Fingerprint Scanning Most Preferred Form Of Biometrics Authentication, Visa Report Finds

Visa conducted a survey in Europe, from which it learned that people trust fingerprint authentication far more than they do iris or face recognition, or other forms of biometric authentication. The survey also seems to show that banks are trusted much more than governments when it comes to storing biometric data.

Europeans Warming Up To Biometric Authentication

According to Visa’s recent study on biometric authentication, 42% of Europeans believe that biometric authentication would eliminate the need to remember multiple passwords for various services. Perhaps not surprisingly, those over the age of 65 believe this even more strongly, with 48% saying they would prefer biometric authentication over passwords.

As we see here, a minority of respondents prefer biometrics, but this could be influenced by the fact that biometric authentication is still a relatively new thing in the consumer space. If some have never used any form of biometric authentication before, then they may tend to shy away from it and stick to what they know.

The study found that 51% of respondents would prefer biometric authentication for online payments, as that would make paying for products more convenient. The number increased to 62% for young people between 18 and 24 years old.

Fingerprint Authentication Preferred Over Other Biometrics

When asked which form of biometric authentication they prefer between fingerprint, iris, face, voice, and behavioral recognition, 53% said they they prefer fingerprint authentication. Only 23% said they’d prefer iris scanning, and even fewer said they would prefer face recognition (15%), voice recognition (12%), or behavioral biometrics (10%). Fingerprint authentication seems to be a rather clear choice for now as an alternative to passwords.

Despite the fact that face authentication methods are just as widely available as fingerprint recognition (Android has supported it since version 4.0, for instance), few people seem to trust it. That’s probably because basic face recognition systems seem to be tricked much more easily than fingerprint systems, and with with much less work.

Even the most advanced face recognition systems don’t seem to keep up with new attacks against them. When people have thousands of photos of themselves publicly available these days, it’s only a matter of time before this type of system is defeated by more sophisticated attacks and algorithms.

Voice recognition systems are naturally trusted even less, because everyone talks on the phone, and calls can be just as easily intercepted and voices replicated.

Fingerprint Authentication Optimal, But Not Ideal

Fingerprint systems are definitely not immune to attacks, which is why we’re beginning to see systems that check for parameters such as the liveliness of the finger or by taking a 3D ultrasonic image of the fingerprint.

Fingerprints should be much harder to replicate than other forms of biometric authentication, but it’s probably also just a matter of time before attackers catch up. That’s why it’s important for companies offering products or services with fingerprint authentication to frequently upgrade them.

Even though fingerprint replication is difficult, there’s still the issue of fingerprint data being stolen from devices. Apple, to its credit, doesn’t store the fingerprint data on the device--only a cryptographic hash of it. Then when the user tries to unlock the device, the fingerprint is checked against that hash. That’s probably not happening everywhere, though.

Governments, especially, tend to store fingerprint data, and going by how these databases tend to be stolen, people naturally tend to distrust the government with sensitive information. The Visa study found the same thing, showing that people trust banks (57%) much more with their fingerprint data than they do governments (33%). However, people also need to keep in mind that governments can request fingerprint information from local banks at any time.

Biometrics With Two-Factor Authentication Most Secure Method

The most secure method of biometric authentication should be one that involves both biometrics and some PIN or password. The Visa survey found that 73% of Europeans see biometric authentication used in conjunction with another authentication method as a secure method to confirm an account holder.

This makes sense, because if you’re using the fingerprint and a password to authenticate to a service, then both would have to be stolen by an attacker. The idea is similar to using a password and a verification code, a feature that’s increasingly more available to online services. Two authentication factors should always trump using just one, assuming they are both relatively strong on their own.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • JonnyDough
    So...this is pretty much known among anyone who's taken some IT classes. Multi-factor authentication is nothing new, been around since WW1. Not to mention, iris scanning has for quite awhile been considered the most secure form of identification.
  • jasonkaler
    It's all fine until someone steals your fingerprint data.
    When someone steals your password, you just change your password.
    When fingerprint data is stolen... oh well.
  • Valantar
    The title of this should read "Fingerprint Scanning Really Only Widely Available and Relatively Functional Form Of Biometrics Authentication, Visa Report Finds"

    Face recognition was launched way too soon (e.g. in Android), was slow and inaccurate, is easily duped, and has never been more than a novelty. Windows Hello/IR cameras can fix this - if they can ever get people to trust them to be fast and secure again.

    I've never - ever - seen anything offering voice recognition as actual authentication (outside of bad spy movies). And what do you do if you get a cold?

    "Behavioural biometrics" is useless as authentication in most cases - how do you log in to a PC/tablet/phone if the requirement for access is using it in the correct manner? That's like a key that unlocks your car based on your style of driving.

    Given that iris scanning has been unavailable to the vast majority of people until ... the Note 7? Does anything before that have iris scanning?, the fact that people seem to trust that as much as they do is pretty interesting, though.