A new study from Juniper Research has found that the increased rollout of contactless payment services such as Apple Pay using fingerprint scanners will push the number of biometrically authenticated transactions to nearly five billion by 2019. That’s up from less than 130 million this year.
The research group observed that at present, only two services – Apple Pay and Samsung – used fingerprint scanners for authentication, with availability currently limited to the U.S. and UK for the former, and the US and South Korea for the latter. Juniper Research says that, with both services expected to be launched in multiple additional markets next year, the convenience of the scanner is likely to make it a primary mechanism for transaction authentication.
The research group thinks that incorporation into additional mobile wallets would be spurred by a greater availability of fingerprint scanners in mid-range smartphones. This, together with a growing take-up of contactless infrastructure at POS (Point of Sale), is likely to drive further adoption in the medium term.
However, the research cautioned that the security of biometric data was paramount, citing the case of the HTC One Max, where fingerprint data was mistakenly stored on the device in plaintext and in a world-readable location. While that mistake was rectified, Dr. Windsor Holden, author of the Juniper Research report, warned that the implications to ensure secure storage could be devastating.
“When a password or PIN is hacked, the consumer can simply get a replacement,” he says. “When biometric data – fingerprint, iris, facial – is stolen, the consumer’s online identity could be irretrievably compromised.”
Additionally, Juniper Research pointed out that the greater prevalence of cybercrime – more than one billion online records were exposed by data breaches in 2014 – meant that tokenization was becoming an increasingly attractive proposition for acquirers and processors. It argued that the tokenization process – wherein data with no intrinsic value replaces high value cardholder data – would significantly reduce exposure to fraud. Furthermore, with hackers merely obtaining tokens which are meaningless in isolation, the scale of attacks on sites might also decline.