Last heard that the Gabbars of the new age India are sitting up & taking notice of the latest from Niti Aayog where its chief has remarked that biometric payments are going to be the future and card/ mobile payments will be a passé in next decade or so. Gabbars are all happy! ‘The hand of the Thakur will now fetch much more now!’
Even I was shivering in my sleep, dreaming of a situation where a masked man accosts me at an ATM; with a wax/ soap in his hand asking me to give my finger print or worse just knock the fingers off! Currently under threat, I can just hand over the credit card and pray that my losses are minimal and that I can block my card ASAP. The bad dream thankfully was over in a few minutes as I suddenly woke up in fear.
Jokes apart, biometric payments have been on in India for quite some time. It has been primarily limited in financial inclusion sector, primarily for customer authentication by business correspondents. But with current focus on cashless, the Aadhar (UID) team is working on a pilot to expand it for any kind of payments. The proliferation of mobile/ smart phones, existence of biometric data with a central authority (UID) and most banking accounts being linked with Aadhar number have made the near future of a very wide rollout of biometric payments quite feasible in India. There are countries already experimenting with the same e.g. USA, UK, Japan, and Australia for certain sectors (esp. tourism)
The advantages of using biometric are many:
- Secured: With rising cyber fraud, card thefts, password stealing etc, biometric provides a more robust & secured way of authentication. The devices used to capture biometrics (e.g. fingerprints) do not have capability of storing the data (fingerprint)
- Faster: Put your finger and that’s it
- Better customer experience: No cards to carry
- Easier to rollout: No issuance of cards to many, low cost machines (cheaper than mini ATM/ POS) for fingerprint capture and no need of mobile/ smart phones (still a challenge at distant places)
And there are challenges too!
- Cost of breach is humongous/ practically irreversible:
- You can block your card, change your PIN/ password or can stop pay a cheque, what will you do if your biometric details are busted? For e.g. either through an unauthorized access to UID database or through leakage during the process of Aadhar generation. You can’t change your DNA!!!
- Similarly bank can reissue card/ PIN but can it reissue you a set of new fingers? (Plastic surgery in fingers???)
- You can have password/ card reissued any number of times (technically) but very limited options to change your biometrics (fingerprint, retina scan, facial scan etc)
- Litigation challenges: Who pays for the breach? With biometric, another primary stakeholder enters the scene (the UID authority) and this is a Govt. authority. Challenge is UID falls under ‘Home Ministry’ while banks, RBI etc fall under the ‘finance ministry’.
- The answer is not a Boolean ‘1/0’: The biometric match result is not a simple ‘Yes’ / ‘No’ but match probability (e.g. 98% match etc!).There can be chances of ‘false’ alarms (False Non Match error: right person with false match). Perhaps the feedback from usage of biometric in BC payments in India can give some insight into the magnitude of this issue.
The main challenge here goes back to our ability to create a infrastructure which is very secured, robust and failsafe. Here I will draw your attention to two of our related articles, which highlights the menace of cybersecurity fraud and the challenge in practical implementation of a robust secured infra.
Before I end, a few stats on usage of biometric from different studies worldwide:
- Fingerprint is the most common method of biometric authentication because of ease of capture and lower cost of machines. Fingervein, Voice, Iris scan, facial recognition are other methods but are much less popular because of cost of implementation. Accuracy though is much higher for fingerprint and Iris scan.
- A TNS study on biometric usage in USA, UK & Australia showed 55% adults are open to use of biometric but at same time 63% also feels that it will put personal identity information at risk
- A new research by Visa on European consumer, indicates that many people prefer biometric to be used as part of a 2 factor authentication process rather than being a standalone method
- Mobile Biometric revenue is expected to reach more than $34k Million by 2020 (Acuity)
So what do we opine?
- Rushing too fast to be on the right side of the PM can put the country/ people at risk. Cashless is a journey and one need to take steps with due care as we move in that journey. The process should not be compromised as security of the biometric data, the capture process and the process of authentication should be extremely robust. Biometric usage would mean opening up the UIDAI database to multiple platforms and hence securing becomes more critical. Security experts can elaborate more on this
- There are multiple threads running in this sudden push on cashless, starting from digital payment firms, payment banks, launch of UPI, mobile payments, BHIM and now biometric. Hoping that the efforts are synergized rather than ‘drop the hot cake & move on to next’
- Biometric seems to have a good case for India (especially since the capture has been done mostly and the data remains with a single centralized Government body) but it should not be rushed too fast as well!
What about insuring your finger? Are we looking at a completely new insurance product in near future? Not a bad idea, I guess:)
More thoughts? Pls. share as comments or write us back at firstname.lastname@example.org
- Biometrics: the Future of Mobile Payments (BBVA research, 20th July 2015, US Economic Watch)
- Mastercard’s Biometric Update (2015)
- Transaction Network Services: Consumers Welcome Biometric Globally (Feb 2016)