Online security at your fingertips
18 July 2013
Fingerprint authentication mooted to tackle e-commerce fraud, replacing passwords
PASSWORDS are easy to crack and a chore to remember. Wouldn't it be easier to scan a fingerprint
to, say, check your Gmail account or authorise a payment?
This could become a reality as early as this year, fuelled by two separate but related developments.
One, smartphones with embedded fingerprint scanners are set to to be unveiled as early as next
month, when South Korea's LG is expected to announce its G2 smartphone with a built-in fingerprint
Apple and Samsung are also reportedly working on releasing such smartphones later this year.
Two, a group of 24 Internet companies, dubbed the Fast IDentity Online (Fido) Alliance, is pushing
for the death of passwords to counter rising global e-commerce fraud.
These global scams cost companies in North America alone more than US$3.5 billion (S$4.4 billion)
In Singapore, the situation seems to be worsening too.
Client : PayPal Country : Singapore
Publication : The Straits Times Section : Singapore
Date : 18 July 2013 Page : N/A
Topic : Online security at your fingertips
Circulation : 219, 960
Link : http://www.straitstimes.com/premium/singapore/story/online-security-your-
In the first half of this year, the Consumers Association of Singapore received 57 complaints about
online fraud, compared with 107 cases for the whole of last year.
Fido, which PayPal and Google are part of, believes fingerprinting or biometrics is the effective
solution to the global problem.
Formed last July, it is intent on paving the way for consumers to use their fingerprints, instead of
passwords, to access online shopping, banking or payment accounts.
In fingerprint scanning, the embedded scanner in smartphones is activated and users are prompted
for their fingerprints when they go online to make purchases or change personal details.
PayPal said it is also pushing for biometrics to be an alternative to security tokens, which its
president David Marcus said is a "hassle".
Namecard-size security tokens are widely used in Singapore for securing e-banking transactions.
They generate a random one-time password, good for only one log-in, thus providing an extra layer
of security to the standard username and password.
Most banks here have issued their own tokens, so customers with online accounts with several
banks carry multiple tokens.
"Often, increasing security means increasing friction. The beauty of biometrics is it can enhance
security and be convenient at the same time," Mr Marcus told The Straits Times.
This is one reason PayPal said it resisted rolling out security tokens and limited it to certain markets
such as the United States and Australia, for testing purposes.
But PayPal's lack of security tokens here - coupled with recent fraud cases involving local accounts -
got the attention of the Monetary Authority of Singapore.
In late May, The Straits Times reported that money had been stolen from an unusually large number
of Singapore PayPal accounts in the preceding two months. Losses ranged from $50 to more than
Singapore e-retailers, however, seem cautious of the new authentication method, pointing out that
the technology is untested.
Said fashion e-retailer Zalora's chief product officer Karthik Subramanian said: "If there's a
compelling customer benefit, we will evaluate carefully."
Deal-a-day site Qoo10 said its main concern is user convenience.
"How well can the authentication tool settle log-in, payment and authentication at one go?" said its
Web users, however, are looking forward to it, saying it saves time.
Marketing manager Sylvia Kang, 35, said the current verification for online credit card payments can
be "long and dreadful".
Pre-school teacher Jasmine Kaur, 28, added: "People can steal my password and pretend to be me
online, but they cannot steal my fingerprint unless they have my finger."