I recently read with great interest a report published by Forrester Research on the topic of biometric authentication with the following subhead: “Adoption of User And Mobile-Friendly Biometrics Will Kill The Password.” It’s not commonplace to find such strong and direct language used in a business context, but in the authentication space it is not surprising. This strong language is justified for two key reasons. First, the harm that passwords cause is ever-increasing and clearly unsustainable. There is an urgent need to move away from this authentication modality, as time and again passwords have proven to be one of the worst, and least convenient methods of security. Second, the availability of several proven biometric modalities that are at once user-friendly and secure enables enterprises to finally eliminate passwords from their security toolbox.
The financial, reputational and emotional harm caused by password-, PIN- and security question-based security are astronomical in scale. Simply stating that billions of dollars are lost every year seems to underscore the depth of the problem. Consumers suffer on a personal level when they are victims of fraud and this often leads to a loss in trust with the brands with which the fraud occurs. Case in point, I was a victim of fraud a few months ago. A fraudster compromised my digital account credentials (user name and password) that I used with a credit card issuer. The fraudster then proceeded to add the credit card to their Apple Pay account, and performed a series of fraudulent transactions. Needless to say, I have ceased doing business with this bank.
The financial rewards for organizations that eliminate passwords, PINs and security questions are equally material, and surpass stemming fraud losses. I myself have moved my chequing account, credit card, savings account and retirement savings account to a financial institution that secures their mobile application with voice biometrics, and uses the same technology to secure their contact center as well. According to Forrester: “Voice is a great fit for mobile app, web, and phone channels…” for a number of reasons, notably the friction-free experience and the high level of security that voice biometrics offers not only over knowledge-based authentication but also over other biometric modalities. The financial institution that I now deal with not only reduced their fraud losses, but has gained new customers and strengthened the loyalty of its existing customers.
The benefits of eliminating passwords are not exclusive to the financial industry. Telecom providers, e-commerce retailers and even citizen-facing government agencies have a great interest in implementing biometrics.
- In the e-commerce space, Forrester recently quoted during a webinar that 37.4% of all shopping cart abandonment occurs at login. Eliminating the need for a user name and password can translate into transformative financial gains in the form of greater conversion rates.
- On the government front, the Australian Tax Office recently shared that the use of voice biometrics, as a replacement for knowledge-based authentication, within their mobile app and contact center was meant to drive increased tax compliance by facilitating the interaction between citizen and agency. Imagine that – citizens are more likely to pay their taxes if you eliminate that archaic, insecure and high-friction based authentication mechanism known as the password.
- A UK-based telecom provider recently shared that they experienced a significant drop in customer churn and a material increase in sales conversion when they switched from knowledge-based authentication to voice biometrics.
Clearly voice biometrics is not the only biometric modality available, nor the only one that should be deployed by organizations wishing to eliminate the password. A study conducted last year by Interaction Experience showcased that consumers are almost evenly split in their preference for authentication methods when offered the choice of fingerprint, facial recognition and voice biometrics. Their preference for one modality over the other was also influenced by the context they were in. For example, when driving or otherwise on the move, voice biometrics was clearly preferred. Whereas in a social context where speaking was not appropriate, fingerprint or face was preferred. Only 5% of the study participants selected password as their preferred mode of authentication, showcasing the strong consumer desire to move away from passwords. Forrester identified fingerprint, face and voice as the biometric modalities that deliver the highest business value and lead to the highest consumer adoption. Other biometrics show promise, including behavioral biometrics which tracks the interactions of a user and their device to continuously authenticate a user throughout a web or mobile app session, helping to prevent fraud.
I’m a strong believer that providing a choice to consumers in the biometric credentials that they can use to login to a service, such as fingerprint, face and voice biometrics, creates the winning solution to eliminate once and forever passwords, PINs and security questions. In fact, this is the formula that enterprises need to follow if they want to displace passwords and solve for the problems that passwords create. Beyond displacing passwords, these biometric modalities can be complemented by innovative continuous authentication methods such as behavioural biometrics to further secure digital experiences and thwart even the most ingenious fraudsters.
Forrester provides some great tips on how to go about moving away from passwords to biometrics. I highly recommend the read.