Mobile wallets need voice biometrics
Posted on September 26, 2011 by Nik Stanbridge
The Google Wallet is a fantastic initiative and a way overdue one. And I support it wholeheartedly. What is very disappointing though is the relatively cavalier attitude it has towards security.
PINs aren’t secure and I’ve written about this before. PINs (and passwords) – stuff you have to remember – stuff that can be phished from you or copied from that Post-It on your desk. They’re very old hat now and in serious need of replacement.
Maybe I’m seeing this too much from a European perspective where we’ve had Chip & PIN for what seems like decades now (each of your cards has an associated PIN stored on a chip on the card and at the PoS you have to provide the PIN and it must match what’s on the chip on the card). While I’m not saying this is a panacea either, it’s better than a wallet-level PIN.
As well as the weakness of the PIN, you don’t need card information on the phone at all. Card issuing companies know your card details and they know in-depth information about the human being to whom they have issued those cards. There’s no reason to hold your card details on your phone, or pass them (however encrypted) to the retailer or web site, or generally expose them whatsoever. All that is needed is a strong statement of identity (and that can even be strong anonymous identity) in order to allow a retailer to charge something to YOUR visa card
I’m going to be charitable and assume that the Wallet PIN is a temporary ‘security’ measure and one that Google is desperate to replace / enhance. That replacement needs to be based on biometrics – and voice biometrics are a naturally ally to the smartphone way of doing things.
We have an Android mobile wallet demo that shows just how easily voice biometrics slips into an mWallet user experience. It’s a natural fit, is simple and intuitive and provides very high levels of security based on something you are, rather than something you have to remember. Watch our 34 second YouTube demo vid and see for yourself.
2 Comments
America has the paranoia of ‘National ID’ card that goes down the line of registering firearms. So we get to live with the insecurity of not having a strong proof of identity in the digital world. In Europe it is accepted that an individual will have a nationally accepted ID and will provide it multiple times over the course of a week/month.
Carl S said:
I wonder why the security level is so much lower in America than what has been available in Europe for so long? So many are victins of fraud now. I’ll wait until Google Wallet uses voice biometrics which sounds great.