DID YOU KNOW
Biometrics - Fingerprint Scans, Retinal Scans, Voiceprints, DNA Matching, Facial Recognition, and more.
The use of biometrics is very effective as a tool to authenticate a person’s identity. The problem is that it is very expensive to implement and requires the consumer to have equipment to produce the authentication. For today’s marketplace it is very unlikely that this type of fraud technique will be implemented in any kind of mass scale. If you have a defined set of consumers who constantly make purchases you may entertain this option. But more than likely you are in a very high-risk regulated sector if you are entertaining this fraud-prevention technique. For example, the pharmaceutical sector would be well suited.
Merchants may still have “application fraud” in which the account is set up in the fraudster’s identity with their biometric readings. Also, biometrics are very expensive to implement and are a very small-scale type of solution. They require the consumer to have specialized equipment to perform the authentication check. Most solutions still store authentication data on hard drives that could be hacked. Additionally, a lot of devices give the option of defaulting to a password instead of biometric authenticaiton.
THE FRAUD PRACTICE
KEY NOTES
Alternative Solutions - RSA tokens, authentication schemes with pictures, passwords or codes
Building this In-House - N/A
Estimated Cost - Very Expensive
Sample Vendors - Pindrop Security, Nuance
BIOMETRICS TECHNIQUE OVERVIEW
Biometrics are used to verify a person’s identity by a unique physical attribute that distinguishes that individual from any other person. Common physical elements used (but not limited to) are fingerprints, retinal scans, voiceprints and DNA match. Key considerations when implementing or buying this functionality include:
Are the merchant’s consumers setting up accounts?
How will the merchant collect the initial biometric data from their consumer?
What type of equipment will the consumer need to perform the check?
Are the devices portable, or will they only work on the one system they are installed on?
How do they work for MOTO?
What happens if the system cannot authenticate and it is the real consumer?
What are the insult rates of the solution?
Who supports the consumer in getting the technology to work?
Hardware compatibility issues.
HOW DOES IT WORK?
These devices compare a stored image or value that is calculated by the unique characteristics of the consumer with the value they use when they make a purchase. For example, with fingerprints they may be counting the number of identical points from a pre-saved image of the consumer’s thumb.
HOW DO YOU USE THE RESULTS?
These tools can be implemented in a number of different ways. The merchant could send their consumer the device and have him or her install it upon registering with the merchant’s solution provider. Then when the consumer attempts to make a purchase, the system would do a validation and pass the information on to the merchant.
Another method is to have the device perform the authentication and produce a one-time-use number for the purchase, like a disposable credit card number. In some cases the device actually performs the authentication as a means for gaining access to the site or material for making a purchase.