WebLinc’s Hill: ‘Scary’ To Consider A Biometrics Breach

Hacker’s accessing improperly stored credit card data is one thing, but what if Target or Neiman Marcus had been storing customers’ biometric information instead? Merchants storing encrypted biometric data is among various security options talked about as a means to protect payment card data. In a recent interview with PYMNTS.com, Darren Hill, founder and CEO of eCommerce platform provider WebLinc, says biometrics alone won’t solve the problem.

 

Lot’s of talk has gone on since the recent spate of merchant data bases on ways to potentially prevent hackers from gaining access to stored payment card data. Use of biometric information, such as a fingerprint, to access stored credentials is among the solutions often bandied about.

But in a recent conversation with PYMNTS Vice President of Digital Media, Darren Hill, founder and CEO of WebLinc, an eCommerce platform and services provider for some of the fastest growing online retailers, described the prospects of using individuals’ biometric information for credentialing as “fairly scary.” Security may be what biometrics is trying to achieve, but it’s also its biggest flaw, he said.(Jump To: 4:21)

“If you can imagine having your fingerprint information stored at Target this holiday season, that information would now be in the hands of lots of people” not intended to have access to it,” he said.

Unlike a password, someone can’t change his or her print. So once someone has the print, they have it for. So even if something is biometric-based, it also has to have a lot of other security measures, and that include GPS-based location services tied to an individual’s smartphone, Hill said.

“… just biometrics alone, it won’t work. It’s very scary that that information could be stored in a way that someone could figure out (how get it), he said. “Even if encrypted, that’s a huge security concern. You can’t change your fingerprint.”

Also, during the interview, Hill talked about Apple’s recent moves to support payment, such as through QR codes in its Passbook product. The company’s potential to disrupt payments, and increase security along the way if it ventures directly into payments.

Apple has millions of credit cards on file and lots of things it can piece together, he said, noting if the company does it in a small way, it likely would find a secure way to pay with a credit card.

(Jump To: 1:35) “Apple could do something in a really big way. They could replace credit cards, they could replace banks. That would be lie creating a whole new industry,” Hill said.

 

To learn more about how the payments industry is responding to retailer data breaches and rising consumer concerns about security, listen to the full podcast by clicking below.

PYMNTSAudioLogo2

*If you have trouble with the audio player above, click here.