The Samsung Galaxy S 5 will be hitting consumers’ hands next week and when they do, buyers can go through a setup process to register their fingerprints using a fingerprint reader built into the device. In an example of competition pushing things along, where Apple was content to use fingerprints to unlock an iPhone 5 or pay for iTunes purchases, Samsung is making the use of fingerprints more widespread.
With the help of PayPal, Samsung includes a new protocol on the Galaxy S 5 from the FIDO Alliance. This new protocol was designed so that fingerprint records stay on the device instead of being uploaded to central servers where they could be accessed. Instead, the new protocol combines the fingerprint data with information from a device’s cryptographic chip to create a new key. When a user wants to make a payment via a web site or service that accepts PayPal, instead of logging in, the user can just swipe their fingerprint.
The move to deploy this type of payment process is part of a move by PayPal to improve security. Joel Yarbrough with PayPal points out that consumers are constantly bombarded with requests for passwords which leads to less effective security as they opt for simple passwords or reuse them over and over.
The FIDO Alliance thinks biometric systems are the future for security. The alliance has signed up over 100 members, including companies like Microsoft, Google, Lenovo and LG. On the payments side, they appear to have buy-in from PayPal and Mastercard. With a major platform like PayPal and a large smartphone manufacturer like Samsung onboard, the concept is likely to spread and consumers can expect more devices to come out this year with similar capabilities.
Sebastian Taveau, who was chief technology officer with fingerprint sensor company Validity, says culture changes and recent events are helping drive the adoption of biometric security methods that have been around for several years. He says there has been a “collapse of trust in existing authentication mechanisms” due to recent NSA leaks and the Target debit card breach.
How interested are you in being able to authenticate payments using a fingerprint?