Pay by Person: What Biometrics Means to PayPal

Movies like Minority Report and Blade Runner may still be science fiction, but some of the technologies they showcase are becoming a reality today. The ability to sign in by retinal scan, turn on lights with your voice, unlock doors and activate devices with a fingerprint—otherwise known as biometrics, is quickly becoming a standard especially in mobile technologies. Using your person as your passcode has most recently come into the mainstream marketplace with the release of Apple’s iPhone 5s and iOS 7 software, which incorporate fingerprint-scanning technologies to unlock devices and make purchases through the iTunes and Apple App stores. And keeping the iPhone 5s new Touch ID technology in mind, PayPal recently released a study in conjunction with the National Cyber Security Alliance (NCSA) that looked at consumer behaviors and perceptions around mobile devices, including the use of biometrics for security purposes.

Released as part of National Cyber Security Awareness Month (NCSAM), the study collected responses from 1,000 U.S. adults over two days in September of this year with an aim to better understand how consumers use their mobile devices, as well as how much they know about mobile safety issues. According to the study, people are more reliant than ever on mobile, including a growing use of mobile devices for shopping. However, most of those surveyed still do not view mobile as a very secure option for making purchases online or in-store. It was found that 70% did not feel that storing payment information on a smartphone was safe, and more than 60% were unsure about what financial information could be stored on their devices.

Yet, when it came to biometric protections on mobile devices, respondents were open to trying out these new technologies in place of traditional security measures like passwords. Interestingly, more than half of the respondents (53%) said that they would be willing to replace passwords with fingerprints, and 45% would even opt for a retinal scan instead.

In a previous post, we discussed the latest from Apple, and how their fingerprint scanning technology could be a game changer for mobile. With the number of cyber attacks on the rise, identity theft is a major concern for many, so it’s no wonder that people are open to finding a better alternative to PINs and passwords. Passwords are not only easier to crack than ever before, but remembering 20 plus complex logins for various devices and accounts is becoming impossible to manage. While such security methods as two-factor authentication have been gaining traction with users and businesses, these require additional steps and still rely on passwords as the first level of entry.

Even before the iPhone 5s release, PayPal’s Chief Information Security Officer, Michael Barrett, discussed his thoughts on passwords and the potential of biometrics at Interop IT in Las Vegas. According to Barrett, passwords are obsolete and a new standard needs to be found. However, passwords won’t simply go away overnight and are of no use if not activated in the first place. Despite many people being in favor of new biometric technologies, a whopping 56% in the study admitted that they don’t even take the simplest mobile security precaution—setting up a PIN.

While the PayPal survey results speak to the current public sentiment around biometric technologies, it’s also important to explore the impact of using our bodies as identification. The convenience factor of biometrics is definitely a benefit for mobile commerce, where shoppers would only need to scan a finger instead of entering a login to make a purchase. It’s pretty much impossible to forget your fingerprint, but passwords are lost all the time. Because of the potential to make personal authentication seamless and reduce friction when shopping via a mobile device, companies will almost surely follow in Apple’s Touch ID footsteps.

Nevertheless, the possibility of having your password or other personal information stolen is a frightening reality, and adding a biometric aspect ups the stakes even more. Hackers can already do a lot of damage with only a username and password—imagine what they could do with a fingerprint or retina profile. With this in mind, here are some tips on protecting yourself when using these new biometric security tools:

  • More security is better. Use biometrics in conjunction with a PIN or passcode for extra security if possible. While cybercriminals can no longer gain access to your phone by snooping over your shoulder once biometric safeties are in place on your mobile device, adding in extra defenses if they do get in is crucial.
  • Limit the access of your third-party apps. Biometrics can’t keep malicious apps from accessing your information, so always be careful about what permissions each app is allotted.
  • Only download apps from official sources. Third-party app stores and websites are known for fostering risky apps and malware. Stick to downloading from trusted online sources, such as the Apple App Store and Google Play, that both work to ensure the apps don’t contain anything malicious.
  • Limit your usage while connected to public Wi-Fi. Touch ID technology may be able to keep out unwanted users if your phone gets lost or stolen, but it can’t protect from wireless snoopers and sniffers. Never bank or online shop while using free or unreliable Wi-Fi networks. These kinds of transactions should be reserved for secure and private connections.
  • Update your mobile software. Make sure you are using the latest versions of your operating system, browser, and security software. Updates usually contain additional protection against viruses or malware.
  • Don’t forget about mobile security software. Just because biometrics makes it harder for hackers to get into your device or personal accounts, that doesn’t mean you shouldn’t have extra security. McAfee® Mobile Security comes with many features to help protect your mobile devices from a variety of threats.

Learn about the latest mobile security updates and threats, by following our team on Twitter at @McAfeeConsumer or Like us on Facebook.


The post Pay by Person: What Biometrics Means to PayPal appeared first on McAfee Blogs.