Apple has just confirmed that the iPhone 5S will feature a 500ppi fingerprint sensor right in the 5S’ home button[From Apple’s Touch ID Is A 500ppi Fingerprint Sensor Built Into The iPhone 5S Home Button | TechCrunch]
Here’s an amalgam of the conversations I had with different people following the announcement.
Person: Do you know that fingerprints can be faked? I heard about a Japanese guy who did it with jelly babies or something?
Me: Yes, I know.
Person: Your fingerprints are all over your phone, people could easily steal them.
Me: Yes, I know.
Person: Criminals might be able to find a way to make a fake finger and use it to buy songs on iTunes using your iPhone.
Me: Yes, I know.
Person: Do you know that researchers were able to reconstruct useable 3D models of fingers by accessing stored fingerprint templates?
Me: Yes, I know.
Person: So would you use the new Apple TouchID on your next iPhone?
Me: Of course.
If I sound complacent about the possibility of agents of foreign powers delving into my iPhone, it’s because I am. The Apple TouchID isn’t really about security, it’s about convenience, a point I made on BBC Radio 4’s Today programme. Convenience is something at which Apple excel. When I got on the bus last night, I had to press the home button on my iPhone to wake it up, then swipe my finger to get to the unlock screen, then enter the 4-digit passcode, then touch my Arriva app to display my ticket to the driver. With the new iPhone, when I press the home button to wake it up, it will scan my fingerprint and skip over the swipe and enter passcode stages. That may not seem like much, but when you are at the front of the queue on the bus, or checking it at British Airways, or showing a ticket for an event or trying to show a loyalty card in a shop using Passbook and paying in Starbucks using their app, it will save a few seconds. And there will be a bunch of people who currently don’t lock their iPhones but will because of the fingerprint. That’s it.
Will TouchID be more secure than a 4-digit passcode that can easily be read over someone’s shoulder? Yes. Will TouchID replace 4-digit passcodes? No. You will still have a passcode for the odd occasion when your fingerprint can’t be read or for when your wife wants to look up something on IMDB on your iPhone and can’t be bothered to go into the other room and get her smartphone. Will TouchID make iPhones magically invulnerable and capable of storing your deepest thoughts perpetually and in complete secrecy? No. Biometrics in the mass market are about convenience, not security. As I wrote some months ago:
Apple understands the location of biometrics in the consumer space: convenience, and Apple is all about convenience. Remember, these iPhones aren’t going to be used to launch nuclear missiles or identity people in databases[From Biometric tick]
Right now, the use of TouchID is limited to unlocking the iPhone and authenticating an iTunes purchases because developers do not have access to the fingerprint subsystem, but I’m sure that (given the competitive pressures as other handset manufacturers adopt similar technology) once the subsystem is tried and tested and tuned and optimised then they will be, so when I open PingIt or PayPal I will find myself using the home button instead of entering a passcode. Crucially, given that Apple’s design influence and media mindshare are significantly ahead of its market share, the TouchID’s deployment is a boost for the whole biometric authentication sector.
Apple’s iPhone 5s Touch ID fingerprint scanning feature will kick off a biometric adoption race[From Apple’s iPhone 5s Touch ID fingerprint scanning feature will kick off a biometric adoption race – The Next Web]
When it comes to using this kind of technology in retail payments, there are plenty of people experimenting with the options and plenty of experience in customer reaction. Consult Hyperion, for example, advised Natural Security on their system that combines biometric authentication and contactless interfaces.
Today Natural Security, in partnership with Banque Accord, BNP Paribas, Crédit Agricole, Crédit Mutuel Arkéa, Groupe Auchan, Ingenico and Leroy Merlin, has launched a pilot deployment of a new payment method that combines a smart payment card, biometrics and mid-range contactless communication.[From Announcing the world’s first consumer trial of new payment method incorporating payment cards, biometrics and mid-range contactless technology – Security Park news]
This is what makes me so confident in my prediction that consumers will like, and use, the technology. At the end of the Natural Security trial in France, some 94% of users said that they wanted to pay for all in-store purchases using the fingerprint authentication. A recent WorldPay survey in the UK had half of all shoppers saying that they wanted to use biometrics for payments. Apple’s model — local biometric authentication for the mobile device, wireless communication between the mobile device and the local environment — looks a very sensible one to me.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers