Step can potentially replace multi-factor authentication for secure transactions.
Anil Sasi , P Vaidyanathan Iyer
Global technology companies such as Apple, Google and Microsoft have so far fobbed an attempt by the Government of India to let their proprietary software allow matching of a user’s fingerprint or iris scan as captured in the mobile instrument with his or her biometrics as stored in the Aadhaar database.
If allowed, this will let a smartphone user to electronically undertake myriad financial transactions. The biometrics on the phone can potentially replace multi-factor authentication for credit cards and other such secure transactions by offering two-factor authentication at the click of a button.
According to senior government officials, companies such as Apple, Google and Microsoft are acting as “gatekeepers” and are averse to allowing open API (application programme interface) that facilitates programmatic access to a proprietary software application.
For instance, Microsoft’s Lumia has an iris scanner, Apple has a biometric touch ID and newer devices running Google’s latest Android Marshmallow operating system have a fingerprint scanner. A detailed questionnaire sent to all three companies last Thursday, February 11, seeking their response on the issue has not elicited a response so far.
Officials explained that the biggest problem in the online world today is of authentication. “As you move more and more business and government processes online, security is a key concern. For financial transactions, what we do today is a two-factor authentication. In other words, there are two separate ways of confirming identity. This improves security and reduces fraud. For instance, today, you have a credit card and a PIN (Personal Identification Number), both sent separately to you. The card is known as ‘what you have’ factor of authentication. PIN is the second ‘what you know’ factor of authentication,” the official said.
Another official said, not everyone has a credit card today, but everyone has a mobile phone. “The mobile number that you have for the phone is ‘what you have’. Phone is one factor of authentication. There are ways to confirm that this mobile number is yours, for instance through mechanisms such as One Time Password. The second factor of authentication is the biometric, which can be an Iris scan or a fingerprint. India’s Aadhaar is unique in the world, and can make the mobile instrument provide a two-factor authentication for online transactions,” the official said.