If Apple Pay makes tokenization an everyday tech, HYPR may make tokenization an everywhere tech.
With Apple Pay, a user's iOS device is linked to their bank account. When they make a purchase, the user authenticates to the device with their fingerprint, the device generates a unique token representing their payment data, and that token is provided to the merchant.
Enter HYPR. What HYPR is trying to do, essentially, is to enable any cloud service or website to do what Apple Pay does, but from any device, and for any purpose; not just payment processing.
It will enable any cloud service to accept biometric authentication in the form of tokens generated by the users' own devices -- enabling stronger identity management without the high costs of issuing biometric scanning hardware.
In an interview with DarkReading at the RSA conference last week, HYPR CEO George Avetisov said that multi-factor authentication in the cloud just hasn't been scalable, and it's been cumbersome for the user. "There's always an extra component," he said. "Even if it's just a download."
He says his product is eliminating those extra components and facilitating scalability. The company has already received "unanticipated interest" from major banks, OEMs, mobile operators, and mobile payment processors, says Avetisov.
The HYPR software development kit starts shipping in July, and can be reserved now.
Although HYPR could be applied for uses beyond purchases, the payment industry certainly still needs help, as Robert Carr, chairman and CEO of Heartland Payment Systems, made clear when speaking at the InformationWeek conference in Las Vegas today.
According to Carr, in recent conversations with major card issuers they "confirmed that Chip-and-PIN will not be coming to America in the forseeable future." Plus, some end-to-end payment encryption services are charging prohibitive transaction fees, according to Carr.
After Heartland's major breach in 2008, the company created a completely new secure payment system that combines EMV Chip-and-PIN cards, end-to-end encryption, and tokenization. Unfortunately, there aren't many other companies following suit.