Mitigating risk for hands-free interactions

What is claimed is: 1. A method comprising: obtaining, by an access device, a first biometric sample of a user; generating, by the access device, a first biometric template or a derivative thereof from the first biometric sample; transmitting, by the access device, the first biometric template or the derivative thereof to a mobile device; transmitting, by the access device, a digital certificate comprising a first geo-location to the mobile device, wherein the mobile device determines that the access device is authentic at least by comparing the first geo-location in the digital certificate to a second geo-location of the mobile device, and then determining that the first geo-location and the second geo-location are proximate to each other; receiving, by the access device, a confirmation of a match between the first biometric template and a second biometric template on the mobile device; and conducting a transaction between the access device and the mobile device, after the mobile device or the user determines that the access device is authentic. 2. The method of claim 1 , wherein the method further comprises: transmitting, by the access device, a confirmation signal to the mobile device, wherein the confirmation signal is an audio signal. 3. The method of claim 1 , further comprising: receiving, by the access device from the mobile device, a challenge; signing the challenge with an access device private key to form a digital signature; and transmitting the digital signature to the mobile device, wherein the mobile device also determines that the access device is authentic by extracting a public key from the digital certificate and verifying the digital signature using the public key. 4. The method of claim 1 , wherein the derivative of the first biometric template is transmitted from the access device to the mobile device. 5. The method of claim 4 , wherein the derivative of the first biometric template is an encrypted version of the first biometric template. 6. The method of claim 4 , wherein the access device includes a beacon device. 7. The method of claim 1 , wherein the transaction is a payment transaction. 8. An access device comprising: a processor; and a computer readable medium, the computer readable medium comprising code executable by the processor to cause the access device to perform a method comprising obtaining a first biometric sample of a user, generating a first biometric template or a derivative thereof from the first biometric sample, transmitting the first biometric template or the derivative thereof to a mobile device, transmitting a digital certificate comprising a first geo-location to the mobile device, wherein the mobile device determines that the access device is also authentic at least by comparing the first geo-location in the digital certificate to a second geo-location of the mobile device, and then determining that the first geo-location and the second geo-location are proximate to each other, receiving a confirmation of a match between the first biometric template and a second biometric template on the mobile device, and responsive to the confirmation, conducting a transaction between the access device and the mobile device, after the mobile device determines that the access device is authentic. 9. The access device of claim 8 , wherein the method further comprises: transmitting, by the access device, a confirmation signal to the mobile device, wherein the confirmation signal is an audio signal. 10. The access device of claim 8 , wherein the method further comprises: receiving, by the access device from the mobile device, a challenge; signing the challenge with an access device private key to form a digital signature; and transmitting the digital signature to the mobile device, wherein the mobile device also determines that the access device is authentic by extracting a public key from the digital certificate and verifying the digital signature using the public key. 11. The access device of claim 8 , wherein the access device further comprises a BLE station. 12. The access device of claim 8 , wherein the transaction is a payment transaction. 13. A method comprising: receiving, by a mobile device, a first biometric template of a user or a derivative thereof from an access device; determining, by the mobile device, if the access device is an authentic access device; determining, by the mobile device, that the first biometric template and a second biometric template on the mobile device match; receiving, by the mobile device from the access device, a digital certificate comprising a first geo-location; determining that the access device is authentic at least by comparing the first geo-location in the digital certificate to a second geo-location of the mobile device, and then determining that the first geo-location and the second geo-location are proximate to each other; transmitting, by the mobile device to the access device, a confirmation of the match between the first biometric template and the second biometric template on the mobile device; and conducting a transaction between the access device and the mobile device, after the mobile device determines that the access device is authentic. 14. The method of claim 13 , wherein the derivative of the first biometric template is received by the mobile device. 15. The method of claim 14 , wherein determining that the first biometric template and the second biometric template match comprises comparing encrypted versions of the first biometric template and the second biometric template. 16. The method of claim 13 , wherein the first biometric template is derived from a facial image, a fingerprint, or a retinal scan. 17. The method of claim 13 , further comprising: receiving, by the mobile device from the access device, a confirmation signal, wherein the confirmation signal is an audio signal. 18. The method of claim 13 , wherein the transaction is a payment transaction.