By Shubham Saxena
At the annual World Economic Forum conference in Davos, Amitabh Kant, the CEO of the NITI Aayog, postulated a utopian remark during a panel discussing whether it is India’s Turn To Transform? He asserted the transformation of every Indian into a moving ATM very shortly, claiming that biometrics will revolutionize digital payments. These would include iris and fingerprint scans, practically leapfrogging over the debit and credit cards era.
[su_pullquote align=”right”]Remarkably, India is envisaging aberrant, revolutionized payment methods, which are even sporadic and unconventional in France, Belgium, and Canada[/su_pullquote]
Perhaps, this is going beyond the present ‘conventional’ modes of payments such as debit cards, credit cards, and online payment. These require a minimal effort of remembering and entering a few digit PIN number for a successful transaction to happen. Remarkably, India is envisaging aberrant, revolutionized payment methods, which are even sporadic and unconventional in France, Belgium, and Canada. Cashless modes settle over 90 percent of the transactions in these nations. Now, this obviously invites an indispensable aspect of security which is always the prime concern of any user. Nobody would barter their payment security or risk their permanent biometrics for saving a fraction of time and energy.
The risk with biometrics and the cost of failure
[su_pullquote]Research by a team at Japans National Institute of Informatics (NII) has cautioned use of the popular two-fingered pose.[/su_pullquote]
Today, embezzling fingerprints and even the iris image is possible, courtesy of the ever accessible gadgets powered by advanced reverse-engineering and obtainable slick tricks. One cannot steal a behavioral biometric such as a signature unless someone can learn to sign like you to a certain extent. But, one can steal a physiological biometric such as fingerprint or face or iris image. Research by a team at Japans National Institute of Informatics (NII) has cautioned use of the popular two-fingered pose. Fingerprint recognition technology is becoming widely available to verify identities, such as when logging on to smartphones, tablets and laptop computers. The NII researchers were able to copy fingerprints based on photos. A digital camera took these photos three meters away from the subject.
But, the proliferation of mobile devices with high-quality cameras and social media sites is risks the leakage of personal information. Posting photographs becomes easier because of such gadgets. Even the mobile apps can easily trick their users to get the fingerprint data stored on their servers.
Security of the 4-digit PIN versus the fingerprint
There is a fundamental divergent difference in using the 4-digit PIN and using the biometrics. If the 4-digit PIN gets compromised, one can simply change it. This is what the cognoscente Yahoo and recently, the SBI asked their users to do. Yahoo and the SBI took these steps after 1 billion accounts for Yahoo, and 3.2 million debit cards for the SBI were compromised. Now, on spoofing or theft of biometrics, what expedient measure the stakeholders could possibly take? The answer does not sound promising.
The government is emphasising the move towards biometric payments through Aadhar card. | Source: Bloomberg QuintOne cannot change a fingerprint or an iris image unlike the 4-digit PIN or the password. It would take a gigantic effort for the regulators to abruptly stop the new conventional mode of payments. This would be necessary to curb the fraudulent if it happens on a vast scale at any time.
The second difference that makes the wide range usage of biometrics authentication riskier is that you carry your biometrics fingers and eyes, every time and everywhere which are open to all, per se, and are not idiot-proof.
Whereas the 4-digit PIN is stored somewhere inside the brain, encrypted in our neurons, and only our conscious minds govern its accessibility. The opportunity cost for the criminal minds will be substantially higher when there are millions of users using their biometrics frequently on a daily basis.
The great heights of modern cyber-risks
Further, a user would have the same biometrics required for authenticating his various accounts. While normally, people keep different passwords for different accounts to minimize the risk. As a matter of fact, no agency, not even the tech giants guarantee their users complete security. This should not be hard to believe with cases like Mark Zuckerberg’s Facebook account getting hacked twice, the US Presidential election being compromised, Adobes product getting cracked in less than 24 hours after the company claimed its new version to be uncrackable and confidential military information being stolen.
The government’s efforts towards digital payments
Amitabh Kant heads a committee set up by the government, to identify every potential mode of digital payments. This would push on with its drive towards a cashless economy. The committee will engage with the various stakeholders to realize a rapid adoption of cashless modes of payments. However, the committee is expected to understand that a typical Indian citizen cash over digital payment mechanisms. This is because of the additional costs involved in enabling digital payments, such as that of hardware.
Another government-set up committee has been mapping the rapid adoption of digital payment methods. The Chandrababu Naidu committee, comprised of a panel of Chief Ministers, recently submitted its interim report to Prime Minister Modi. The committee has suggested various measures to attract people to use digital payment methods. These include – the insurance of digital transactions to safeguard the interest of people going cashless, subsidy for the purchase of smartphones by non-tax assesses and small merchants, and abolishment of the Merchant Discount Rate (MDR) to make digital payments cheaper than cash. Such measures are more likely to attract a large number of people. These would utilize unorthodox means, particularly those involving biometrics, which might develop skepticism in people. The reason behind which could be the fact that it asks the users to share their most valuable data.
Are biometrics appropriate for general usage?
A part of why Napoleon lost the battle of Waterloo was Marshall Nays asinine decision of sending his strong cavalry to fight the Brits alone. This left behind the conventional infantry, eventually losing his most powerful regiment and subsequently losing the battle. Only areas of paramount importance should consider biometrics usage. These would include the military, special offices, labs, distinctive facilities and special verifications. The conventional procedure for payments should remain in the mainstream. Overall, the marginal benefit of biometrics based payments is less than the risk of failure. Biometrics fraudulent hints at initiating a domino effect which is unmanageable to contain and irreparable to a great extent.