Apple could dominate m-commerce with iPhone 5S biometrics

Apple could dominate m-commerce with iPhone 5S biometrics

Summary: Biometrics are the new NFC. Over a half a billion users have iTunes accounts primed for mobile payments. While traditional NFC is a nice-to-have feature that enables mobile commerce, biometrics are poised to make the iPhone the digital wallet of the future.

TOPICS: Apple, iOS, iPhone, iPad

A recent spate of rumors claim that Apple will be including biometric technology in the upcoming iPhone 5S in the form of a fingerprint reader embedded in its home button.

Apple could dominate m-commerce with iPhone 5S biometrics - Jason O'Grady
(Image: Discovery Channel)

I hope that the rumors are true.

If Apple's July 2012 acquisition of AuthenTec wasn't enough evidence, purported leaked photos of the iPhone 5S' rear shell and home button flex cable might be the smoking gun.

Unlike near-field communication (NFC), which Apple skipped in the iPhone 5 (much to my chagrin), biometric technology is attractive to both business users and consumers alike.

I have an enterprise Exchange account configured on my iPhone which dramatically alters the iOS security policy. For example, it requires an iOS passcode immediately and sets the maximum Auto-Lock time-out to 5 minutes. As a result, I have to enter the passcode on my iPhone 50-75 times per day. A fingerprint sensor would be a godsend for me.

In addition to convenience, biometrics add a new level of security to iOS that would be extremely attractive to enterprise users and IT departments. Unlike an iOS passcode, which could be stolen from a password database or a printed note, a fingerprint is completely unique and must be physically present to be authenticated.

Glyn Williams wrote on Quora:

A fingerprint scanner on a phone will mean that a transaction can have three important sources of identity verification:

  1. The presence of a personal device registered to the individual.

  2. The location of the device recorded at the time of the transaction

  3. The biometric recognition of the individual present and giving their authorisation recorded at the time of the transaction.

While biometrics got off to an admittedly shaky start — early fingerprint scanners were defeated by severed digits, thinking putty, latex strips, ballistics gels, and even photocopies — it's believed that AuthenTec's technology and patent portfolio could increase security by requiring a matching print, human body temperature, pulse rate, and skin conductance.

To be successful, Apple's iPhone implementation will have to be reliable and quick. Cheaper fingerprint scanners (like consumers models from Microsoft, or the one installed at your gym) can require several attempts and/or take several seconds to authenticate. If reliability is under 75 percent or if the user can enter a passcode faster than it can authenticate a fingerprint, users won't adopt it and it will be a failure. There are also hurdles in cold weather climates where users wear gloves, but the biometrics will likely be able to switched off via the Settings app.

Apple's AuthenTec acquisition isn't just about security, though; it's also about NFC, mobile wallets, payments, and mobile commerce. Apple has over 575 million iTunes account holders (most with credit cards on file) and could easily use biometrics and its trojan horse PassBook app as the digital wallet of the future.

It could be super slick: Walk into a store, press the home button on your iPhone to pay, and have your purchase billed to your iTunes account. Apple could also make a fortune in transaction fees in the process. And what vendor wouldn't jump at the opportunity to accept iTunes as a new payment tender? Especially if the hardware and startup costs are minimal because the customer carries the hardware in their pocket.

Where do you stand on biometrics? Passing fad or the future of m-commerce?

Topics: Apple, iOS, iPhone, iPad

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • In answer to your question

    "what vendor wouldn't jump at the opportunity to accept iTunes as a new payment tender?"

    If this includes the 30% Apple tax, most vendors will baulk at this. There is a difference between selling digital content through iTunes and using iTunes as a payment gateway. the current business model of iTunes is unsustainable within the payments and transactions industry.

    There are other simpler, cheaper payment solutions providers and it is presumptious to think Apple will turn this market on its head due to their inclusion of biometrics. kindly do not forget that there are still the credit card transaction costs behind.
    • Hold on a minute

      There's no such thing as a 30% Apple tax. Apple developed the business model for smartphone apps and for that matter for online music purchases as they exist today. The pricing models for those businesses developed around Apple's getting its 30% share. Far as books go, 30-40% is the standard wholesale discount.

      Though it sometimes missteps, the Apple brainstrust is NOT stupid. They surely get that their payment transactions fees are likely to be < 1%. Volume is what makes this a desirable business.

      That said, there's a huge risk if they do something proprietary because if it succeeds an open standard will quickly come along. In this universe customers will want something device neutral in the long term. One hopes that even if they make use of their own technology to implement this, under the hood they are ready to plug into if not spearhead such an open standard. Hey, dreams are free. . .
    • uhmm, ,yeah, okay

      spoken like someone who has absolutely no clue what Apple would do in this case but who couldn't resist the temptation to self-assign a course of action based solely on rumor and speculation...and then bash them for it. How about waiting until fiction becomes reality and then feel free to air your obvious disgust for Apple if they decide a 30% cut is their model of choice.
  • Stop the insanity!

    Yes, biometrics are the new NFC in that they are a tech that nobody wants that every tech blogger insists will "change everything".
    • I would want it

      If it works really well, I would want it.
    • I'd use it

      I find it very convenient to use my phone at Starbucks and airport screening. It would be even better if I could use it at every location where I make quick purchases. Accurate and speedy fingerprint technology would give me confidence that it would be secure and usable.
  • What is it about biometrics that turn people stupid?

    So--if somebody steals my phone and the *fingerprint signature* (not the fingerprint itself) the account is compromised.

    Good plan.
    • RE: What is it about biometrics that turn people stupid?

      Are you saying that biometrics are NOT the future of secure identification? Or just that this particular implementation is flawed?
      • All implementations are flawed.

        Usually in different ways.

        Fingerprint identification fails if you have to have a bandaid on a bad cut. And has been shown to fail in many cases just using fake fingers...

        Facial/iris recognition fails in the presence of high resolution images (it only has to be better than the camera...).

        Voice recognition fails in presence of high quality recorders (only has to be better than the digitizer listening).

        bypassing the scanning input (all cases) fails when the signature is captured and replayed properly.
        • The fact that it can be compromised (flawed) doesn't make it useless.

          As you say virtually every system has flaws that can be utilized to bypass the system. Locks can be picked. Passwords can be stolen or decrypted.

          The issue is the amount of effort and the relative amount of security. For my phone I just want to lock out the average joe. I'm not looking to block hackers because it is probably too inconvenient to do so.

          I personally like the idea of biometrics. It beats typing in a password and probably is as secure or better in practice. It just needs to be fast.
          • It's a gimmick

            They've been tried on laptops and I don't see a huge rush by laptop makers to include it in all their models.

            If it was a superior security option, the financial industry would have implemented it already.

            This also means you still have to have a physical button on the phone which also means a relatively big bezel compared to other phones on the market.
          • Re: They've been tried on laptops

            I absolutely love the ability to swipe my finger and log in, instead of typing a password. And this is on a laptop. It was way more convenient on a smartphone!
        • curious

          If Google had implemented this, would you have the same opinion?
      • I will say that, yes.

        There have been incidents in other (mob-dominated) countries of fingers being cut off so they could be used to get through biometric access points. We'd like to think "that won't happen here". Maybe not. But it has been shown to be trivial to make a mold of fingerprints using readily available materials from any drug store, and that these replicated prints capably fool fingerprint readers.

        What are we going to have to do...wear gloves always and everywhere, so that our prints are not lifted?! Because once biometrics are accepted as the be-all of authentication, the stakes just got raised as to the consequences.
        • Disagree. Locks and security measures are a deterrent nothing more.

          If you look at most security measures: Door locks, passwords, pins are deterrents to petty efforts. And in most cases that's all they need to be. Biometrics alone may not be sufficient for high stakes security but for low stakes security it is fine. I am not trying to protect my phone against a determined hacker. I am trying to protect it from light weight attacks. Protecting against the former requires more work and it is only necessary when guarding high value assets.

          It isn't hard to break into a car but most thieves still go for the unlocked car. it is just easier. Make the deterrent hard enough and most would be attackers pass by.

          Adding degrees of difficulty is usually best accomplished by have multiple layer security.
          • multiple layer?

            What does that mean? Are you saying that this finger print security is on top of inputting a code? So what, you swipe with your finger and then still have to input a code?

            That's ridiculous.

            Biometrics is a gimmick and shows how Apple doesn't know what the word innovation even means anymore.

            Biometrics and Gold phones are Apple's ideas of innovation. How the mighty have fallen.
          • Gold phones

            I can see Samsung releasing a gold phone, along with a gold smart watch. Gold is the new black.
          • Agree

            If Samsung is true to form, they will.
          • Re: shows how Apple doesn't know what the word innovation

            Your argument made some sense up to that point... even if you didn't really understand the matter. But then, it's obvious you don't care for the explanation of security layers, just that Apple are... whatever.
        • Another MythBusters viewer telling us "All implementations are flawed"

          “.. it has been shown to be trivial to make a mold of fingerprints using readily available materials from any drug store, and that these replicated prints capably fool fingerprint readers.”

          Exactly who has shown this, apart from MythBusters with a cheap scanner?

          Fingerprint scanners can be anything from an excellent to worthless when it comes to security: it all depends on the implementation. The kind that can be defeated trivially “with readily available materials from any drug store” are the bottom of the range ones that use 2D black-and-white imagery; the best ones use 3D (depth) and grey scales to get results that are hard to defeat.

          It all depends on the implementation and nobody here has those details.

          While your complaining about fingerprint security, consider the fact that bank quality cryptography can be cracked in well under a day, with pretty modest equipment. Fingerprint scanning may not be the weakest link in the security chain.