Lots of talk has gone on since the recent spate of merchant data breaches on ways to potentially prevent hackers from gaining access to stored payment card data. Use of biometric information, such as a fingerprint, to access stored credentials is among the solutions often bandied about.
The prospects of using individuals’ biometric information for credentialing is fairly scary. Security may be what biometrics is trying to achieve, but it’s also its biggest flaw. Imagine having your fingerprint information stored at Target this holiday season, that information would now be in the hands of lots of people not intended to have access to it. Unlike a password, someone can’t change his or her fingerprint. So once someone has the print, they have it forever. So even if something is biometric based, it also has to have a lot of other security measures, and that could include GPS-based location services tied to an individual’s smartphone.
Biometrics alone won’t work. It’s very scary that that information could be stored in a way that someone could figure out how to get it. Even if encrypted, that’s a huge security concern. You can’t change your fingerprint.