TouchID: risk and reward at the touch of a button

Carl Schlachte / September 19th, 2013

Last weekend my son’s car was broken into. It was in the parlance, a “smash and grab” with the front passenger window smashed and his wallet grabbed. What followed was an interesting lesson in security. Our local police investigated the crime scene and dusted the car for fingerprints, they also noticed some blood splattered on the door. Apparently while the window was being bashed in our thief had cut himself. Always curious about these kinds of things I chatted with the police as they did their work. They were thrilled to have blood as opposed to the prints because the results of DNA testing would come back “much, much more quickly”–weeks rather than months. When I told them I was surprised that DNA would be quicker, the police chuckled and asked how many TV crime dramas I watched. The quick-scan-immediate-result fingerprint identification methodology I had learned by watching “Dexter” or any one of the CSI dramas is definitely made for TV. These days a set of fingerprints without a suspect can take as long as six months to identify (if ever).

Contrary to what CSI would have us believe, humans are still a big part of the analysis. The point is that fingerprint recognition at this scale is hard to do in a foolproof, automatic fashion.

Apple’s Risky Move

Which led me to thinking about Apple’s latest iteration of the iPhone and its fingerprint recognition technology. Granted, they have lowered the recognition bar considerably for themselves in that they are only trying to recognize up to five fingerprints per phone. But they’ve raised the bar in many significant ways: they definitely want a CSI instant-recognition moment and they want it to be completely foolproof. They want it to become indispensable. Think for a moment about what Apple is risking here: brand-new, unproven hardware on the most used button on its flagship product. Gutsy call.

The inclusion of a fingerprint reader sticks out like the proverbial sore thumb

I keep wondering, “why take the risk?” My fingerprints are ripe for the using on keyboards and trackpads and laptops. Why not just put a fingerprint scanner on a high-end Macbook Air to flush out any bugs and get some experience first? Doesn’t it just seem too risky to make the highest volume flagship product a test bed for something never built before? Had they left the scanner out, no one would’ve even complained. Between introducing a new OS and a new set of processors, there would still be plenty of room for innovation to be bragged about. The inclusion of a fingerprint reader sticks out like the proverbial sore thumb. Apple must’ve really wanted something to make this kind of bet this way.

To get to why Apple might take this type of risk right now, we have to stop thinking of the iPhone as a “phone”. I think Apple’s view is that the iPhone is an experience that happens to have a radio attached to it. Sure the iPhone can make calls, but in the end, voice is just an app. It’s the totality of the experience that matters. To paraphrase Tim Cook “… the key for having a great killer product is to have incredible hardware, incredible software and incredible services… and the real magic occurs at the intersection of those…”. Apple has realized that key to its future success is a maniacal focus on reducing the friction between the pieces of an experience that make up a product. The iPod, or Macbook Air or iPhone are always just a means serving the end of a smooth user experience. Think of Apple as looking for friction everywhere and seeking to get rid of it in the most unobtrusive way possible.

Frictionless Transactions

Imagine for a moment walking into an Apple owned bar to order a beer. Apple wants to do everything in their power to ensure that beer reaches me as smoothly as possible. They want me drinking, not waiting, not thinking about anything other than my next beer. They don’t see the beer as the money maker, they only see me–the beer is just a way extract money from my wallet. So the typical Apple way is to start a tab and stare hard at the bar top wondering why it isn’t as smooth as it could possibly be. A very slick bar surface means a beer gets to me that much quicker and seconds count because those seconds are when I am not spending money.

Apple did this with music and in just ten years iTunes has gone from nothing to almost $4B in revenue per quarter. Apple didn’t make the music, it didn’t write the apps it just made the purchases slide down a well varnished bar top. Walk into an Apple retail store and see this concept in full display: no cash registers, no queueing up. You can buy your selection right there from a pierced and tattooed Apple Genius before you’ve had that much time to think. Armed with your iTunes ID and a credit card on file, before you know it, you’re out the door with a receipt emailed to you… No muss, no fuss. Oily smooth. Have you ever wondered why it takes a couple of days for Apple to email an iTunes purchase receipt? Disconnect that momentary movie purchase from the friction of an immediate reminder of money spent and the second guessing goes away. Easy. Slick.

With the foresight to see really smooth bar surfaces as the key to unlocking billions of dollars of profit, things like uncured varnish, rough wood and bad joints become very annoying in Apple’s view of the world. Slick is their thing, so in the end they must, simply must, make the best bar. With a great bar, it is essential that the beer sliding ever so smoothly to a waiting hand is guaranteed to be paid for. A genius bar top and credit worthy hands can be a very lucrative business, metaphorically speaking.

Those credit worthy digits can be a huge source of friction. Taken all together there are over $3 trillion in credit card transactions every year. These are not necessarily easy transactions though. Merchants actually have a line in their budgets called “fraud review” and over 50% of that budget goes to a human reviewing a transaction to determine if it was valid. Every credit card company on the surface of Earth is trying very, very hard to determine if it was actually you that was making the purchase they are approving. Credit card processors have done studies on where you live, what you like to buy and who you are with to try to outguess thieves. The key is that the credit card companies want to know if it is really you before they lend you any money. Literally billions of dollars every year are lost just due to fraud alone. Add in how difficult it can be to even make purchases at retailers some times and we have a rough surface just waiting to be sanded down.

A new idea is born: Apple can make money from the way money is being made.

Apple must be sitting on a very interesting data set by now. After a decade of the iTunes store there are over a half billion active iTunes accounts with credit cards attached to them. Apple has seen more than its fair share of purchases and most certainly a decent amount of fraud. I’m just guessing, but at some point someone was probably tasked with lowering the amount of fraud in the iTunes store. Then someone else in Cupertino had the bright thought to check on how many of those fraudulent purchases were made using Apple devices in the first place. “Hey wait a minute!” this genius says, “We’re being scammed using our own products!” And wherever these ideas go in Infinite Loop to be combined with the other money-making memes, this one recombinates with low friction thinking. A new idea is born: Apple can make money from the way money is being made.

The Big Bet

This is why an untried fingerprint recognition technology on a flagship product is risked. Apple is after a big change, one that may take a while yet to pull off, but they almost have all the pieces to make their vision work frictionlessly. What if Apple could guarantee to credit companies and merchants alike that a purchaser was a valid purchaser? What if Apple could enable purchases in Sears (or any store for that matter) to be as easy and smooth as they are in an Apple Store? Apple surely must have considered what percentage of those $3 trillion in credit card transactions companies would be willing pay to enable a very secure, effortless experience. Seen this way, iTunes and the Apple Store, and now the 5s are test beds for a very big bet indeed.

The big bet is Apple knowing who and where you are and underwriting your purchase in whatever time or place is best for you. The iPhone 5s with fingerprint recognition enabled can definitively say that you are indeed you. Every sensor in the package combined with your fingerprint can say, for example, that you are standing in Nordstrom’s with a phone held level in your hand, screen facing up. The 5s can say you are buying a shirt. It can know the color of the shirt. Your iPhone can let you pay for said shirt with a stored credit card. You can walk out, passing the discreetly placed security card by the door without any hassle. How much would Nordstrom’s pay to Apple to have an effortless purchase happen in its own store? Put another way, what percentage of Visa’s fraud losses would they be willing to pay to Apple to materially reduce their own fraud loss?

Think this is a fantasy? Look at Apple’s own retail experience: Apple is the undisputed leader in retail revenues raking in $6,050 per square foot of retail space, more than double the number two company, luxury retailer Tiffany’s. Apple’s fraud loss numbers are not published but it is a safe bet they are lower than any other retailer. Go further and imagine a watch on your wrist securely connected to your iPhone checking your heartbeat, counting your steps, measuring temperature, sweat, sleeping, waking… The incidence of fraud moves asymptotically to zero when your credit lender knows that when you are sleeping you are not buying a book on Amazon, or filling a car tank with gas. Imagine every time you have pulled out your credit card to buy anything: groceries, airline tickets, a slurpee… now imagine being in a store, seeing a little Apple logo where the cash register is (or was), pressing down your finger and leaving. The vision of providing the best, most secure and easiest way to have a buying experience for anything, anywhere, anytime is a view so filled with hubris that it can only be held by a company like Apple.

Remember the good old days when it only took a quick look at Apple’s SEC filings to see the Steve Jobs had fired up the jet and was visiting record executives? We all knew another music deal was coming when the air miles piled up. There was a time when we thought it was ridiculous that Apple could make good money from selling music online. Apple reasoned that making the music buying process frictionless was enough to carve out revenue from a market that wasn’t making any money online. They even argued that making it easy and cheap to buy music reduced the online piracy of music. It seemed like a crazy at the time but they turned it into billions. Where is Apple going to get its next big money making disruption? We won’t see it in any SEC filings on the expense of the corporate airplane. A private jet to New York looks like another trip to visit Carl Icahn offering up dividends to buy some time while the bar gets some more polishing back in Cupertino. A trip across town to visit American Express is barely even noticed. My thought is that Mr. Cook already knows what he will offer is going to be far more readily accepted by the credit companies and retail operations than ever was by the media moguls.

He should know. He has his finger firmly on the pulse of the digital economy.

Carl Schlachte

Carl is a serial entrepreneur, having been Chairman and CEO of multiple public and private companies. He is currently CEO of Ventiva, a private thermal management company, as well as Chairman of Immersion (Nasdaq: IMMR ) and a director at Peregrine Semiconductor (Nasdaq: PSMI). You can follow Carl on Twitter at carlsuqupro.
  • steve_wildstrom

    I agree with Carl Schlachte about the importance of Touch ID, but he falls victim to a common fallacy in assessing the risk Apple took. Fingerprints are used in two ways. The first, the way they are used in criminal investigations, requires matching an unknown print against a database of millions of known prints. This is difficult, tedious, and often fails, either because there is no matching print in the database or the match exists but cannot be found. But Apple’s task is many orders of magnitude simpler. It must only match a sample fingerprint against at most five known prints. With the state-of-the-art technology that Apple bought when it acquired AuthenTec, this is actually a very low-risk proposition.

    • Carl Schlachte

      Steve, 2nd sentence third paragraph: “Granted, they have lowered the recognition bar considerably for themselves in that they are only trying to recognize up to five fingerprints per phone.” My point was with respect to the hardware, not the effort to recognize five prints, which I conceded.

      It appears Apple based their *completely new hardware* off of AuthenTec’s original AES850. They took that idea and embedded it in a button on a cell phone. Something which is technologically very advanced and also has not been done before. I stand by my assertion that it is extremely risky to implement brand new bio mechanical sensor hardware in a mass market communications device, especially when that device is your flagship product.

      • dr.no

        Motorola’s version had AuthenTec sensor on the power button on the back of the phone which also needs pressing to turn on and then swipe.

        Apple is taking the capacitance image of your finger
        and converting to a hash which what is compared to
        the one stored in the TrustedZone area.
        This is also why 64 bit was necessary.

        previous capacitance sensors stopped working after a while.
        that is where sapphire crystal will come in handy.
        Obviously there is a lot of FUD being spread by competitors
        and even so called security expert to put their name out
        so media will eat any kind of bullcrap about Touch ID.

        As far as why not in Laptop is concerned.
        Apple would insist on putting it in inside the touch pad
        but obviously it is much harder to put it inside
        and figure out when to turn it on.

        • steve_wildstrom

          Apple has a <a href="http://appleinsider.com/articles/13/07/18/apple-details-in-display-fingerprint-sensor-tech-in-patent-filing-from-authentec-cofounder"patent pending for an in-touchpad fingerprint sensor. Of course, the existence of a patent application hardly guarantees that the device is practical.

          • dr.no

            no I believe the patent I saw was for embedded sensor inside the display screen but I didn’t read the patent preciously.

            the real question is can Apple implement a 550 ppi
            sensor on a giant trackpad and have a metal ring
            to generate the capacitance field with your finger.
            I would think it would a small corner of the trackpad
            but if the laptops had button like prior to 2008 models then it would have been easier.

          • steve_wildstrom

            Since the capacitive technology of touch screen and touchpads is exactly the same, if they could do one, they could do the other. The screen is actually harder, since it has to be transparent.

          • dr.no

            Electric field doesn’t care whether the surface is transparent or opaque.

            Touchpad doesn’t require high resolution sensor and monitor doesn’t require touch screen.
            That is the conundrum.

            I think screen is better to show where to put your fingers to scan. It just needs small area and not on all the time either. Also touchpad is USB and probably easily hack able or at least observable to see the data exchange.

      • mhikl

        “My point was with respect to the hardware, not the effort to recognize five prints, which I conceded.”

        Carl, one of the problems we have in our hurried society is that of a reader’s tendency to skim articles. Those attuned to Steve’s understanding of the liberal arts, are more likely to spend the time to enjoy well designed arguments that are so well written. Rare is such skill that addresses the two senses.

  • Nick

    “Have you ever wondered why it takes a couple of days for Apple to email an iTunes purchase receipt? Disconnect that momentary movie purchase from the friction of an immediate reminder of money spent and the second guessing goes away.”

    I think your explanation of why Apple does this is wrong.

    It is much more likely that Apple, like many other companies that run online stores (e.g. Amazon), waits some time before emailing purchase receipts in order to 1) group multiple purchases made within a short time period into a single receipt, and 2) reduce the processing fees they have to pay payment providers.

    With regards to point 1), let’s say I buy 4 individual songs on iTunes and 1 app on the app store. That’s 5 individual purchases total. I do this within the span of a day or two. This scenario is probably well within the norm. As a customer, I would find it extremely annoying to get 5 email receipts, one for each purchase, as opposed to one receipt that summarizes everything.

    On point 2), look at the same scenario as above but from Apple’s point of view. The typical payment provider charges a fixed fee plus a percentage of the total payment amount–for example, 10 cents + 2% of the charge amount. If Apple were to make 5 separate charges against my card for my 5 purchases, they’d be losing money on the fixed fee. They can save all that money by grouping purchases made within a short amount of time and charging me once. At Apple’s scale, this probably adds up to big savings.

    This is not as exciting or cool as the explanation you offered, but it is more likely correct.

  • Rich

    How interesting!
    What I take away from this article has little to do with technology. We can argue that all day. What is most interesting to me is that Apple has consistently engaged in the creation/use of disruptive technology in the service of disruptive processes that changes the way stuff gets done.
    The “…I wonder what this means” approach to looking at what Apple has implemented in the new iPhone seems to me to be a worthwhile viewpoint.
    Consider: IDENTITY AUTHENTICATION…other than my DNA, my fingerprints are indeed a validator of my (physical) identity. Better than my Driver’s License. Better than my Social Security Number. Better than my Photo, or Passport Picture, or ??? Thanks, Carl, for opening a discussion.

  • mhikl

    Carl, it is not often we get the pleasure reading an article such as this. To iterate as one great Steve was proud to say when things go well, “at the intersection of technology and liberal arts”.

Protected by Gerben Law