Mobile Pay is Nice, But What We Need is Mobile Auth

apple-pay-web-e1474436877837

I love Apple Pay, and Samsung Pay, and all the other pays. I think they’re great.

I do think that they’re steps on an evolutionary path, however, and they’re not very close to the plateau. The plateau is when you don’t do anything—when your identity is passively (but strongly) authenticated using hundreds of data points.

Square had a payment method a while back (not sure if they still do) where you just walk up to the coffee counter, and you pay transparently and automatically. I think they might ask your name or something.

As a security person that gives me the revolted-creepy-smiles, but it is definitely where we’re heading.

I do really like Apple Pay for Web, though, which just launched with MacOS Sierra today. It basically allows you to check out using your iPhone or Apple Watch (on sites that support it).

But I think the real magic isn’t in payments; it’s in logins.

Think of Amazon. You can buy things if you’re logged in. There’s no extra step. You turn on one-click pay and you’re good to go. The issue is auth.

So what we need to do is get auth (and payment) tied to our computing ecosystem, meaning our mobile ecosystem, meaning Apple or Google.

Everyone else is screwed. Except maybe Amazon. They’re magical and might figure something out.

Unsupervised Learning — Security, Tech, and AI in 10 minutes…

Get a weekly breakdown of what's happening in security and tech—and why it matters.

But in general the game is to own the ecosystem (which is mobile-based), and then use the data that the ecosystem knows about you to authenticate at appropriate levels when needed.

Log into Amazon? Log into Facebook? Log into bank? Log into Google?

Who knows you better than your mobile phone and your watch that’s never left your wrist since doing a Finger/Retina/DNA/Voice match? Nobody. It’ll be the best auth. Nobody will have better auths.

Anyway, that’s what I’d like to see:

Strong, unified auth that radiates outward from the mobile platform, including your phone and your watch, to get you into all your various types of accounts.

And then of course it lets you authenticate payments and other stuff as well.

Related posts: