Biometrics Becoming Critical to the Payment App Experience

With consumers becoming more and more reliant on mobile payment functionality during the ongoing COVID-19 pandemic, fraudsters have been honing their mobile attack strategies – increasing the need for advanced security measures such as biometrics.

The demand for biometrics, which includes fingerprint, iris, voice and facial recognition, is about to grow exponentially, according to a new white paper from Juniper Research, “How to Maximize Mobile Payment Security.” Biometrics will authenticate over $3 trillion in payment transactions in 2025, an increase of 650% from just $404 billion in 2020, the company said. This jump will be fueled by Original Equipment Manufacturer (OEM) Pays, such as Apple Pay and Samsung Pay, for both remote and in-store payments, as OEM Pays have already jumped on the biometrics bandwagon.

eCommerce apps will have to play catch-up in the race to adopt biometrics, according to Juniper. While the company predicted 95% of smartphones globally will be equipped with biometric capabilities by 2025, it expects only 35% of these smartphones to be used for making biometric payments in eCommerce that year. That’s because many consumers have become accustomed to storing details associated with their payment cards – many of which are not secured by biometrics – on eCommerce sites and apps, paving a difficult road to moving those payments over to methods that leverage biometrics.

The white paper also found that contactless mobile payments will be a major driver of biometrics use, with those transactions expected to increase by 520% by 2025. However, the use of contactless cards, which do not require the extra verification step used in biometric security methods, may threaten that expectation for growth, and Juniper recommended that payment vendors incentivize mobile wallet use to drive greater adoption of biometrics.

Higher levels of smartphone and mobile payments use naturally means more opportunities for fraud, and Juniper identified four key fraud trend areas to watch for:

• Social media: Fraudsters are using sites like Facebook, WhatsApp, Instagram and Telegram to set up accounts impersonating actual users, create phishing posts, recruit fraudsters and money mules, and commit synthetic fraud. They’re also taking advantage of the popularity of merchants on Instagram, creating fraudulent merchant accounts to perpetrate scams.
• Rogue or unauthorized apps: Bad actors create these apps using the brand of a recognized organization to trick users into providing access to personal data on their mobile devices, Juniper said. They can even be downloaded from trusted sources like Google Play, Apple’s App Store and the Microsoft Store, increasing the chances of deceit.
• Data exposure: This refers to any type of mobile data exposure, which can occur as a result of malware, rogue apps, poor app design, phishing and “man in the middle” attacks.
• Synthetic identity and deepfakes: Referred to as the potential “future of verification and authorization fraud,” this category of fraud involves the creation of new identities using fake or combinations of real and fake personally identifiable information. Some fraudsters are creating identities using stolen biometrics or deepfake technology. The latter can be leveraged when biometric security requires a user to take a “live selfie,” which is then breached.

“The digital transformation of payment operations has opened more payment channels (e.g., cloud, IoT and mobile); giving more options to consumers,” the report stated. “The changing dynamics of the ecosystem and increasing connectivity across a myriad of platforms has increased the vulnerabilities and opened up opportunities for fraudulent activities. The number of mobile payment fraud occurrences has increased as well. Every possible entry point from social media to rogue apps to synthetic identity is used to circumvent security measures.”