Will Biometrics Be More Harm than Help in Stopping Fraud?
Biometrics have taken a leading position in antifraud technology since the introduction of Apple Pay in late 2014.
It’s not hard to appreciate the applications of fingerprint, facial recognition, and other biometric technologies for eCommerce fraud prevention. However, is it possible that we may be jumping to premature overreliance on these tools?
Are Biometrics the Answer?
Everyone wants to develop the definitive solution that will put an end to eCommerce fraud, once and for all.
While it is near-impossible that one solution will ever stop fraud altogether, many in the eCommerce, payments, and finance sectors are optimistic about the promise of biometrics. As they see it, biometric technology’s reliance on individualized, difficult-to-replicate personal data offers the greatest level of security possible.
Several mobile devices already support biometric authorization in the form of fingerprint capture, and upcoming devices from both Apple and Samsung will feature facial recognition technology as well. In all, it’s projected that 100% of smartphones will be biometric-enabled by the year 2020; the real question is whether consumers will adopt, and if they do, how will that impact fraud prevention?
Details are Lost in the Drive for Innovation
We understand many of the advantages offered by biometric technology and additional layers of security and authentication; in fact, I’ve expounded on these subjects on multiple occasions myself. However, we don’t know what biometrics really mean for the future of online security. We don’t know enough about this still-developing technology to recognize potential risks before they have a profound impact on merchants and consumers.
With stiff competition between manufacturers, the pressure to push for new technology is on. That race means there is less time for research and testing before these technologies hit the market.
It is not very clear when new products arrive if there are undetected risks and vulnerabilities just waiting for fraudsters to discover and exploit. This is not an unusual story; after all, problems with fraudsters discovering how to leverage loopholes and minor flaws in new technologies are nothing new. High-profile vulnerabilities lead many consumers to skepticism. As a result, consumer adoption of new payments tools consistently drags behind their development.
Trust is important to consumers, and they won’t adopt if they aren’t confident in a platform’s ability to protect their privacy.
To demonstrate, consider that Android controls nearly twice as much of the OS market as does Apple’s iOS in 2017, yet Apple Pay sees more than 2.5 times more regular users than Samsung Pay. This could be due to Apple’s significantly better corporate reputation—the latest Harris Poll lists Apple as the fifth most-reputable corporation, compared to Samsung’s 49th place standing. People trust Apple with their data, and so they are more willing to explore new technologies if they’re backed by that security.
Biometrics in the Digital Space
What about eCommerce merchants though?
Biometric-enabled technologies might help prevent some fraud, but it’s a moot point if consumers aren’t willing to use them. Even then, these technologies only help to prevent criminal fraud, which is not the biggest issue merchants face in terms of revenue loss.
There are plenty of widely-used technologies and strategies available to challenge criminal fraud, including fraud filters, proper data handling, and data encryption. Biometrics compliment these tools, but they will not end fraud once and for all—they will just entice fraudsters to get more creative with their methods.
Looking at the proportion of total chargebacks, criminal fraud represents less than 10% of all cases. In contrast, as much as 86% of all chargebacks result from friendly fraud. While biometric authorization may help prevent some issues related to chargebacks, such as family fraud, there is no way to prevent disputes when the cardholder is the one who files them.
Are Biometrics at All Relevant When It Comes to Chargebacks?
Yes and no. It’s true that biometric authorization can’t really prevent friendly fraud, but it could be a very valuable piece of evidence in proving that a customer did authorize a transaction.
Disputing a chargeback is predicated on the merchant’s ability to demonstrate that the cardholder authorized the transaction and that the merchant was compliant with all relevant regulations. Biometrics could be a valuable piece of evidence for merchants; the fact that biometrics are inherently difficult to trick is solid evidence that a cardholder did, in fact, authorize a sale.
The problem is that regulations and standards imposed by the card networks do not keep up with the rapid development of consumer authentication technologies. Biometrics can show that a cardholder almost definitely authorized a transaction, but if the card network won’t accept biometric data as evidence, that knowledge is useless.
In many ways, card network regulations are stuck in the past, unable to adapt to the rapidly-changing realities of eCommerce and the payments industry.
The industry must revisit their policies before biometrics can be a truly effective method of fighting fraud and recovering revenue. We need consistent, yet adaptable policy that is responsive to change; it is unfair that merchants should be forced to defend themselves against threats that develop much faster than the tools with which they’re equipped.
Biometrics Are One Part of an Overall Strategy
The current priorities of the industry seem a bit backwards. We’re seeing institutions act as if biometric will get rid of criminal fraud, while ignoring its applications when it comes to friendly fraud.
Biometrics will ultimately be a positive development for the industry if we keep in mind that they are not an “end all, be all” answer. Biometric authorization is part of a coherent antifraud strategy, not a solution on its own.
In addition, card networks need to make biometric authorization a cornerstone of the dispute process. There are few pieces of evidence more compelling than a fingerprint or facial scan to suggest that a cardholder did authorize a transaction.
Without this kind of change in the industry, the balance will continue shifting toward fraudsters and out of merchants’ favor. If that happens, merchants, consumers, and banks alike will all feel the negative repercussions.