Tuesday, October 21, 2008

Biometrics and mobile payments

As is common knowledge, electronic security should be based on one of the following components (preferably a combination of these):

> Something you know. (Typically passwords, PIN's etc.)
> Something you have. (Typically a chip card, your phone etc. - all of these should preferably be based on some cryptographics in order to stop the ability to copy)
> Something you are. (Typically a fingerprint, retinal scan etc.)

Better mobile banking solutions (from a security perspective) are usually based on at least the first two (E.g. your SIM card and a PIN, a key in a Java application on the phone and a password). A number of interactions with innovative companies this week made me wonder about the possibility of implementing workable biometric solutions in mobile banking applications.

The limitations, of course, are the current input capabilities available on the mobile phone today. The only options that I can see is the possibility of voice-prints built on the voice (microphone) capabilities of a mobile phone. We at Fundamo have worked on one such implementation. It proved extremely problematic to get to work - predominantly because of the digital compression on mobile networks. The other alternatives would be to utilise the camera that is built into the phone for things like retina scans or fingerprints. Would this be possible? Maybe some-one have some ideas on this.

2 comments:

denis said...

Hello,
you have mobilephones with fingerprint device on it (for example in Japan more than 1 million) and at least one mobilephone maker has an eyes recognition via camera. But the authentication is local (I mean in the phone).
Best regards.

Loretta said...

Hi there. Someone just pointed out this post to me, and I thought I'd mention a paper I did earlier this year on this very topic. You can find it here:
http://www.nextbillion.net/multimedia/2008/03/06/biometric-security-for-mobile-banking

Regards,
Loretta Michaels
loretta.michaels@hmswireless.com