Dave Birch: The future belongs to passive biometric authentication

16.07.2017 11:38:59 1389 views

The PLUS Journal together with Moscow Fintech, its partner expert platform, continues a series of publications with the world's leading experts dwelling on the latest trends in the payment market and financial technologies. This time our questions are answered by David G.W. Birch, co-founder and director for innovations at Consult Hyperion, a consulting company.

The company helps various organizations worldwide use the latest technology to ensure the security of e-payments and customer identification for a wide range of payments from mobile and bank card to contactless. Consult Hyperion participated in the creation of the M-Pesa mobile payment system and in the development of NFC standard for Mastercard.

1. We have wated for aeons for worldwide worldwide chip and PIN adoption – and it seems a new dawn is upon us – with mobile contactless and even in-app. What are the opportunities (contextualisation?) for new transactional infrastructure as well as threats (numerious schemes confounding users?). What should we keep track of?

For the mass market, mobile will dominate for the foreseeable future. In some countries (eg, China) mobile payments have already jumped over chip and PIN. I suspect that are more payments move in-app and in-browser so the mobile will become part of most payments.

2. Has the role of V/MC and other major schemes changed - and should it change? Seeing how ecommerce driven platforms became de-facto schemes for new geographies, what should be part of the arsenal for incumbents and what role should they play today?

   In my opinion, V/MC will become less about switching payments and more about switching identification, authentication and authorisation. Money will move over “push” credit transfer networks. Many coutnries are creating these instant payment networks already. If you look at the UK, which is a very interesting case study, MasterCard has bought the operators of the instant payment network (Vocalink) so they are clearly looking ahead.

3. How do you assess the political nationalism in payments - the setup of local schemes, for example, MIR of the National Card Payments Scheme in Russia - what is rational and what is excessive in your view. What are the challenges and roadmap for global acceptance for such political animals?

   I think that as the technological barriers to new schemes lower, we will see more of them. I’m not sure that global acceptance is such a big deal – it used to be – but in a year or two perhaps when I get off the plane in Moscow I will download a MIR app to use in Russia. And remember, almost all card transactions are local.

4. How would you imagine a narrate a potential future for mobile payments and will they be swept away by wearables? What is important to remember for wearables and IoT ecosystem (M2M, tokenisation, profile provisioning etc.) What are we missing while being blown away by the rosy promise?

   I’m not sure about wearables but I

   suspect that passive biometric authentication will overtake them. When you walk into the coffee shop, they will know it is you – they do not need to you to have a watch or a keyfob if they have yuor face!

5. Remote ID and digital identity for egov and other services? How well are we prepared? Russian government is actively testing remote public/private key infrastructure for banking and egov authentication - and is mulling plans for biometrics based system (a digital footprint hash is checked to allow banks service customers remotely. Things to remember?

Most countries, Russia included, need a much better digital identity infrastructure but I think we should set a high bar in demanding infrastructure that delivers security and privacy

6. Seeing how quickly (actually it looks a long and slow way for geeks who’ve seen it all) new forms of identity management and digital banking is upon us 
   
   • 1) how to foresee and prepare for those
   • 2) how to get the user on the bandwagon
   • 3) and how to help people form necessary habits of using and not loosing control of their identity (seeing how quickly and easily we loose ourselves on social media is troubling)?

   Well I think the way to bring these products into the market is by targeting the everyday, mass market activities where lack of identity infrastructure is a real problem (like internet dating for example). A government identity that you use once every year to do your taxes is not the solution.

7. How to protect people against identity theft and data theft? What banks and other players should do?

In Europe, under PSD2, banks have to introduced “SCA” (Strong Customer Authentication) which means two-factor authentication. But it needs to be done in a convenient manner and this is where Apple, Google, Yandex, Qiwi, Amazon and others can deliver practical solutions – perhaps they could find ways to build on national identity infrastructure.

8. What do you expect of PSD2 and how well prepared are the banks? What else should be done, seeing how slow banks are acting on the “direct access” mandate? Your take on Open Banking approach of the UK vs. German lobby?

The banks are working hard to develop responses to PSD2 but it is difficult for them. They have to make some big strategic choices about whether to compete at the “front end” or whether to focus on deliver services through APIs to third parties. Many people think that companies such as Facebook will be better at delivering the products and services that customers want to use and that opens up the possibility that banks will lose contact with their customers.

9. Cashlessness - how far, how long, what is lacking and what is needed to make it happen?

In the UK we are heading towards cashlessness, but in Russia I think it is further away. The situation in India is proving to be a valuable case study. I wonder if more governments are looking at the Indian experience and thinking about trying their own demonetisation.