Mobile biometric authentication is an approach to multi-factor authentication (MFA) to verify an individual’s identity that uses possession of a mobile device as a first factor and use of that device to verify a unique biometric identifier as a second factor. The biometric approach might be fingerprint recognition, facial recognition, speaker recognition or a combination thereof . The biometric modality can be used instead of, or in addition to, a traditional password.
Mobile biometric authentication is primarily used for mobile banking and e-commerce. For example, customers can authenticate transactions that originate from their mobile banking or retail applications using facial recognition or voice biometrics..
Fintech companies that integrate with customer bank accounts also leverage mobile biometrics to authenticate transactions. These can be at a physical point of sale (e.g., performing facial recognition when using Apple Pay or Samsung Pay in a brick-and-mortar location) or to authenticate electronic transfer of funds through a mobile fintech app (e.g., Venmo or PayPal).
Enterprises may use mobile biometrics as a form of passwordless authentication. In this process, an employee may attempt to access a corporate application through a web browser launched on a laptop or tablet. Upon navigating to the login portal, the employee enters their username. A notification is then sent to the authorized user’s registered mobile device. This is the “possession” authentication factor. Only the user that possesses the registered device can authorize the attempted login. Receiving an authentication notification without having attempted a login could indicate a fraudulent login attempt.
A biometric verification on the device is the second authentication factor. Using facial recognition, for instance, verifies that the individual in possession of the device at the time of the login request is in fact the authorized user. This prevents illicit access to enterprise data if a device is lost or stolen.
Business and commercial use cases such as these are spurring significant growth in the global mobile biometric authentication market, which is expected to achieve a net worth of nearly $50 billion by 2022.
Native vs. in-app biometrics
Some but not all mobile devices natively include specialized biometric authentication sensors and software that can be used instead of passwords to unlock the device, login to apps, and even make purchases. But for organizations such as banks and retailers, convenient security is a differentiating feature of their mobile apps, and so they often require their apps to offer security and user experience features that are differentiating, customizable, and consistent across their entire customer base. Including biometric authentication capability within their apps, as opposed to relying on a feature of a particular device, gives app providers the power to differentiate and customize the security features and performance of their apps.
Multimodal biometric authentication
Multimodal biometrics applies the use of two or more biometric modalities for multi-factor authentication. The implementation of multimodal biometrics should strike the right balance between matching performance and convenience; that is, multimodal biometrics will ideally reduce the likelihood of a false positive without adding complexity to the user experience.
Matching performance is vastly improved with multimodal biometric authentication. For example, facial recognition paired with voice biometrics, is more precise because it uses multiple variables to verify a user’s identity.
Multimodal biometrics also improve liveness detection. A fraudster who uses a non-live “spoof” of an authorized user’s face or voice will struggle to spoof both modalities.
Approaches to using of multimodal biometrics
Multimodal biometric capabilities can be leveraged in different ways. The manner of use will primarily depend upon user preference and the choice to prioritize convenience or security.
- Interchangeable: Users can choose the modality they want to use in the moment. They might use voice recognition for hands-free authentication while driving, but facial or fingerprinting recognition in most other scenarios. This increases convenience at the possible cost of security since only one modality is needed for access at any given time.
- Use of multiple biometric modalities: A user performs more than one capturetype in succession for a single biometric authentication (e.g., facial first, fingerprint second). This heightens security but adds a second step for the user.
- Simultaneous: Two modalities are captured at the same time. This improves security with minimal impact on ease-of-use.
- Optional: The user pre-selects which modality they prefer to use for each application, and they must stick to that modality.
- Step-up: Application might determine that an additional modality is required based on real-time assessment of risk factors. For example, a low-value bank transaction might require a single modality, whereas a transfer of more than $100 would require a second modality.
Aware products for mobile biometric authentication
Knomi is a mobile biometric authentication framework provided by Aware. It offers face, voice, and keystroke dynamics with robust liveness detection.