Using Augmented Reality and Biometrics for Credit Card Transactions
Wherever there is data, there will be a hacker trying to access it. Every day we send 2.5 quintillion bytes of data to be stored on servers spread throughout the U.S. (and the world). Billions of devices are in perpetual connection to all-pervasive Internet we’ve come to largely depend on. Breaking this down further, there are over 3,000 data records either lost or stolen each minute.
Many people swipe their credit cards giving little thought to the processes behind the transmission. We are focused on the “stuff” we can buy and trust the financial institutions will take care of the rest. Ideally, banks and credit card companies would be these impenetrable monoliths of cybersecurity.
This is not the case.
Even when using the embedded EMV (Euro, MasterCard, Visa), the data still must be housed somewhere. Hackers aren’t only focused on intercepting the transmission; they want the volume of financial information locked away on the enterprise servers. Remember, you may be the source of the data, but it’s the financial institutions who are responsible for storing and protecting it. Your data is a gold mine. Once accessed it can be used for entry into your bank accounts, credit card accounts or identity theft. Other black hat hackers will sell your information to thieves who will then turnaround and wreak havoc on your financial -- and personal -- livelihood.
But, are there other ways to protect it?
Augmented reality (AR) is different from virtual reality (VR). The confusion stems from both terms including the word “reality.” Think of virtual reality as being completely immersed in a different, yet digital environment. For now, VR requires the use of a headset; those clunky looking contraptions that appear similar to those View-Master toys many played with in during childhood. But, AR is a digital overlay of reality -- or reality enhancement and is being touted for use in increasing the safety of your credit card transactions.
Using a smartphone as an example, if you’re on vacation touring a particular city and a museum catches your interest, pointing your phone’s camera at the building will bring up a digital overlay with information. Want to know what’s inside the museum? Tap your phone screen, and it will bring up a menu selection of exhibits. Another tap on the exhibit of choice and you’ll view a 3D virtual tour. Want to purchase tickets? Return to the main menu and tap “Buy tickets.”
This is where multi factor authentication using biometrics via AR comes into play. Right now most credit card or other bank card transactions possess a multi-step process that requires you to be at the point of sale (POS) with the card, and ready to enter your PIN. Certainly, there are the contactless points of sale systems. But, the current security measures on these systems is weak and leaves you vulnerable to fraud. Meanwhile, the traditional methods of EMV verification can prove frustrating for our instant gratification psychology; it is an additional barrier for hackers as well.
Biometrics may be the answer. The emphasis here is may be. Returning to our “buy tickets” museum example, AR offers different authentication capabilities for a contactless yet verifiable payment transaction in addition to password or PIN protection:
● Iris pattern detection. Your device (usually a smart phone)) camera will have your specific iris pattern stored from an image capture of your eye.
● Eye tracking movement detection. This may require the use of specific eyewear such as Google glasses that has a stored pre-recording of your unique eye movement patterns. Whenever you want to buy something, the AR will notify you that it needs to verify your eye tracking movements to complete the purchase.
● Fingerprint pattern recognition. Many devices already have this as an authentication method for accessing information on your smartphone.
● Recorded voice detection. This, by far, is one of the weakest biometric methods since a clever hacker can obtain a voice recording of you merely by calling and speaking with you.
● Behavioral purchase patterns. Along with the biometric data, machine learning algorithms will match your purchasing patterns and preferences with what you’re attempting to purchase at that moment. This data will be cross referenced with, say, your iris pattern which will be captured by the device camera and compared to the stored image.
All you would need to do to complete the museum tickets transaction is follow the directions on the AR menu to verify it is indeed you making the purchase. You may be prompted to have your phone camera scan your iris or retina and provide a PIN. Or, perhaps, you’ll be prompted for both a fingerprint and voice verification.
This is not an exhaustive list as “rods and cones” pattern detection -- another biometric for your eyes -- as well as skin sensing mechanisms, have also been submitted as patented detection systems. Unless a hacker can access your biometric data, and then create an exact replica, if the biometric methods and other data are combined at both the transmission and storage access levels, this provides a super barrier of fraud protection.
But, we are left with an additional question: Do you want all of the extremely sensitive and personal data stored and available for use by a financial institution? Ultimately, the answer is completely in the hands of you as an individual consumer.