In an increasingly digital world, retailers are working to bring transactions closer to the shopper and further away from traditional hardware.
Biowatch brings that trend about as close to the shopper as possible, with a product that can be used once to provide authentication for multiple services.
"The 'things' connected to the Internet do not have a way to authenticate the human being interacting with them," said Matthias Vanoni, cofounder and CEO of Biowatch, a Lausanne, Switzerland startup that uses vein recognition technology to authenticate people for a variety of purposes. "But the 'things' can recognize a device like a wearable. Biowatch's recognition of the wearable means recognizing the human being behind that."
Biowatch has been gradually attracting attention since its founding two years ago. It recently drew a $1.2 million seed round and a cash stipend of about $35,000 for winning a Visa developer contest at the recent Mobile World Congress, a prize that comes with a significant boost to the startup's visibility and reputation.
"Visa will be useful to increase our credibility towards partners and thus accelerate product development," Vanoni said. "That will allow us to integrate more easily into bank applications worldwide."
As companies attempt to retire passwords in favor of more advanced methods, security providers will be pressured to find ways to make biometric options more reliable and attractive to users. In the past, biometric authentication methods have had a tough time taking hold in the retail world, with one of the most prominent flare-outs being the Pay By Touch system.
Biowatch's play is to authenticate a single time for multiple services. It uses a wrist vein reader to scan a person's veins and runs that image against a pre-registered template. Feedback tells the user the authentication is successful, then tells the user to close the clasp on the wearable. When the clasp is closed, the company's technology monitors the clasp to ensure it remains closed.
"As long as [our] system is active the [consumer] can use the wearable to authenticate third party services using their protocol with no need for biometric or any further authentication," Vanoni said.
Biowatch will use Visa's API to create a Visa Ready payment product that can integrate into banks' mobile apps, exposing Biowatch to an addressable market of millions of consumers. Biowatch can work with other parties through its own application programming interface.
Body recognition sounds futuristic, but it's not a brand new concept. RBC has deployed a payment wristband in partnership with Mastercard and Bionym that uses heart rhythms to verify a user's identity. And facial recognition technology is behind the increasing number of "selfie pay" authentication initiatives that aim to improve e-commerce security.
"Wearables need great sensors and applications to go mainstream," Vanoni said. "A biometric authentication sensor linked to authentication-related use cases can help wearables go mainstream."
Like all innovations, Biowatch faces challenges. Even given the woeful security of static passwords, alternatives rarely mature. Even smartphone fingerprint readers like Apple's Touch ID tend to fall back on static PIN authentication.
"The history of biometrics is littered with good ideas that didn't go very far," said Al Pascual a research director at Javelin Strategy & Research. "Pay By Touch had $300 million dollars in funding and it didn't work out."
But there have been years of improvements in biometric technology since Pay By Touch shut down in 2008, and Biowatch has the added bonus of being associated with Visa, Pascual said.
Biowatch is betting overall uptake in mobile transactions and commerce and the subsequent spike in risk, as well as the use of the mobile device as a security enabler, make the timing right for this technology.
In the payments industry, Vanoni said, Biowatch envisions its product can work in a number of new payment models, such as apps that provide contactless payments at a point of sale, Bluetooth Low Energy-enabled e-commerce, and digital banking access. Outside of payments, it's targeting transportation systems, car ignition and ID badges for facilities.