Farpoint Group Technical Note — November 2008
M-Commerce – Farpoint Group believes that mobile e-commerce, or m-commerce, will be a key driver of the wireless industry for some time to come. Loosely defined, m- commerce is the ability to buy products and services using a mobile device anywhere access to a supported network is available, and is applicable in both pure-consumer and business-to-business settings. Most m-commerce transactions involve a credit or debit card, which itself is less than secure, but even more vulnerable to theft and error when the user has to enter a credit card number and supporting information on a mobile de- vice. A fingerprint could be used here as the key to a secured file containing credit card information, with applications assuring that the card information itself never appears in the clear and is always sent over a secured connection – secured, again, with a finger- print. In addition to the security advantage, this approach eliminates the inconvenience of digging out a card and manually entering a credit card number using a mobile key- pad, a major barrier for those of us with limited patience and (especially) time. Note also that m-commerce transactions will increasingly involve the use of wireless technologies other than cellular and even Wi-Fi connections, with nearfield communica- tions (NFC) and related contactless short-range technologies becoming, we believe, very popular. But wireless credit card readers based on any radio technology introduce the potential for financial data to be stolen while in transit through the air, and thus motivate the need for appropriate security solutions. A fingerprint can be used to secure these links in a manner identical to any other communications or networking application. In a first-of-its-kind trial conducted in the United States by Cellular South, Bank of America, and MasterCard, the security and convenience of fingerprint was taken further, provid- ing users the ability to open their “electronic wallet” across a secured NFC link and se- lect their preferred payment card all with the swipe of their designated “payment fin- ger”.
Other financial transactions – This model can be extended to all forms of financial transactions beyond those using credit cards, including banking, brokerage, and related types of services. We believe it is likely that financial institutions will insist on some form of two-factor authentication in the future to reduce the cost of fraud, with finger- print recognition being the simple and convenient solution. Convenience that encour- ages transactions is a key element in financial services today and clearly driving such initiatives as MasterCard’s PayPass and Visa’s payWave contactless payment systems. Adding fingerprint recognition here is a simple and natural improvement beyond basic capability.
Digital signatures – A fingerprint is an ideal digital signature, extremely difficult to forge and with natural duplicates existing only very, very rarely. We thus have a simple and reliable mechanism to authenticate identity and establish authenticity of and owner- ship for documents and transactions.
Combined solutions – Note that a fingerprint can be used in conjunction with a SIM card or similar hardware token to implement a complete two-factor authentication solu- tion. When combined with a PIN code or password, creating a three-factor (and yet still very convenient and easy-to-use) solution, the resulting combination is as secure as