We Need a Rational Approach to Biometrics Adoption
What are the realities and potential implications of implementing biometric authentication at scale? And is it worth all the hype?
Goode Intelligence predicts more than 1.9 billion bank customers worldwide will use biometrics by the end of 2020 as a means of making payment authentication more secure and convenient. They also predict that by 2023, there will be 579m biometric cards in circulation. The UK could have a significant role to play in this adoption, with Natwest announcing earlier this month its trial of a biometric fingerprint credit card, making it the first UK bank to do so.
There are some obvious, immediate benefits to biometric authentication. Consumers can authenticate purchases above the current £30 contactless limit without having to enter their PIN, using only their fingerprint instead. For retailers, not only would this reduce queue times but also help facilitate more secure transactions, technologically and visually, as merchants will be able to witness the cardholder authenticating the transaction, which is currently not the case with a stolen card.
Cost factor
When chip and PIN were first introduced back in 2000, a similar cost comparison was made between using a magstripe card and a chip card. In the industry at the time, the discussion about the difference in price revolved around the business case to include a lot of additional data stored on the chip cards, such as medical information and driver’s licence information. In the end, it was determined that the cost of that particular chip was too expensive. What we have now is the cheapest chip they could mass produce; a win-win in the eyes of issuers.
When it comes to adding biometric functionality to a card, the significant cost to produce is obvious to even those not privy to the intricacies of card issuance.
When it comes to adding biometric functionality to a card, the significant cost to produce is obvious to even those not privy to the intricacies of card issuance.
Some commentators on this have suggested that some costs could be borne by the cardholder in the form of an annual fee or a set-up fee for a biometric card. However, this could have a negative impact on getting consumers to use biometric authentication.
As is the way with any new technology, there is inevitably going to be initial resistance to cost. But this must be balanced with considerations for, say, the reduction in fraud.
Questions on security
In the case of Natwest’s biometric card, consumers have to go into a Natwest branch and register their thumbprint on a reader, which may seem like an innocuous part of the process but actually raises issues around mass adoption. You cannot have a solution where you’re asking individuals to go to a branch to register a thumbprint; it’s not inclusive to those without access to a branch, especially when bank branches are closing at a rate of knots. The alternative would be a mobile solution, but this again raises issues of accessibility.
The whole idea of using biometrics to authenticate payment raises questions around security, beyond the obvious ways it helps facilitate secure transactions. The human thumbprint is not a physical image. It’s encrypted. When you hear of a data compromise in the news, most cardholders are told to reset their password. But when you’re doing biometrics and you’re using something which is unique to you - like a fingerprint -- if that data is compromised, what’s the backup? You’ve ultimately only got 10 options unless you start using your toes!
Like any new tech, biometrics generates a lot of buzz and excitement. Whilst it is a fascinating new development in our industry, let’s take a steady approach that ensures we cover all eventualities. Once we open the pandora’s box of mass adoption, it will be very difficult to close it.
Authored by Nick Fisher, European Projects Manager at JCB International (Europe).
