Online security at your fingertips

Online security at your fingertips

Passwords are easy to crack and a chore to remember. Wouldn't it be easier to scan a fingerprint to, say, check your Gmail account or authorise a PayPal payment?

This could become a reality as early as this year, fuelled by two separate but related developments.

One, smartphones with embedded fingerprint scanners are set to to be unveiled as early as next month, when South Korea's LG is expected to announce its G2 smartphone with a built-in fingerprint scanner.

Apple and Samsung are also reportedly working on releasing such smartphones later this year.

Two, a group of 24 Internet companies, dubbed the Fast IDentity Online (Fido) Alliance, is pushing for the death of passwords to counter rising global e-commerce fraud.

These global scams cost companies in North America alone more than US$3.5 billion (S$4.4 billion) last year.

In Singapore, the situation seems to be worsening too.

In the first half of this year, the Consumers Association of Singapore received 57 complaints about online fraud, compared with 107 cases for the whole of last year.

Fido, which PayPal and Google are part of, believes fingerprinting or biometrics is the effective solution to the global problem.

Formed last July, it is intent on paving the way for consumers to use their fingerprints, instead of passwords, to access online shopping, banking or payment accounts.

In fingerprint scanning, the embedded scanner in smartphones is activated and users are prompted for their fingerprints when they go online to make purchases or change personal details.

PayPal said it is also pushing for biometrics to be an alternative to security tokens, which its president David Marcus said is a "hassle".

Namecard-size security tokens are widely used in Singapore for securing e-banking transactions.

They generate a random one-time password, good for only one log-in, thus providing an extra layer of security to the standard username and password.

Most banks here have issued their own tokens, so customers with online accounts with several banks carry multiple tokens.

"Often, increasing security means increasing friction. The beauty of biometrics is it can enhance security and be convenient at the same time," Mr Marcus told The Straits Times.

This is one reason PayPal said it resisted rolling out security tokens and limited it to certain markets such as the United States and Australia, for testing purposes.

But PayPal's lack of security tokens here - coupled with recent fraud cases involving local accounts - got the attention of the Monetary Authority of Singapore.

In late May, The Straits Times reported that money had been stolen from an unusually large number of Singapore PayPal accounts in the preceding two months. Losses ranged from $50 to more than $3,000.

Singapore e-retailers, however, seem cautious of the new authentication method, pointing out that the technology is untested.

Said fashion e-retailer Zalora's chief product officer Karthik Subramanian said: "If there's a compelling customer benefit, we will evaluate carefully."

Deal-a-day site Qoo10 said its main concern is user convenience.

"How well can the authentication tool settle log-in, payment and authentication at one go?" said its spokesman.

Web users, however, are looking forward to it, saying it saves time.

Marketing manager Sylvia Kang, 35, said the current verification for online credit card payments can be "long and dreadful".

Pre-school teacher Jasmine Kaur, 28, added: "People can steal my password and pretend to be me online, but they cannot steal my fingerprint unless they have my finger."

This website is best viewed using the latest versions of web browsers.