Is the death of the password nigh?

We live in the digital age in which smartphone uptake and consumer reliance is growing at a rapid pace. GSMA Intelligence’s global Mobile Economy report recently estimated that by 2020 smartphone adoption will reach a high of 5.7 billion, up 1.9 billion from the end of 2016. Meanwhile Ericsson’s latest Mobility Report revealed that in Q1 of 2017, smartphones accounted for 80 per cent of all mobile phone purchases across the globe.

Smartphone usage is also changing. Consumers are increasingly using their smartphones to bank, make bookings and reservations and shop; activities which require them to enter credit/debit card information. According to Nielsen’s Global Mobile Money Report, 38 per cent of global respondents purchased a product or service on their mobile device in the past six months, whilst 47 per cent had checked an account balance or a recent transaction in the same period.

Unsurprisingly, with consumers now entering their personal information into smartphones to access a growing number of services, there are increasing fears around security. Research by Recode found 40 per cent of consumers were reluctant to add or enter their credit/debit card details to their smartphones because of security concerns.

However, these concerns also represent an opportunity for both banks and telcos to build a role as a trusted partner to consumers in this space. By offering the easiest and most secure authentication methods for consumers accessing services via mobile, they can help customers protect their data through an extended layer of security.

There’s not just opportunity in improving the security of mobile devices and transactions. Mobile devices can also be used to confirm a consumer’s identity during non-smartphone based transactions and across channels. For example, before processing an online bank transaction, an OTP (one-time password) text is often sent to the mobile number registered with the account, to confirm the user’s identity.

Gone are the days of password-based mobile security and the potential opportunity is huge. Telcos can now offer a range of omni-channel services that both improve the security of devices and confirm identities to drive both customer engagement and loyalty.

The smartphone – a goldmine for criminals

As a direct result of the smartphone surge, mobile wallet apps have taken off; Apple Pay, Samsung Pay and Android Pay all allow consumers to pay and store bank details on their phones. Consequently, smartphones have increasingly become a security ‘hub’ for consumers, collating and storing a broad range of valuable personal information. It’s this data that makes smartphones so attractive to modern-day cyber criminals.

Although many companies try to outline the potential pitfalls of familiar passwords, they are easily stolen and often predictable, relying upon consumers to create, memorise and change them – which can often feel like a tedious task. Fujitsu noted that 61 per cent of people reuse passwords and only 12 per cent believe their passwords are very secure.

Passwords do not confirm the identity of the user; instead they simply accept the user has the right credential so is therefore likely to be the person they say they are.

Whilst two-factor privacy authentication is currently being driven via mobile, meaning customers can now move money/pay bills without any other form of authentication being required, there is more sophisticated technology on the horizon for mobile security.

It’s clear that privacy authentication is in need of change. It needs to become more personalised and less reliant on consumers in order to keep personal data safe, and telcos can offer this.

Biometrics – the future of authentication?

Looking ahead, it’s clear that passwords and questions reliant on memory such as, ‘what was the name of your first pet?’ may become a thing of the past as biometric technology increases.

Biometric authentication is a means in which a person can confirm their identity by biological traits alone, making it hard to steal and impossible to forget. As opposed to passwords, it’s a method of authentication that confirms the actual identity of the user.

It doesn’t matter if a criminal has a consumer’s smartphone, tablet, PC or even sensitive log-in details – without their retina scan or finger print they will not be able to access systems or authorise transactions. You can’t guess a fingerprint.

In fact, Gemalto’s recent report on building trust in mobile apps found that over half the consumers surveyed globally believed a fingerprint reader on their smartphone would significantly protect them. For some years now it’s been fingerprint recognition that most telcos rely on to keep their customers’ personal data secure. However, the future is brighter than this thanks to advances in biometrics.

One biometric alternative to the password that has the potential to improve the security of mobile services is face recognition. This year, MasterCard developed a tool that has been rolled out to banks in the US, Canada, the Netherlands, the UK and Germany, to be passed onto customers. It grants purchasing verification by face recognition via the mobile app Identity Check Mobile.

The Samsung Galaxy S8 similarly offers facial recognition to consumers unlocking their phones. However, there’s still some issues surrounding the quality of this service. In its disclaimer, Samsung warn that by using facial recognition a phone could be unlocked by someone that looks like its owner. Clearly, although customer confidence in biometrics is relatively high compared to the password, there are still some concerns.

A more secure alternative is iris scanning. There are 225 different comparative features in an iris, compared to a fingerprint’s 40, making the iris recognition far more reliable. Students at California State University Fullerton have been exploring this with their biometric research into how retinas and 3D face images can push the boundaries of password-based mobile security.

So, although there’s still progress to be made in this area, by exploring and offering these additional services telcos can stay relevant and engage with their customers in a competitive market, offering a truly personalised experience.

As well as facial recognition, voice recognition has the potential to provide yet another extra level of security to consumers accessing mobile services. In 2016, Barclays became the first bank to offer voice recognition for customers accessing their bank using their phone. Users who sign up to the security service have to repeat several phrases over the phone before the bank analyses and stores the vocal attributes. When a customer calls next time, they’ll be asked to say something that will be compared to their ‘voiceprint’.

By taking responsibility and offering a service that will help customers confirm their identity and protect their data in an easy and more convenient way, there is potential for a provider to extend its influence into customers’ lives, improving their value.

Back to basics: offer advice

However, it’s not just biometric mobile security services that telcos can offer. Customers value the advice and guidance of their provider. By giving consumers the information necessary to make better mobile security and fraud prevention choices, backed up by relevant and knowledgeable support in times of crisis, telcos can enhance their reputation amongst existing and potential customers.

For example, setting up a 24/7 helpline that provides customers with advice and peace of mind, or by advising them to only use official app stores, update their operating systems regularly, fine-tune app permissions or investigate public wi-fi before logging in. This everyday practical guidance could empower customers to be a little more careful and wary about protecting their personal information. Such advice can position a company as an expert and make the customer feel like their security is valued.

Mobile security is a real and global threat that is only growing. As processes become more streamlined with multi-factor authentication and biometrics, telcos have the chance to see security issues not as a challenge, but as an opportunity. By offering expertise or an additional service that has value to the customer in their day-to-day life, a company can prove themselves a trusted partner and can build more personalised and loyal relations.