As I mentioned in my most recent post, solutions for legal non-repudiation are critical for organizations — — and biometrics are an ideal solution for data provenance. Specifically, biometric authentication can be used to satisfy compliance with regulations such as the Payment Services Directive II (PSD2) consent requirements, which are critical for privacy, data provenance and non-repudiation.
Currently, if you consent to a payment using “what you see is what you sign” (WYSIWYS) features via push notifications on a mobile device, a text record of that transaction is logged on the server. But a simple text log entry is insufficient for non-repudiation. Proof is required that it was indeed a specific user that approved a given payment. A biometric digital signature of the transaction within the associated log entry solves the non-repudiation problem by associating the transaction details with a user.