Biometric authentication for e-commerce could be poised for growth, especially given significant security concerns about SMS and one-time passwords for identity confirmation. Federal Bank, a private sector bank in India, recently began a phased rollout, allowing users who shop online with certain merchants to authenticate their transactions using fingerprint or facial recognition. Users who have enrolled in a biometric setup process can use fingerprint on Android devices and their face on iOS devices to authenticate themselves and checkout. “Say goodbye to traditional passwords and OTPs—biometrics offer a faster, more secure alternative that significantly reduces the risk of fraud,” the bank wrote on its website describing the new offering. On the checkout screen of the partner merchant app, users choose the tokenized card from the available options and receive the biometric authentication page directly. From there, they can authenticate the payment using fingerprint or Face ID. Typical banking transactions take around 45 to 60 seconds; using biometric authentication, transactions can be completed within three to four seconds, according to the bank. Although consumers are repeatedly warned not to share one-time codes with anyone, they often disregard this advice. Making matters worse, Sando said she has been asked twice in the past few years by legitimate banks she’s doing business with for her one-time password, which is a big no-no, and has the potential to confuse customers. Employing biometrics for e-commerce transactions would make online shopping more secure, Sando said, adding that she hopes it will become the norm for e-commerce authentication within the next few years. “There are far more secure options out there” than SMS and one-time passwords, Sando said. Getting to that step is another matter entirely, however. Goode Intelligence predicts there will be almost 3.5 billion biometric payment users by 2030, but it remains unclear how quickly biometrics will be widely adopted for e-commerce authentication. In many instances today, customers aren’t required to authenticate themselves when making an online purchase, while some payment methods, like Early Warning System’s Paze require a one-time code. In other cases, customers pay with digital wallets like Apple Pay or PayPal, which already have extra security built into the process.