. This was already one third higher than the previous year and is likely higher now.

Biometric-licensed ATMs are starting to pop up in places like India, where they offer rural areas a gateway into cashless society. The world's shift towards cashless payments and online banking is evident from UK bank closures.

The BBC reported that 60 bank branches close every month, with 2,868 branches having closed between 2015 and 2018. Clearly, banks have some adjusting to do, and biometrics might be the answer.

One indication of Europe's more modern approach to banking is the recent PSD2 act and the UK’s version, Open Banking. What the act means is banks are finally opening up their data, and that gives you more control over yours.

First of all, in order for your data to be shared between third parties, you need to consent, and you can opt out. Secondly, opening up this data will help you a lot. It'll be easier to take out loans, control your finances, and help you learn more about your bank.

The data will help revolutionise the banking industry. When FSA (Financial Service Authority) approved startups and innovators gain access to it, they'll be able to shake things up through tailored product releases based on that data. A clause in PSD2 also makes two-factor authentication a legal requirement for all electronic payments, which keeps things more secure.

What does the future hold?

Biometrics has the chance to revolutionise the payment industry, but as Forbes reported, it also has implications for other industries.

“The use of biometric technology can extend to power smart cities, transportation, and other ecosystems. For example, when you look at the shared vehicle and autonomous vehicle market globally, identity will be really important. Eventually, items like credit cards, insurance cards and drivers licenses could become more easily and securely represented by your biometrics instead of a plastic card.”

Biometrics have already begun to assist humanitarian aid work done by the UN and The World Food Programme and helped the healthcare industry to become more accurate. It's done this by simplifying day-to-day processes.

Take the 2020 Olympic Games for instance. Tokyo will use face recognition security measures so that guests will be able to use their fingerprints as payment.

However, biometrics will eventually advance, security measures and transparency will need to follow. We need to be comfortable with the technology if we're giving it access to our most personal information.

For more business tips, tricks and stories, visit the SumUp blog.

Anna Marie Allgaier