Identity in Vegas
Identity, authentication and authorisation are amongst the hottest of hot topics in our world right now.
Even if we put Apple and it’s new face recognition technology to one side, there’s no shortage of excitement at the intersection of biometrics and electronic transactions. Remember this from earlier in the year?
A UK supermarket has become the first in the world to let shoppers pay for groceries using just the veins in their fingertips.
As I wrote at the time, this came only a few weeks after people forwarded me a link from to Time Out, calling attention to a new payment mechanism using a new biometric identification technology to effect retail payments in a new way. The system, called Fingopay, uses a scanner at POS to recognise customers in pubs and bars by the pattern of veins in their finger and then charges a linked payment account. I did remark on the overuse of “new”, as the first time that Consult Hyperion blogged about this technology was more than a decade ago, talking about mass market uses of biometrics and looking in the particular case study of Japanese banking, and it wasn’t new then! The technology has reappeared as a “new” solution to these same problems a great many times since then. It seems like every couple of years or so some stories about this new technology and new way to pay reappear. For example…
The BBC were kind enough to invite me on to their lunchtime “You and Yours” magazine programme to discuss this innovation. I think they were a tiny bit surprised, to be honest, when I told them that the technology was eight years old! I also told them, in the spirit of openness and integrity that is associated with the good name of Consult Hyperion throughout the civilised world, that we had been retained by Hitachi some years ago to carry out a study on the security of this product and its suitability for certain financial services applications.
The truth is that the idea of using fingers instead of cards goes back a long way (I can remember Piggly Wiggly exploring it in 2004) and reappears with regularity. So what’s different this time? Well, for one thing, we now have open banking. With strong customer authentication (SCA), risk-based authentication at POS and standard APIs for third-party access to accounts, retailers and other will soon be able to process payments themselves by obtaining payment institution (PI) licences and obtaining consumer consent for access to their bank accounts. Thus, putting your finger on a reader in store and having the retailer instruct an immediate instant payment transfer from your account to the retailer account looks like a more promising model this time around.
It’s the combination of technology (convenient biometric authentication), business (non-bank third party services) and regulation (open access) that means that the payments world is going to see more change in this space in the next year than in the previous ten. Almost every payment conference in that decade has highlighted the “identity problem” yet no-one was going anything about it. Now we have mass market solutions just around the corner.