I have been interested in biometrics since 1996 when a little company called Comparitor Systems became one of the first infamous internet era penny stock scams. The New York Times detailed how: "In early May (1996), Comparator became one of the most amazing stock stories on the Nasdaq market, leaping from 3 cents a share to a peak of $1.75...the company had not developed a new fingerprint identification system, as it had said, but had instead stolen a prototype of a system developed by others..."
Comparitor may have been a scam but this was my first exposure to biometrics technology (and how something can go viral over the internet). The technology seemed promising and I believed that it would ultimately replace passwords.
I didn't think it would take 17 years but it does look like our standard alphanumeric password protection standard may finally become obsolete.
Earlier this year we saw headlines such as Ars Technica's "PayPal exec aims to "obliterate passwords from the face of the planet" and the BBC's "End of the line for online passwords, says PayPal" where PayPal President David Marcus stated that "We want to move away from passwords, and get to embedded fingerprint scanners on mobile phones." Moreover, he correctly predicted that: "You're going to start seeing that type of experience later this year, with a mass roll-out in the year to come."
After Apple's acquisition of Authentic last year which included its patent portfolio of biometric technology it should be of no surprise that Apple announced that iPhone 5s would have fingerprint scanning technology and posted a video on Youtube ("Apple - iPhone 5s - The new Touch ID fingerprint identity sensor").
It was a major news event this week including coverage by the Wall Street Journal which quoted PayPals' Senior Director of Platform Raj Mata in "Apple's Latest iPhone Puts Focus Back on Fingerprint Security."
"The industry has always struggled with balancing online security with ease of use - and one has always come at the expense of the other."
However, in a post-Snowden world, one has to wonder how tech firms like PayPal define "security"...namely obtaining fingerprints of millions of Americans (and users worldwide for that matter) and if a Foreign Intelligence Surveillance Court Order or the like can compel these companies to hand over this sensitive data.
ZeroHedge for instance sent out a Tweet half jokingly that "The NSA unveils its brand new fingerprint database" that received almost 600 retweets.
The New York Times had additional coverage of online reaction in, "New iPhone's Fingerprint Scanner Prompts Concern and Nervous Laughter Online."
What the major news outlets missed this week was that the United States Patent and Trademark Office just published eBay's (misspelled or possibly obfuscated?) patent application 20130232066, "Finger Print [sic] Funding Source Selection" whereby a "user selects a funding source that the user wants to associate with a specific user finger."
More specifically, "Each finger of a user can be uniquely associated with a funding source for a user account with a payment provider, such that the user can select or change a funding source by simply having the desired finger print read, such as on the display of a smart phone."
"Examples include one or more different credit cards from one or more credit card companies (e.g., Visa, MasterCard, American Express, Discover, etc.), one or more bank or debit cards, one or more gift cards, one or more loyalty/reward points, one or more bank accounts (e.g., savings, checking, money market, etc.), one or more accounts with a third party payment provider, which may include the current payment provider, such as PayPal, Inc. of San Jose, Calif., etc…"
So if I understand the patent correctly, if you only use your AmEx card when shopping at Whole Foods, and want to purchase one of their new artificial eggs, you can actually create a function for "this little piggy went to market" and PayPal's wallet would seamlessly process funds from your AmEx account.
I assume there would be an opt-in function similar to Amazon's Instant Checkout so that if an "instant checkout" is not selected you would be reminded that a specific finger is associated with a specific account prior to processing the transaction.
Other recent Patent Applications by eBay include this one - "Biometric Authentication of Mobile Financial Transactions by Trusted Service Managers," filed filed March 12, 2012 and this one - "Offline Mobile Phone Payments," which has a "application (that) may be launched to the foreground using fingerprint identification, and other biometric measures;" filed on December 30, 2011.
Although PayPal has filed some patent applications outright, the majority of patent application coming out of PayPal appear to have been assigned to eBay. Even David Marcus, President of PayPal had his 3 patents assigned to eBay.
Interestingly Sebastien Taveau, the inventor of the "Finger Print Funding Source Selection" who assigned his rights over to PayPal/eBay, is no longer employed by PayPal.
While the patent application was just published by the USPTO, it was filed back on March 1, 2012. Approximately nine weeks after it was submitted to the patent office, Validity Sensors Inc. ("the leader in Natural ID authentication, providing the most durable, flexible, highest performing, and cost effective fingerprint sensors and authentication solutions for notebook and Ultrabook® computers, handsets, tablets, and access control solutions.") announced, "Mobile and Security Veteran and Head of PayPal Mobile Ecosystem [Sebastien Taveau] Joins Validity Sensors as CTO to lead the development of Natural ID solutions" (link).
Validity and PayPal are both members of members of the FIDO or Fast Identity Online Alliance, a group formed earlier this year to create standards that will "change the nature of online authentication." Its mission statement it part states that it is "Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users."
Curiously, Apple is not a member of this standards group. Apple is of course the manufacturer of the phone itself and its native applications which includes the Touch ID fingerprint identity sensor. Apple's technology could easily become the defacto standard.
Some might feel it's redundant after logging into their phone with their finger to use additional authentication applications such as PayPal's. Although PayPal's latest patent application does seem to add value by offering an additional level of convenience.
However, since not all phones have native biometric capability, PayPal needs to roll this technology soon so that they are not eclipsed by phone manufacturers such as Apple. Once mobile users begin relying on PayPal's technology on their legacy mobile phones they will demand it on their next generation phones.
About the Author
Brian Cohen has been an active member of the eBay community since May 1998, and he currently trades under the member name Bidofthis.com. His first AuctionBytes article was published in May 2002. Brian's reporting on Bitcoin in 2013 has been referenced in numerous publications including The Register, Tech Week Europe, TechCrunch and PC World. Brian can be contacted through his website at BidofThis.com where he always has a "little Bid of This and little Bid of That."