The Samsung Galaxy S5 is first to support PayPal's new fingerprint-authorized payments

Owners of the Samsung Galaxy S5 will be able to make “broad” use of its in-built fingerprint sensor to make payments, MIT's Technology Review journal reports. To make use of the system, which will be explained shortly, you must register your device's identity with its cryptographic chip first, and link your fingerprint to your PayPal account. Afterwards, PayPal will ask you to swipe the fingerprint reader anytime an app or site asks for log-in credentials. This particular payment system is the first commercial implementation of a new authorization protocol developed by the FIDO Alliance, a security group of technological companies that include BlackBerry, Google, Lenovo, MasterCard, Microsoft, and PayPal. The protocol is designed so that a record of your fingerprint is never transmitted to an outside party. Instead, data from the fingerprint reader is used to generate a cryptographic key which is combined with a second key from the device’s cryptographic chip to make a third key. This way, the final key can’t be used to somehow 'decode' the fingerprint that was used to generate it. The Galaxy S5 is the first and only consumer device so far that supports PayPal’s FIDO-based authorization system. PayPal isn't saying when other devices will follow suit, but industry representatives assert that fingerprint readers will become ubiquitous in near-future smart-devices. SOURCE: PhoneArena