Q&A: Hector Hoyos on biometrics and mobile commerce
26 May 2016 12:11 GMT

Creating seamless biometric transaction systems that compliment the increasing convergence of mobile and desktop solutions is high among the challenges facing tech developers in 2016.

Face, iris and fingerprint recognition are emerging as prominent competitors in terms of mobile commerce authentication, although behavioural products which rely on rich mobile data cannot be ruled out as contenders.

In terms of multi-modal solutions, last November, Dutch online pharmacy Koopjesdrogisterij became the first online store in the country to use facial recognition or fingerprint scanning for purchases, using technology developed by Hoyos Labs.

Planet Biometrics caught up with Hector Hoyos, founder of Hoyos Labs and chairman of the Hoyos Group, to gather his thoughts on the future of mobile commerce and biometrics.

Do you think biometrics will increasingly dominate the mobile commerce space?

Yes, in an absolute manner. I predict that, by 2020, every mobile device will have biometrics embedded into it to secure device access, as well as app access and usage. Beyond that, in a few more years, every automobile, surveillance camera, home, etc., will involve biometrics.

As a pharmacy, why is this solution great for Koopjesdrogisterij?

It secures the sale of narcotics online. We are all painfully aware of the abuse of prescription meds here in the U.S., during which the same person may fake names and IDs to go to multiple pharmacies to keep getting the meds that he or she is addicted to. The use of biometrics deters and protects against this, because each one of us is unique, and so are our biometrics.

Is it important that these solutions are multi-modal, or will one dominate?

It is important that they are multi-modal, regardless of the biometrics use. It is all about threat modeling. How likely is it that someone steals my face? This is easy, as it can be done right off of social media sites. So then let’s use our faces and fingerprints – not one print but multiple prints allow for more degrees of freedom, and it’s less likely for someone to get all prints versus one.

Let’s say that, in the future, we have technology that enables the acquisition of our iris or even our DNA in real-time. Does the threat model allow for either one of those, regardless of how many degrees of freedom each may have (face – 20, fingerprint – 30, iris – 245), to be misappropriated by a bad actor? The answer will always be yes. So the more multi-modal a solution is, the less likely – not impossible but improbable – that such solution could easily be attacked and defeated.

What has held back the progress of mobile biometric payments? In terms of Apple, Samsung solutions?

There is no proper genesis, and the security of devices is not quite there. Genesis is the process of properly combining an identity with one’s biometrics. For example, do we allow Jack Smith to bind his identity (name, address, etc.) to Jill Smith’s biometrics? Of course not. Then, there is the question of, “How do we prevent this?” Jack and Jill have to execute genesis, which is the process of binding his or her biometrics to the rightful identity, following specific genesis levels that are established by institutions. 

A bank may ask you to go to its branch and, for one-time only, identify yourself with your driver’s license and ATM card to validate that you are who you say you are before allowing your identity to be bound to your biometrics. This is critical, because if anyone steals your identity and binds it to his or her biometrics, then they can wreak havoc on your life for as long as he or she wants. Solutions such as Apple Pay don’t protect against this.

Anyone could steal your phone and someone else’s wallet and proceed to enroll those credit cards in that wallet into the stolen phone and proceed to use it. As for device securities, two-thirds of the world are Android, and we all know that Android is not as secure as iOS. It’s fraught with vulnerabilities at the OS level, which hackers use to have a field day.

Hundreds of millions of Android phones have suffered virtualization attacks because of this. In the case of iOS, it’s more hardened than Android, but its fingerprint biometrics implementation is not since it can be easily spoofed, as demonstrated by various groups. 

Are there any segments that Hoyos feels are ripe for expansion into?

There is no doubt that biometrics will rule the world. They will be in everything from mobile phones to cameras to automobiles and even as nano-sensors that are woven into the fabrics of our clothes. A global nano-grid of biometrics sensors is what the industry will shortly expand into. We will be the acquisition grid, as well as the biometrics themselves. 

Related articles

Hoyos Labs planning liveness technology for its 4F solution
Hoyos Labs joins govt research on contactless fingerprinting
Hoyos Labs to demonstrate four-finger smartphone tech