Security

How Biometric Authentication Methods Will Revamp the Commerce Experience

Secure contactless transactions will be essential to keep employees and customers safe in the post-pandemic shopping and workplace era. COVID-19 has sped up much of the digital transformation already under development for commerce, online, in brick-and-mortar stores, and within corporate workplaces.

Some of these contactless procedures are already being deployed. As they become more prominent, consumers will enjoy shopping experiences that no longer rely on payments from a piece of plastic with a four-digit pin.

Instead, consumers will use unique motion sensors in smartphone devices to passively authenticate people using their walking behavior and other contextual biometric signals.

In a two-pronged developmental race, the same technologies will change traditional ways we make car rental transactions and check into hotels. Biometrical devices will also be the keys of entry in commercial buildings, residential complexes, and how we navigate our workday tasks when we return to our corporate workplaces.

That futuristic view is not that far from becoming part of the new normal when the pandemic-imposed social hibernations are no longer needed, noted John Whaley, UnifyID founder and CEO. His company is developing some of the biometric authenticating technologies that will drive that new safety vision.

“None of these things is new. Industries have been talking about this type of automation for a while. The pandemic has merely accelerated everything in development and installation,” he told TechNewsWorld.

Obscurity by Novelty

UnifyID is a startup. Its technology helps identify and authenticate individuals based on the way they move and walk. Not many people know about the developments in high-tech biometric authentication, he offered with the enthusiasm of an inventor showing his creations.

“The biggest challenge developers face with these new capabilities is letting people know about them,” Whaley said. “The push for safe and reliable biometric authentication is starting to hit many other industries with adaptations of touchless technologies.”

For example, airport procedures and rental car delivery will center on phone apps that will handle selection, payment, directions for accessing vehicles, etc. All of these new procedures will eliminate the need to physically approach a counter to conduct travel arrangements and day-to-day business transactions in hotels and elsewhere.

“The transformation to contactless payments was gradually developing and became accelerated with the pandemic. This is going to be a permanent shift. It is not something that people are transitioning to temporarily,” he suggested.

Altered Store Realities

The general trend of contactless business is moving forward as a digital version of what people did in brick-and-mortar stores. For instance, the shopping experience involved viewing shelves of products, selecting choices, and placing them in carts.

Shoppers then process their purchases at a checkout counter. They get a printed receipt and walk out the door.

That process is changing to a more personalized procedure. For instance, as soon as you walk through the door, your Bluetooth or WiFi device will let store personnel know that you are there. The display screen will include when your last visit occurred. You will be greeted by alerts on your device for special sales and product information based on your previous buying, Whaley explained.

“The store gets this information from various sources. One is that store’s app installed on your phone. Overall, your in-store shopping experience is starting to change. Someone may greet you by name. Stores will focus on giving you a uniquely personalized shopping experience that differentiates from other stores,” he said.

Biometric Rhythms

Relying on biometric patterns will do much more than to securely confirm a person’s identity. But that is the starting point for the commerce evolution that will set in, according to Whaley.

“Your phone already knows it is you. The motion sensors add to that confirmation. The whole process makes for a much more seamless experience,” he said.

Scanners in the store will track the items you gather and tabulate them. When you leave the store, your phone will display a receipt and confirmation of your purchase transaction.

In many cases, the traditional checkout counter is eliminated. That is the vision of how stores will customize and streamline your experience, Whaley predicted.

The process is building on the soft checkout procedures already in place in many stores. Customers can scan their own purchases and use a digital payment method, he added.

“That approach is becoming more popular with shoppers, so stores are providing more self-checkout counters,” Whaley said. “People actually prefer self-checkout. So we are seeing a natural progression from self-checkout to no checkout based on shelf sensors, and data tracking as you walk through the store with your store app on your phone.”

Growing Trend

Various biometric systems are already in use involving a number of devices, especially smartphones and tablets, added Hank Schless, senior manager of security solutions at Lookout. Biometric technology provides added security for your accounts.

“What we need to keep in mind is that security measures like biometrics and multifactor authentication rely on a mobile device. So they are only as reliable as your device is secure,” he told TechNewsWorld.

For example, consumers have turned to mobile apps as their primary shopping channel during the pandemic. This opens up immense opportunity for attackers to steal data from unsuspecting individuals on devices they believe to be inherently secure.

There is also significant risk that malicious versions of legitimate apps will appear on app stores and get distributed via social engineering campaigns, he said.

Different Solutions

UnifyID’s technology confirms a person’s identity by behavior. This solidifies the process of authenticating payment accounts and transactions.

“For example, we can tell it is you by how you walk. Motion recognition is just as accurate as a person’s fingerprint as a form of ID. People’s gait is very unique,” Whaley continued.

Much of this same approach is being prepared for the workplace as companies get ready for the return to offices. Obviously, there is a heightened sensitivity to not touching things.

So using these same motion-sensing technologies to recognize a worker’s ID and open doors as he/she approaches will make for safer environments in the new normal, he detailed. That same approach will be used within the building to automatically enable presets for more touchless controls in meeting rooms, work areas and such. The focus will be on touchless environments, Whaley said.

Security Still a Concern

The contactless shopping and business world may seem ideal. But not everyone in the digital security industry is convinced it will not invite identity theft and physical intrusions.

One of the challenges with biometric authentication is the issue of key revocation. It is simple to get a new password. It is not so simple to get a new face, or a new set of fingerprints, cautioned Tim Wade, technical director, for the CTO Team at Vectra AI.

“Additionally, you tend to leave your fingerprints just about everywhere you go. And in some surveillance-based societies, you tend to leave your face as well, and while that is not quite as bad as wearing a T-shirt with your password written on it, it does act to diminish the long-term strength of such an authentication proposal,” he told TechNewsWorld.

The critical piece necessary to consider when advocating for an authentication system is not just evaluating opportunities for attacks that exist today. Developers need to consider attack opportunities that could exist once widespread adoption creates incentives for adversarial economies of scale to show up and crash the party, Wade added.

Reliability a Potential Hurdle

The reliability of biometric authentication varies considerably from technology to technology, according to Robert McKay, senior vice president for risk solutions at Neustar. Adoption rates also need to be considered as many of the techniques to actively track these behaviors require a consumer’s explicit consent.

“Relying on biometric authentication exclusively is not a sound strategy as it may not have sufficient coverage to result in any meaningful improvement to fraud reduction or elimination of friction with good customers,” McKay told TechNewsWorld.

Instead, behavioral biometrics should be considered as an ingredient of a strong authentication recipe that also uses a combination of online, offline, and device-based data, he countered.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

1 Comment

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Security

LinuxInsider Channels