A report from Mastercard and the Department of Computer Science at the University of Oxford highlights that only 36% of banks feel they have adequate security measures in place to provide proper biometric authentication.
People unlock their phone and, increasingly, shop and pay with the touch of their finger. They don’t get locked out when they forget a password because it has been replaced with a simpler, more secure option – mobile biometrics. Whether using a fingerprint, an iris scan or a selfie to confirm identity, banks see biometric technology as a way to provide greater convenience and security to customers as they use their accounts.
But, it’s still early days in mobile biometrics, and a new report from Mastercard and the Department of Computer Science at the University of Oxford highlights a big barrier. Only 36% of relevant banking executives feel they have adequate experience to deliver.
To overcome this knowledge gap, the report, titled “Mobile Biometrics in Financial Services: A Five Factor Framework”, explores this fast-evolving technology landscape and provides bank executives with guidelines to successfully bring mobile biometrics to life. Simply put, they need to focus on Performance, Usability, Interoperability, Security and Privacy.
Some of these factors are more visible to the consumer, having a real impact on user experience, while others operate behind the scenes. But, long-term success for a bank requires that they address all factors equally to protect against threats. The framework can help financial service companies avoid the trap of focusing only on the ones their customers see.
“Biometric authentication has a lot of potential, but it is important to address the objectives of each of the Five Factors when designing solutions. Working together with Mastercard enables us to solve for realistic threats to the industry with the best technical and scientific ideas. Users will need consistency, quality and assured security for this technology to thrive,” said Professor Ivan Martinovic, Department of Computer Science at the University of Oxford.
Ajay Bhalla, president, Global Enterprise Risk & Security, Mastercard, commented on the research initiative in a blog post, saying:
“Effective mobile biometrics melt into the broader experience of consumer-centric financial services, giving people the power to instantly access their financial information or make a payment. They’re driving the trend toward a password-free future where digital identity is all about who we are, not what we remember.”
Considering that global sales of smartphones are expected to reach $400 billion by next year, people everywhere will increasingly have access to the tool that makes mobile biometrics possible. Banks see that as an opportunity, and with initiatives like the collaboration with the University of Oxford and pioneering biometrics solutions like Mastercard Identity Check Mobile, Mastercard is a partner to deliver widespread and responsible adoption of mobile biometric solutions in financial services.
As Bhalla continued, “This framework is fundamental to accelerating the deployment of mobile biometrics for consumers and industry alike, but collaboration is key. We can only achieve this if industry, academia, governments and technology vendors understand and contribute to the evolution of the Five Factor Framework for mobile biometrics.”
“Mastercard and Oxford have done important work in exposing some of the root causes for the inconsistent adoption of mobile biometrics in financial services,” said Ravin Sanjith, Program Director: Intelligent Authentication, Opus Research. “We expect the Five Factor Framework to become an indispensable aide for industry professionals and decision makers to have better informed, strategic discussions that drive towards more efficient and successful high-scale implementations.”
Huge appetite for foldable phones – when prices fall
Samsung, Huawei and Motorola have all shown their cards, but consumers are concerned about durability, size, and enhanced use cases, according to Strategy Analytics
Foldable devices are a long-awaited disrupter in the smartphone market, exciting leading-edge early adopters keen for a bold new type of device. But the acceptance of foldable devices by mainstream segments will depend on the extent to which the current barriers to adoption are addressed.
Major brands have been throwing their foldable bets into the hat to see what the market wants from a foldable, namely how big the screens should be and how the devices should fold. Samsung and Huawei have both designed devices that unfold from smartphones to tablets, each with their own method of how the devices go about folding. Motorola has recently designed a smartphone that folds in half, and it resembles a flip phone.
Assessing consumer desire for foldable smartphones, a new report from the User Experience Strategies group at Strategy Analytics has found that the perceived value of the foldable form does not outweigh the added cost.
Key report findings include:
- The idea of having a larger-displayed smartphone in a portable size is perceived as valuable to the vast majority of consumers in the UK and the US. But, willingness to pay extra for a foldable device does not align with the desire to purchase one. Manufacturers must understand that there will be low sell-through until costs come down.
- But as the acceptance for traditional smartphone display sizes continues to increase, so does the imposed friction of trying to use them one-handed. Unless a foldable phone has a wider folded state, entering text when closed is too cumbersome, forcing users to utilize two hands to enter text, when in the opened state.
- Use cases need to be adequately demonstrated for consumers to fully understand and appreciate the potential for a foldable phone, though their priorities seemed fixed on promoting ‘two devices in one’ equaling a better video viewing experience. Identification and promotion of meaningful new use cases will be vital to success.
Christopher Dodge, Associate Director, UXIP and report author said: “As multitasking will look to be a core selling point for foldable phones, it is imperative that the execution be simplified and intuitive. Our data suggests there are a lot of uncertainties that come with foldable phone ownership, stemming mainly from concerns with durability and size, in addition to concerns over enhanced use cases.
“But our data also shows that when the consumers are able to use a foldable phone in hand, there is a solid reduction of doubt and concern about the concept. This means that the in-store experience may more important than ever in driving awareness, capabilities, and potential use cases.”
Said Paul Brown, Director, UXIP: “The big question is whether the perceived value will outweigh the added cost; and the initial response from consumers is ‘no.’ The ability for foldable displays to resolve real consumer pain-points is, in our view critical to whether these devices will become a niche segment of the smartphone market or the dominant form-factor of the future. Until costs come down, these devices will not take off.”
New exploit exposes credit cards on mobile phones
Check Point Security has found that handsets using Qualcomm chipsets that hold credit and debit card credentials are at risk of a new exploit.
Now it’s more important than ever to update your phone.
Check Point security has found a vulnerability in mobile devices that run Android, which allows credit card details to be accessed by hackers.
Mobile operating systems like Android offer a Rich Execution Environment (REE), providing a hugely extensive and versatile runtime environment, which allows apps to run on the device. However, while bringing flexibility and capability, REE leaves devices vulnerable to a wide range of security threats. A Trusted Execution Environment (TEE) is designed to reside alongside the REE and provide a safe area on the device to protect assets and to execute trusted code. Qualcomm makes use of a secure virtual processor, which is often referred to as the “secure world”, in comparison to the “non-secure world”, where REE resides.
But Check Point “fuzzed” a “hole” into this secure world
In a 4-month research project, Check Point researchers attempted and succeeded to reverse Qualcomm’s “Secure World” operating system. Check Point researchers leveraged a “fuzzing” technique to expose the hole. Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors and security loopholes in software, operating systems or networks. It involves inputting massive amounts of random data, called fuzz, to the test subject in an attempt to make it crash.
Check Point implemented a custom-made fuzzing tool, which tested trusted code on Samsung, LG, and Motorola devices. Through fuzzing, Check Point found 4 vulnerabilities in trusted code implemented by Samsung (including S10), 1 in Motorola, 1 in LG, but all code sourced by Qualcomm itself. To address the vulnerability, the runtime of Android needs to be protected from both attackers and users. This is typically achieved by moving the secure storage software to a hardware-supported TEE.
Check Point Research disclosed its findings directly to the companies and gave them time to patch vulnerabilities. Samsung patched three vulnerabilities and LG patched one. Motorola and Qualcomm responded, but have yet to provide a patch, and there is no confirmation of a release date yet.
Check Point Research has urged mobile phone users to stay vigilant and check their credit and debit card providers for any unusual activity. In the meantime, they are working with the vendors mentioned to issue patches.