Set to hit almost five billion by 2019, fuelled by scanner availability in mid-range devices
The increased rollout of contactless payment services using fingerprint scanners will push the number of biometrically authenticated transactions to nearly five billion by 2019, up from less than 130 million this year.
A new study from Juniper Research observed that at present, only two services – Apple Pay and Samsung – use fingerprint scanners for authentication, with availability currently limited to the US and UK for the former, and the US and South Korea for the latter.
However, it argued that with both services expected to be launched in multiple additional markets during 2016, the convenience of the scanner is likely to make it a primary mechanism for transaction authentication.
The new research report argues that incorporation into additional mobile wallets would be spurred by a greater availability of fingerprint scanners in mid-range smartphones. This, together with a growing take up of contactless infrastructure at point of sale (POS), is likely to drive further adoption in the medium term.
Yet the research cautions that the security of biometric data is paramount, citing the case of the HTC One Max, where fingerprint data was mistakenly stored on the device in plaintext and in a world-readable location. While that mistake was rectified, research author Dr Windsor Holden warned that the implications to ensure secure storage could be devastating.
“When a password or PIN is hacked, the consumer can simply get a replacement. When biometric data – fingerprint, iris, facial – is stolen, the consumer’s online identity could be irretrievably compromised,” he stated.
Additionally, the research pointed out that the greater prevalence of cybercrime – more than one billion online records were exposed by data breaches in 2014 – meant that tokenisation was becoming an increasingly attractive proposition for acquirers and processors. It argued that the tokenisation process, wherein data with no intrinsic value replaces high value cardholder data, would significantly reduce exposure to fraud. Furthermore, with hackers merely obtaining tokens which are meaningless in isolation, the scale of attacks on sites might also decline.