Criminal theft of passwords has made passwords obsolete, and so a new factor is required for authentication. Biometrics will be that new factor. It increases security and will prove more convenient for the consumer than passwords as it transitions into a persistent identity over the next 5 to 8 years. Increasingly smartphones are shipping with trusted execution environments that can displace traditional hardware security fobs. These new smartphones are critical to this fundamental shift in biometrics. A new research report from Mercator Advisory Group titled Biometrics: A New Wrinkle Changes the Authentication Landscape explains the need for multimodal biometric authentication and describes many types of biometrics available from various technology providers. The report shows how biometrics technology has shifted from a primarily hardware-based solution to a software-and cloud-based solution enabled by smartphones that have become much more secure. With voice and face recognition, and now the addition of behavioral biometrics, this shift will drive rapid new innovation and will tip the market in favor of the mobile architecture. 

1. Biometrics:
A New Wrinkle Changes the Authentication Landscape
January 2017

2. 2017 Mercator Advisory Group
A new research report from Mercator Advisory Group titled Biometrics: A New
Wrinkle Changes the Authentication Landscape explains the need for multimodal
biometric authentication and describes many types of biometrics available from
various technology providers. The report shows how biometrics technology has shifted
from a primarily hardware-based solution to a software-and cloud-based solution
enabled by smartphones that have become much more secure. With voice and face
recognition, and now the addition of behavioral biometrics, this shift will drive rapid
new innovation and will tip the market in favor of the mobile architecture.
Increasingly smartphones are shipping with trusted execution environments that can
displace traditional hardware security fobs. These new smartphones are critical to this
fundamental shift in biometrics.
Criminal theft of passwords has made passwords obsolete, and so a new factor is
required for authentication. Biometrics will be that new factor. It increases security and
will prove more convenient for the consumer than passwords as it transitions into a
persistent identity over the next 5 to 8 years.
New research report is primer on fundamentals of
biometrics for authentication of consumers’ identity

3. 2017 Mercator Advisory Group
For persistent identity, authentication no longer entails just a single challenge event
such as a fingerprint scan but evolves into a passive trust value uniquely associated
with an individual, as is being pursued by Google. The trust value will be constantly
updated based on multiple factors including location and passive sound (voice and
ambiance) as well as facial recognition and a range of behavioral inputs.
With the mobile device formulating this trust factor, it is highly likely that Apple and
Google will be critical partners in consumer authentication for the majority of access
control scenarios, including call centers and physical access.
This reliance on the smartphone will help establish the FIDO (the Fast Identity Online)
Standard as the appropriate architectural approach for managing authentication
credentials. Keeping the credentials in the handset eliminates the honeypots that
attract criminals, increases consumer trust, and converts the authentication
infrastructure into a shared resource that will greatly lower deployment costs currently
associated with all authentication solutions.
Research report argues that passwords are obsolete

4. 2017 Mercator Advisory Group
With the mobile device formulating this trust factor, it is highly likely that Apple and
Google will be critical partners in consumer authentication for the majority of access
control scenarios, including call centers and physical access, according to the report.
This reliance on the smartphone will help establish the FIDO (the Fast Identity Online)
Standard as the appropriate architectural approach for managing authentication
credentials. Keeping the credentials in the handset eliminates the honeypots that
attract criminals, increases consumer trust, and converts the authentication
infrastructure into a shared resource that will greatly lower deployment costs currently
associated with all authentication solutions.
Keeping credentials in the handset aids
authentication and enhances security

5. 2017 Mercator Advisory Group
“The digital future is rushing toward us. Today mobile phones collect consumer activity
data and utilize machine learning to provide a range of conveniences before the user
even asks—from helping find where one parked one’s car to “Behavioral dynamics will
play an increasingly important factor in establishing trust factors for the authenticating
consumers’ identity across every channel and for establishing persistent identity,” said
Tim Sloane, Vice President, Payments Innovation at Mercator Advisory Group,
and author of report.
Tim Sloane
Vice President, Payments Innovation, and
Director, Emerging Technologies Advisory Service
Mercator Advisory Group

6. 2017 Mercator Advisory Group
Highlights of this research report:
• Cybercriminals are so effective that data security will continue to be at risk until passwords are
eliminated entirely.
• Consumers will come to accept biometrics just as they did mobile banking.
• Apple and Google will continue to upgrade and extend the security and biometrics implemented in
hardware and operating systems and, due to their broad visibility into the life of the mobile device user,
will have more data than all others for authenticating the individual.
• Authentication will evolve from a single challenge event, as with fingerprint readers, into a passive
persistent identity trust value based on multimodal biometrics
• Smartphone technology is rapidly becoming more secure and broadly available in the U.S. population,
which means that broad deployment of biometric hardware by financial institutions is likely to be
obsolete in less than 5 years.
• Apple and Google solutions will likely become critical hardware and software authentication suppliers
for the majority of access control scenarios, including devices, call centers, cloud and application
authentication needs.
• Biometric tags and trust decisions should be held and calculated in the device to mitigate the risk
associated with central storage of credentials; this is critical for increased consumer trust.
• FIDO authentication architecture will establish an authentication framework that moves much of the
hardware and software into a shared asset resident on the mobile phone, greatly lowering the cost of
deploying authentication solutions.
• Financial institutions should plan for the biometric world described above by utilizing the mobile device
for authentication wherever possible and to avoid the collection of biometric data centrally as that data
represents yet another target for criminals.

7. One of the 8 exhibits included in this research report:
© 2017 Mercator Advisory Group
Figure 1: Each Organization Has a Perspective on Identity
That Is Linked to Its Own Credential
Source: Mercator Advisory Group © 2017 Mercator Advisory Group
KYC/Loan Risk Newspaper Driver’s License Online Purchase Email Account
Gw^1H9!
Hj9(1+?B! buY1tN0W!
emai1102!?

8. About the research report:
2017 Mercator Advisory Group
This report is 44 pages long and contains 8 exhibits.
Companies mentioned in this report include: AimBrain, Allscripts, Amazon, Apple, Arena, AstraZeneca,
Balabit, Bank of America, Bank of Tokyo, Bayer, BehavioSec, BioCatch, BrowserSpy.dk, bunq, Chase,
ContinUse, CO-OP Financial Services, Desert Schools Federal Credit Union, Diebold, Discover, E8 Security,
Early Warning, Eli Lilly, Entrust Datacard, Etsy, Evernym, Exabeam, Facebook, FIDO Alliance, FIS, Fiserv,
Fortscale, Fujitsu, GlaxoSmithKline, Google (Alphabet), Gurucul, HID Global, The Hiroshima Bank, HP, IBM,
IDScan Biometrics, IEEE, LexisNexis, LG, Merck, National Westminster Bank, Nikon, NuData, Nymi,
MasterCard, MicroBilt, Microsoft, Mitek, NetGuardians, PayPal, Plurilock, Qualcomm, SAFE-BioPharma,
Samsung, SecureAuth, Securonix, Sovrin Foundation, Sqrrl, Telesign, Temenos, TMG, Twitter, UniCredit,
USAA, US Defense Department, Veridium, Visa, VoiceVault, Wells Fargo, Yahoo, and Xiaomi.
Members of Mercator Advisory Group’s Emerging Technologies Advisory Service have access to these
reports as well as the upcoming research for the year ahead, presentations, analyst access, and other
membership benefits.
For more information and media inquiries, please call Mercator Advisory Group's main line: 1-781-419-1700;
send email to media@mercatoradvisorygroup.com.
For free industry news, opinions, research, company information and more, visit us at
www.PaymentsJournal.com.
Follow us on Twitter @ http://twitter.com/MercatorAdvisor.

9. About Mercator Advisory Group
Mercator Advisory Group is the leading independent research and advisory
services firm exclusively focused on the payments and banking industries. We
deliver pragmatic and timely research and advice designed to help our clients
uncover the most lucrative opportunities to maximize revenue growth and
contain costs.
Our clients range from the world's largest payment issuers, acquirers,
processors, merchants and associations to leading technology providers and
investors. Mercator Advisory Group is also the publisher of the online payments
and banking news and information portal PaymentsJournal.com.
2016 Mercator Advisory Group