The increasing use of multiple digital devices, the access to professional and private social networks, the easy payment by smartcards when shopping on the Internet multiplies the number of password-based authentication systems.
Passwords have a low security level and are quite difficult to remember for users. Consequently, hackers often easily find the same passwords all over the place, such as “iloveyou”, “123456789”, “freedom”, “monkey”or “starwars”. As reported by analysts, 81% of intrusions into mission critical applications are using stolen passwords and especially the easiest ones. One simple password will fail to protect after only 7 minutes of hacking, a complex one will hold for around 14 minutes!
Let’s review the main methods used by hackers to penetrate a server. Financial applications are the most targeted because they result in real money in the pocket.
- Try tens of thousands of easy passwords: hackers have developed a tool to try all easy passwords and it works very well.
- Phishing: you are asked on you preferred mobile application to enter your client number and password, but you have not been able to detect that the web page is a fake.
- Spy access: cybercriminals are using man in the middle (MitM) software to spy on all user habits and passwords through a premium access to network traffic and shopping sessions.
The IT world is becoming too complex and risky to continue using the password that was created at a time when a few university professors were starting up what is known as the Internet with only a few sessions per “day”. In 2018, during an Internet minute or “60 Seconds”, about 900,000 USD are spent on purchases online, 187 million emails are sent, about 1 million logins on Facebook, and about 400,000 apps downloaded from the AppStore.
For each website consulted or each transaction, we are using a different password. The number of passwords that an individual has to remember is increasing and is nonsense. We have reached a very serious limit in the protection of our digital assets and transactions by passwords alone and every day the news confirms tons of critical data such as customers’ private details being stolen by hackers.
Among leading cybersecurity technologies, a strong biometric authentication is a real effective means to stopping hackers and cyber-criminality.
Let’s review, for instance, payment using a smartcard and a smartphone when you purchase an item on the Internet, and how it is extremely efficient to combine the chip technology of the smartcard and multi-factor biometric authentication.
How it works
A cardholder can enroll several biometrics (2 are recommended) on his smartphone terminal, using them to protect his payment during a mobile transaction. The biometric multi-factor carrousel runs on any smartphone, tablet and PC on iOS/Android/Windows with Face recognition, Voice recognition, Lock Pattern Behavioral, Fingerprint, Key stroke Dynamics Behavioral.
When shopping on the internet, the cardholder will pay with his smartcard registered into his smartphone and simply speaks, or put a selfie or a fingerprint through the sensors embedded in his phone.
The payment session is much safer and prevents hackers from carrying out a transaction with stolen passwords. The high level of security (biometrics) provides trust and transparency in any kind of transaction and mobile payment.
Furthermore, within the bank or the card issuer, the backend monitoring server supports thousands of transactions per second, and can therefore sustain a complete International Bank Transaction secure flow and allow the CSO to monitor the system performance, and the effectiveness in terms of FAR, EER and adjust each biometrics threshold to the global customer’s profile, so as to obtain adequate results.
Great benefits of multiple biometrics
Consumers can benefit from the convenience and very strong security of biometrics.
Using multi-biometric authentication for a payment or a transaction is a very strong security factor to certify that the person using the card and the entitled cardholder are the same and a unique digital entity.
For banks and card issuers the biometric technology is a very strong tool to stop hackers and increasing fraud, and secure customers’ lives when shopping, with a strong impact on customer loyalty.
About United Biometrics
Christopher RICHARD and Yves CHEMLA are Co-Founders of UNITED BIOMETRICS. UNITED BIOMETRICS is an IBM and AIRBUS Certified Partner, a Cartes Bancaires Vivatech award winner, architecting and developing a strong multi-factor authentication platform solution for Banks, Governments & Defence, Enterprises, Carriers and Internet Players losing money or service capacity caused by large cyber-attacks and intrusions.