The next few years will see billions of users regularly using facial recognition technology to secure payments made through their smartphone, tablets or smartwatches, according to new analysis carried out by Juniper Research.
Smartphone owners are already used to staring at their screens to safely unlock their devices without having to dial in a secret code; now, facial recognition will increasingly be deployed to verify the identity of a user making a payment with their handset, whether that’s via an app or directly in-store, in wallet mode.
In addition to facial features, Juniper Research’s analysts predict that a host of biometrics will be used to authenticate mobile payments, including fingerprint, iris and voice recognition. Biometric capabilities will reach 95% of smartphones globally by 2025, according to the researchers; by that time, users’ biological characteristics will be authenticating over $3 trillion-worth of payment transactions — up from $404 billion in 2020.
Mobile devices are increasingly used to replace credit cards, enabling users to leave their wallets at home even when visiting a shop, but also offering myriad new opportunities to make purchases online. From Instagram shopping to the Google Play store, the e-commerce ecosystem is growing rapidly — and at the same time, it’s opening many new avenues for fraudsters to exploit new vulnerabilities.
Using rogue apps, malevolent actors can trick users into letting them handle financial payments, for example, while synthetic data and deepfakes can be used to commit synthetic identity payment fraud. This is why it’s vital to ensure that when a payment is made, the user spending money is who they say they are.
That’s why biometrics are becoming critical to improving the security of mobile payments, with facial recognition, in particular, set to grow in popularity. But not all technologies are created equal: Juniper’s analysts effectively draw a line between software-based and hardware-based facial recognition tools.
“All you need for software-based facial recognition is a front-facing camera on the device and accompanying software,” Nick Maynard, lead analyst at Juniper Research, tells ZDNet. “In a hardware-based system, there will be additional hardware layers that add additional security levels. It’s increasingly important to differentiate because hardware-based systems are the more secure of the two.”
The leading example of hardware-based facial recognition technology is Apple’s Face ID, which can be used to authorize purchases from the iTunes Store, App Store and Apple Books, and to make payments with Apple Pay.
Face ID is enabled by a camera system called TrueDepth, which is built by Apple, and which analyzes over 30,000 dots on users’ face to create a biometric map that’s coupled with an infrared shot and compared to the facial data previously enrolled by the user. The technology is precise enough to identify spoofing — for example, by distinguishing a real person from a 2D photograph or a mask.
Driven by Apple’s technology, a growing number of vendors are now working to incorporate hardware-based facial recognition technology in their devices. Maynard’s research shows that between now and 2025, the number of handsets using hardware-based systems will grow by a dramatic 376% to reach 17% of smartphones.
“Hardware-based systems obviously have additional costs per device,” says Maynard, “but the reason it is growing well is really that Apple has been driving it forward. They’ve made the technology a part of their high-end devices, and shown that hardware-based facial recognition technology can be done and can be very secure.”
But despite the seeming popularity of hardware-based systems, Juniper’s researchers found that many vendors will first be opting for a software-based alternative. This will be the case of many Android phones, for example, where less control over the hardware can be exercised, making it tempting to deploy a technology that’s purely software-based.
To implement a software-based facial recognition system, all vendors need is the correct software development kit (SDK) installed on the device, as well as a decent-quality front-facing camera. With such low barriers to entry, Juniper expects the number of smartphone owners using the technology to secure payments to grow by 120% to 2025, to reach 1.4 billion devices — that is, roughly 27% of smartphones globally.
As fraudsters refine their techniques and attacks become more sophisticated, Maynard expects hardware-based technologies to close the gap. Smartphone vendors will be deploying facial recognition on a software basis to start with, the analyst explains, before upgrading to hardware-based methods once they see how popular the technology is.
“Fraudsters are always trying to evolve their tactics and develop new methods of fooling whatever security measures are in place,” says Maynard. “They experiment with photos, 3D-printed masks – you name it, it’s been tried. It’s essentially an arms race between fraudsters and security providers.”
“Software-based facial recognition is strong because it’s very easy to deploy,” Maynard continues, “but we are expecting a shift towards hardware-based systems as software becomes invalidated by fraudster approaches. Fraudster methods are always evolving, and the hardware needs to evolve with it.”
Juniper’s research, in effect, recommends that vendors implement the strongest possible authentication tools, or risk losing the trust of users as spoofing attempts increase.
This could take the form of a technology that encompasses several biometric features to secure payments, such as facial recognition, fingerprints, voice and behavioral indicators. The Juniper researchers expect that fingerprint sensors will feature on 93% of biometrically-equipped smartphones by 2025, and that voice recognition will grow to over 704 million users in the same period.
That’s not to say that even state-of-the-art biometric technologies come without flaws. “The pandemic has shown that facial recognition doesn’t really work with face masks,” says Maynard. “I wear glasses — it’s even less useful because your glasses steam up and then the technology has no idea what it’s looking at.
“A lot of Apple Pay users have resorted to passcodes during the past few months, and that is problematic. So, we’ll also see more work on what vendors can do to improve the accuracy of the technology.”