With the emergence of Fingerprint payment systems and the fingerprint scanner, the Samsung Galaxy S5 or Apple iPhone 5S respectively, secure web hosting is gaining high priority as consumers have more options in browsing and payment methods.
How do they work?
The Samsung Galaxy S5 fingerprint payment - users swipe their finger across the home button to scan their finger. Using a biometric tool to scan the finger, the print is linked to a unique cryptographic chip to identify the user and the device. The fingerprint scan allows for the user to bypass memorizing and upkeeping multiple passwords. This eases the accessibility of unlocking the phone and can even be linked to PayPal and other accounts. This new payment option allows customers to simply purchase at the swipe of a finger rather than inputting usernames and passwords or account information.
WhiteHat hackers at a German Security Research Lab used a “lifted print” process to hack the S5 and a similar process was used to hack into the iPhone’s fingerprint scanner. The S5 fingerprint hacking is far more worse than the iPhone hacking as its scanners are linked to account data giving the criminal access to vital information.
The Galaxy S5 does not require a password after the initial registration, for either phone access or PayPal, even following a device reboot. On the contrary, the iPhone 5S, requires a password to be entered after every reboot to access both the phone and to purchase apps.
With the Galaxy S5, since the fingerprint is coded with the device’s cryptographic key, in the case of a breach, the link is deactivated once the phone is reported missing or stolen. In addition, Samsung released a statement that highlighted their concerns for their customer’s account security but also restated that the fingerprint data was not stored outside of the phone and that PayPal’s payment protection prevented account misuse.
According to Sebastien Taveau, the former chief technology officer of Validity (a fingerprint sensor company), fingerprint scan technology will be widespread as a new wave of technology stacking up to conventional password systems.