PayPal May Use Ingestible Biometric Devices Instead of Passwords
Presentations made in Europe and the US by PayPal’s global head of developer evangelism Jonathon Leblanc called ‘Kill All Passwords’ is highlighting the possibility that PayPal may move towards advanced and secure electronic password alternatives that can be ingested or implanted under the skin.
These techniques may sound far fetched, but companies are already developing such technology and PayPal is working alongside them. The Fido Alliance which counts PayPal, MasterCard and Visa as members, backs the idea of dropping passwords completely and is investigating ways in which biometric password alternatives can be standardised.
Fingerprint techniques are becoming one of the most well used biometric password alternatives, but other methods such as iris scanning can also be used to prove a person’s identification and allow access to an account. Fingerprint detection is used for high-level security as well as to unlock smartphones and tablets, but Leblanc sees methods that use the exterior of the body to be out of date and internal functions should be focused on in order to move technology forward. This includes heartbeat and vein recognition as these are unique to an individual. In contrast to the external methods of detection currently in use, new developments could include glucose levels measured by ingestible capsules and unique features detected by brain implants.
PayPal is utilising 24 hour hackathons to brainstorm and build prototypes for advanced identification and security techniques in order to allow users to be in charge of their own security.The companies that PayPal currently works with to develop heartbeat and vein recognition technology use external bands, but capsules powered by a user’s stomach acid may be in development in the future. Bank of Canada, Halifax and others are currently working on security that uses the heartbeat for security in partnership with Bionym through heartbeat monitoring wristbands.
In order to strength the traditional username and password methods, weak passwords need to be backed up with something physical, says Leblanc. The thin silicon embeddable EKG monitors that he has described would send information about the heart’s electrical activity to wearable tattoo computers. He also says that these new password alternatives would not yet be socially acceptable due to our current cultural norms. PayPal plans to work on the biometric technology so that it can be used as soon as it would be accepted, as PayPal wants to be at forefront of new developments.
It is true that cultural norms would prevent the general population from being accepting of these strange new ways of identifying ourselves, but it is interesting to wonder how quickly or slowly this may change. Using a device such as a smartphone or laptop when you aren’t 100% sure what information it may be capturing about you is one thing, but injecting, ingesting or implanting new technology is the type of thing that people are likely to be fearful of.
Identity theft on the internet can happen when people use their credit or debit cards online, and it is unnerving to think of a stranger using your details and pretending to be you. However, with a new wave of internal ‘password wearables’ it is even more unnerving to think that if a system in the future was hacked or your details were phished, a stranger would have access to information about your unique bodily functions as well as important details such as your date of birth and address.
While the mainstream use of ingestible and internal biometric password devices may not happen for many years, we should prepare ourselves for the possibility that one day we may be using our glucose level readings, heartbeats or vein patterns to log into PayPal.