Brainpower alone could be the ultimate end for biometric payments, with researchers looking into how we can authorise transactions with nothing more than thoughts.
Brain versus brawn
Biometric technology is the new frontier for payment authentication; enabling providers to put an end to passwords and PINs.
Apple Pay, enabled through the TouchID fingerprint scanner, is one of the most widely used versions. Facial recognition technology is taking off, while card-less payments using palm vein authentication technology are now possible.
One of the chief advantages of biometrics is security – passwords and PINs can be compromised, allowing criminals easy access to accounts and cash.
However, even biometric ID can be beaten. It’s been possible for hackers to steal fingerprints using a camera, while criminals have used fake fingerprints to defeat Apple’s TouchID. Back in 2005, a Malaysian man had his finger cut off by thieves who wanted to get round the fingerprint security system protecting his Mercedes. In truth, no security system is 100 percent safe.
Brainwaves, on the other hand, could be a lot harder to counterfeit, as a report in Scientific American notes.
Mind over matter
“In the biometric textbook table of contents, often the brain biometrics were listed as ‘Esoteric Biometrics.’ So I guess people have thought about it for many years, but it’s been considered sort of esoteric.” Sarah Laszlo, a psychologist at Binghamton University, part of the State University of New York, told the publication.
Her research is contained in the paper Brainprint: Assessing the uniqueness, collectability, and permanence of a novel method for ERP biometrics.
The introduction to the paper notes that the human brain is continually generating electrical ‘potentials’ representing neural communication.
It’s possible to measure these potentials at the scalp, and constitute the electroencephalogram (EEG).
The paper continues: “When the EEG is time-locked to stimulation – such as the presentation of a word – and averaged over many such presentations, the Event-Related Potential (ERP) is obtained.” Show someone a word, phrase, picture or just about any stimulus and a unique pattern is set off in your brain that can be measured.
The researchers presented acronyms – such as DVD or FBI – to test subjects and measure their unique ‘brainprints’. The results were 94 percent accurate – not yet enough for a reliable payment authentication channel but they hold promise.
A key reason this approach is considered more secure than other biometric technologies is that it’s impossible to fake.
“A brainprint, unlike a fingerprint or a retinal scan, is something that would be immune to sort of a gun-to-the-head or blackmail sort of situation,” Laszlo told Scientific American.
“Brain activity changes if you’re stressed. That’s very well known. And you can cut someone’s finger off. But you can’t cut someone’s brain out. You can’t do it.”
Brainwaves also enable continuous verification, which opens up a new set of possibilities for financial services firms. Passwords, PINs or even a fingerprint scan offer one-off identification. Brainwaves, as New Scientist describes, “could in theory allow someone to interact with many computer systems simultaneously, or even with a variety of intelligent objects, without having to repeatedly enter passwords for each device”.
On the other hand…
Palm vein technology is also being seen as a more secure version to basic fingerprint scanners.
Fujitsu, which is working with JCB to roll out the technology for card-less transactions,notes that palm vein signatures are incredibly difficult to falsify.
“Palm veins are inside the body, thereby making them more difficult to falsify than fingerprints on the body’s surface,” says the firm. “Furthermore, compared to veins in the fingers or the back of the hand, palm veins have more blood vessels and are more complex, and compared to veins in the finger, which are capillaries, palm veins are thicker, main-line blood vessels, enabling stable authentication.”
Biometric technology is key to more secure banking and payments – the task for providers is to decide which version works best. The research indicates that ‘internal’ signatures such as brainprints or vein patterns are more secure, but there are other concerns.
For example, if it’s possible for a fraudster to read contactless card details when they are transmitted, criminals could also read people’s unique brainprints if they had the technology to harness them.
There is always a weak link, so layers of security featuring encryption and tokenisation will continue to play a key part in the mix – as well as fraud detection systems that can analyse a transaction to establish if it is likely to be genuine.