Biometrics for Security in E-Commerce
Online vendors love to have people sign up for accounts. Letting them log in speeds up checkout and reduces typing errors. It lets the site remember people’s past purchases and make recommendations. The trouble is, are they going to remember their password when they log back in? They might only visit the site a couple of times a year.
There are ways around the problem, to be sure. People can use very simple passwords like the company name. They can use the same password for every site. When they do this, they create a security risk for themselves. Someone else could log into their account and order “gifts” for themselves.
Or they can click the “Forgot password” button each time they log in and get an email. This isn’t great either. Email isn’t secure, and someone could intercept the link they get. The email sometimes doesn’t get through or takes a long time to appear.
A better way
E-commerce could benefit from an easier, more secure way to log in. In fact, new ways are already here. Instead of relying just on a password, they use biometric data, such as a person’s picture or voice. This is information which is hard to fake or lose. Some versions use fingerprints, hand geometry, or other physical characteristics that don’t change much over time.
People have talked about biometrics for many years, but mobile devices have finally made them practical. They have to be easy to use, or people won’t accept them. Let’s face it, typing in a long password on a smartphone is anything but convenient. That’s one reason people use simple passwords.
The technology has to do a lot more than take a picture or make a recording. The software has to recognize different pictures, under different lighting, as the same face or fingerprint. It has to tell the difference between a live shot and a recorded image, otherwise an impostor could just hold a photograph up to the camera. Software has gotten significantly better at doing these things in the past few years.
Apple Pay and Samsung Pay allow biometric identification. Samsung scans people’s eyes, while Apple checks a fingerprint. PayPal is also offering a fingerprint option in its mobile app. Login support for individual vendors could be the next big area for biometrics.
Concerns to address
Biometrics can raise privacy concerns. Being fingerprinted or getting a retinal scan feels intrusive to many people, and giving their picture to each company they do business with can make them worry. On the other hand, many people freely post their pictures on public Internet sites, even when they’re in private situations. It will take time for most people to get used to the new ways of identifying themselves, but they will.
It isn’t necessary to store personal biometric data on a server. A stored electronic signature which software can match against incoming data can do the job. If businesses tell customers that they can’t reconstruct the original data, that could satisfy many people’s privacy concerns.
Another concern is that you can’t change a biometric. If a data thief comes up with a way to use recorded data that fools recognition software, people can’t just revoke their faces and enter new ones. The software has to be good enough to keep this from happening. It’s likely to need updates to defeat forgers.
The ultimate biometric might be brainwaves. They’re especially hard to fake, since you can’t record them without getting really close to a person with special equipment. Will people let a machine “read their minds” in exchange for strong security? Time will tell.
Art + Design Media Research Laboratory offers affordable digital marketing strategy services. Please contact us to learn more.