Author: Emira Anjani
Editor: Ayom Mratita Purbandani
Biometric systems, a technique of employing biological properties (facial features, fingerprints, voice patterns) as authentication tokens (“proof of property”), have grown rapidly in both user adoption and market penetration over the past decade.[1] Although biometric identification was initially developed in the late 19th century for forensic and surveillance purposes, its mainstream integration into everyday digital life was pioneered by Apple Inc. through the introduction of the Touch ID on the iPhone 5s. Within a decade of its launch, biometric authentication had been widely adopted by other technology companies and has since become a near-standard feature in contemporary digital devices. To name a few, Google and Android have followed Apple in making their products accessible by biometric monikered Google Passkey and Biometrics API; various mobile banking applications, too, have followed suit, such as MyBCA, Mandiri Living, BRImo, BNI Wonder, Jenius, CommBank, and more.
The proliferation of biometric technologies reflects not only rapid market demand but also broad public acceptance of security systems that are perceived as frictionless and convenient. This is largely because biometric authentication reduces, if not eliminates, the need for knowledge-based credentials (passwords, PINs, keys), replacing them with a more seamless authentication process. Given that 78% of users reportedly forget their passwords within 90 days of setting them, and that 51% are recorded to change their passwords, the integration of biometric systems presents a highly practical solution.[2] User authentication is no longer determined by one’s ability to remember or input credentials, which can be faked or stolen. Instead, it increasingly depends on whether the device and/or system itself can recognize its owner.
Nevertheless, the widespread adoption of biometric authentication represents a significant milestone in digital development. Not only because it has transformed credential-based security practices but also because it introduces a fundamentally more invasive mode of interaction between technology and the human body. Thus, this article seeks to provide a brief overview of biometric technology and its application, offering a conceptualization of the phenomenon it produces, how it serves users, and the major challenges it presents.
Identity is the new security
Rising dominance of identity-based security marks a shift in the paradigm of cybersecurity: a phenomenon whereby human identity becomes the foundation of access, accountability and trust.[3] One may argue that this is an old premise–they will not be wrong. The very basis of national security and an individual’s administration are drawn upon identities. However, the premise takes on a qualitatively different meaning when the stakes extend to personal privacy and accountability in digital environments, because identity is no longer mediated solely through documents, credentials, or institutional verification, but increasingly through the human body itself.
An identity-based security reassign trusts from human agency to technical system. The biometric system operates by an automatic recognition of individuals’ physiological or behavioral characteristics.[4] This does not mean the overall appearance of an individual, but down to the unique, detailed, features of individuals in many variations (similarities and differences included).[5] What is known of an individual’s face (the regular features and how distinctively they appear) is the first layer of recognition; followed by the mannerism to which these features interact independently or conjointly. Hence, the process of setting up a face recognition system requires the individual to blink, whereas touch ID typically demands the individual to move the selected finger. In layman terms, the biometric system quite literally captures who you are rather than what is known of an individual on a detailed level. In contrast with knowledge-based security, which can be reset, revoked, or replaced, biometric identifiers are inherently persistent and inseparable from the individual. It reduces the probability of system failure or breach (although not impossible). In that manner, a failed login is hardly a matter of incorrect input, but a failure of recognition. At the same time as biometric recognition operates with speed, ease, and with minimum cognitive effort, they become a particularly attractive feature in an increasingly digital and mobile-dependent society. Although this convenience masks another layer of transformation taking palace: identity becoming the primary unit of security places it at the top rank for being the strongest safeguard of accountability and the most vulnerable digital asset.[6]
Viable in scale in payment
Beyond accessing devices, biometric systems have also been integrated into the finance (mobile banking) system. In Indonesia alone, Bank Indonesia reported a rise of mobile and internet banking users by 50 percent from 2019 and 2023, and will accommodate over 10 trillion Rupiah in digital transactions in 2023 alone.[7] This figure reflects only conventional banking, not including e-wallet services such as Go-Pay, OVO, and DANA. The sheer amount of transactions necessitates robust and reliable security mechanisms. This is especially true because financial institutions operate at the intersection of highly sensitive personal data and monetary assets, security, and user comfort emerge as critical variables in sustaining user trust and continued system use.
In this context, the integration of biometric authentication within mobile banking applications serves as an additional layer of security alongside personalized PINs and passwords. By strengthening authentication mechanisms, biometric systems help to ensure both user safety and seamless banking experience. Once security is firmly established, users are able to engage more confidently with digital banking services without persistent concern over unauthorized access or fraud.[8] This becomes particularly important as technological advancement coincides with more sophisticated cybercrime, including identity theft, unauthorized account access, and the misuse of personal data.
Given the sensitivity of financial data and the high stakes inherent in banking operation, many financial institutions have adopted biometric technology as a means of reinforcing both security and convenience. Simultaneously, a 2023 study indicates a strong user approval of biometric authentication, with 85 percent of mobile banking users reporting high appreciation for the added security and convenience it provides in every day transactional. This suggests that biometric systems not only address institutional security needs but also align with user expiration for efficiency and ease of use.[9] At its core, however, the primary advantage of biometric authentication in mobile banking lies in its ability to provide a highly secure payment and access layer. Empirical studies have found that biometric based security systems significantly reduce the risk of unauthorized account access. In practice, several banking institutions have reported a reduction of up to 40 percent in unauthorized access incidents following the implementation of biometric authentication.[10] Nevertheless, the adoption of biometric systems is not without challenges. Technical complexity and high initial investment costs, particularly in ensuring device compatibility and system customization, remain notable barriers to implementation.
Major challenges
Both in general application and within the specific context of digital banking, biometric systems continue to face persistent challenges. At a fundamental level, biometric authentication processes operate on an inherently probabilistic model in their performance of recognition of the many variations of individual input, meaning that there are gaps in the nature and stability of biometric traits.[11] Probabilistic errors can occur in two forms: false match (successful match) and false non-match.[12] A false match occurs when the system incorrectly accepts a non-matching biometric pattern as valid, while a false non-match refers to the erroneous rejection of a legitimately matching pattern. However, such probabilistic errors primarily affect system convenience and reliability, scholarly and technical discourse increasingly places greater emphasis on the broader privacy and security implication of biometric authentication.
No system is entirely perfect or impervious to breach. The absence of large-scale incidents causing direct and widespread harm does not preclude the possibility of such failures occurring in the future. Although unlike knowledge-based systems, which rely on replaceable credentials, biometrics are linked to an individual–in how they do and are.
In the event of an unintended event of data disclosure or system compromise, biometric breaches risk exposing immutable aspects of a person’s identity. This concern is further compounded by the parallel evolution of cybercrime alongside advances in security technology. As O’Orman (2003) argues that an attacker may exploit biometric systems by injecting fraudulent identifiers to impersonate legitimate users and gain unauthorized access, for instance through system manipulation or ‘jailbreaking.’ This raises a critical question regarding data ownership and long term accountability, because a successful biometric breach compromises not merely stored information, but authentic biometric representation such as fingerprints or facial scans.
Meanwhile, beyond external threat, individuals are not fully aware of how their biometric data are utilized beyond basic authentication functions.[13] For example, users may be unaware of whether their fingerprints or facial data are cross-referenced with criminal data bases or employed for broader surveillance purposes. Not to mention that given that biometric inputs are frequently captured through device cameras and sensors, there is a possibility of passive or continuous biometric data collection, even when users are not actively engaging with authentication processes. Such data may potentially be used to infer facial expressions, emotional responses, or behavioral patterns in relation to digital content. While mainstream biometric applications currently center on fingerprint and facial recognition there is no definitive assurance that other modalities, such as voice recognition, are not already being deployed for secondary or commercial purposes. Although it is easy to dismiss these concerns as speculative or conspirational, they point to an unresolved structural issue at the heart of biometric systems: the absence of a comprehensive and satisfactory solution to fundamental privacy risks. As biometric technologies become increasingly normalized, the tension between security, convenience and individual autonomy remains largely unsettled.
Ultimately, while biometric systems offer compelling advantages in efficiency and security, their reliance on embodied identity introduces risks that extend beyond technical performance. As identity itself becomes the cornerstone of digital security, the challenge expands to include preventing system failure and establishing governance frameworks that are capable of safeguarding individual autonomy, privacy and accountability in an increasingly biometric-driven digital environment.

Bibliography
Ardianto, Herwin , Chitra Laksmi Rithmaya, and Larasati Ayu Sekarsari. “View of Biometric Technology in Digital Banking: Insights from Generation Z and Millennials.” Perbanas.ac.id, 2026. https://journal.perbanas.ac.id/index.php/jbb/article/view/5378/1981.
Arora, Shefali, and M.P.S Bhatia. “Challenges and Opportunities in Biometric Security: A Survey.” Information Security Journal: A Global Perspective, January 14, 2021, 1–21. https://doi.org/10.1080/19393555.2021.1873464.
Chek, David, Andrew Beng, and Jiankun Hu. Biometric Security. New Castle Upon Tyne, Uk: Cambridge Scholars Publishing, 2015.
Help Net Security. “78% of People Forgot a Password in the Past 90 Days – Help Net Security.” Help Net Security, December 11, 2019. https://www.helpnetsecurity.com/2019/12/11/forgot-password/.
Jain, A. K., S. Pankanti, S. Prabhakar, Lin Hong, and A. Ross. “Biometrics: A Grand Challenge.” IEEE Xplore, August 1, 2004. https://doi.org/10.1109/ICPR.2004.1334413.
Jain, Anil K. “Biometric Recognition: How Do I Know Who You Are?” Image Analysis and Processing – ICIAP 2005, 2005, 19–26. https://doi.org/10.1007/11553595_3.
Joshna. “Biometric Technology Adoption Rates in Security.” Zoe Talent Solutions, March 13, 2025. https://zoetalentsolutions.com/biometric-technology-adoption-rates-in-se....
OJK. “Statistik Perbankan Indonesia – Januari 2023.” OJK, 2023. https://ojk.go.id/id/kanal/perbankan/data-dan-statistik/statistik-perban....
Pato, Joseph N., and Lynette I. Millett, eds. “Biometric Recognition: Challenges and Opportunities.” Google Books, 2026. https://books.google.co.id/books?hl=en&lr=&id=LZhhAgAAQBAJ&oi=fnd&pg=PP1....
Ross, Arun A, Karthik Nandakumar, and Anil K Jain. Handbook of Multibiometrics. Springer Science & Business Media, 2006.
Saputri, Vettyca Diana. “Implementation of Biometric-Based Security System on Mobile Banking Application.” Jurnal Komputer Indonesia 2, no. 1 (June 30, 2023): 25–32. https://doi.org/10.37676/jki.v2i1.565.

1. David Chek, Andrew Beng, and Jiankun Hu, Biometric Security (New Castle Upon Tyne, Uk: Cambridge Scholars Publishing, 2015); Joshna, “Biometric Technology Adoption Rates in Security,” Zoe Talent Solutions, March 13, 2025. ↑
2. Help Net Security, “78% of People Forgot a Password in the Past 90 Days – Help Net Security,” Help Net Security, December 11, 2019, https://www.helpnetsecurity.com/2019/12/11/forgot-password/. ↑
3. Joshna, “Biometric Technology Adoption Rates in Security,” Zoe Talent Solutions, March 13, 2025. ↑
4. Anil K. Jain, “Biometric Recognition: How Do I Know Who You Are?,” Image Analysis and Processing – ICIAP 2005, 2005, 19–26, https://doi.org/10.1007/11553595_3. ↑
5. Arun A Ross, Karthik Nandakumar, and Anil K Jain, Handbook of Multibiometrics (Springer Science & Business Media, 2006). ↑
6. Shefali Arora and M.P.S Bhatia, “Challenges and Opportunities in Biometric Security: A Survey,” Information Security Journal: A Global Perspective, January 14, 2021, 1–21, https://doi.org/10.1080/19393555.2021.1873464. ↑
7. OJK, “Statistik Perbankan Indonesia – Januari 2023,” OJK, 2023, https://ojk.go.id/id/kanal/perbankan/data-dan-statistik/statistik-perbankan-indonesia/Pages/Statistik-Perbankan-Indonesia—Januari-2023.aspx. ↑
8. Vettyca Diana Saputri, “Implementation of Biometric-Based Security System on Mobile Banking Application,” Jurnal Komputer Indonesia 2, no. 1 (June 30, 2023): 25–32, https://doi.org/10.37676/jki.v2i1.565. ↑
9. Herwin Ardianto, Chitra Laksmi Rithmaya, and Larasati Ayu Sekarsari, “View of Biometric Technology in Digital Banking: Insights from Generation Z and Millennials,” Perbanas.ac.id, 2026, https://journal.perbanas.ac.id/index.php/jbb/article/view/5378/1981. ↑
10. Vettyca Diana Saputri, “Implementation of Biometric-Based Security System on Mobile Banking Application,” Jurnal Komputer Indonesia 2, no. 1 (June 30, 2023): 25–32, https://doi.org/10.37676/jki.v2i1.565. ↑
11. Joseph N. Pato and Lynette I. Millett, eds., “Biometric Recognition: Challenges and Opportunities,” Google Books, 2026, https://books.google.co.id/books?hl=en&lr=&id=LZhhAgAAQBAJ&oi=fnd&pg=PP1&dq=challenges+to+biometric+technology&ots=p82unGQasX&sig=t6cWfc_PGbaYGXskVK0pkpynbtU&redir_esc=y#v=onepage&q&f=false. ↑
12. A. K. Jain et al., “Biometrics: A Grand Challenge,” IEEE Xplore, August 1, 2004, https://doi.org/10.1109/ICPR.2004.1334413. ↑
13. Ibid. ↑