New York-based security company Hypr Corp. is working to use biometric authentication as a glue for the currently fragmented state of mobile and online payments.
Online shopping suffers from a number of concerns right now. Beyond the high level of credit card fraud (which accounts for $7.6 billion in annual losses to U.S. card issuers, according to LexisNexis), many checkouts are slowed down by the need to type in account numbers, passwords and PIN codes that shoppers may not have committed to memory. Biometric authentication can address all of these pain points, Hypr says.
“We’re moving towards a more convenient, cashless ecosystem whether we like it or not,” said Hypr chief executive George Avetisov. “The easiest way to get there: remove PINs and passwords."
Once older authentication methods are replaced, older payment methods will likely go with them. "People won't be walking around with plastic in 10 years," he added.
Other companies are taking a similar approach to replacing passwords with biometric authentication, including Mastercard. The card networks' Identity Check, commonly known as Selfie Pay, enables card issuers that support SecureCode (Mastercard's version of 3D Secure) to prompt for facial recognition during the merchant's checkout.
Hypr's offering differentiates itself by letting the retailer choose which traits to authenticate and how many to use at once. For example, a retailer may require customers authenticate with a fingerprint for a $50 purchase, fingerprint and face for a $1,000-purchase or a combination of five biometric traits for a higher-value purchase.
For desktop shoppers, the process is an omnichannel biometric shopping experience. When they arrive and the checkout screen, they receive a notification on their mobile device prompting them to authorize the payment, rather than inputting their password in the browser.
The user's biometric traits, once registered, never leave the device. Hypr's authentication system turns the user's biometric data into a token that is used to confirm payments instead of storing traits on a server.
Hypr doesn’t write any of its biometric algorithms, said Bojan Simic, its chief technology officer — it just writes the security framework.
“We offer all the responsibility in terms of security and encryption of the user’s biometric data and tokenization keys, pick leading biometrics algorithms and plug them into the framework,” he explained. “That way if you're a retailer and want to work with six different kinds of biometrics, you don't have to work with six different companies to do that.”
Hypr was founded in 2014 with $800,000 in private seed capital. In closed a $3 million funding round in October with participation from RTP Ventures and Boldstart Ventures, based in New York, and Mesh Ventures, from Taiwan.