finance
monthly
Personal Finance. Money. Investing.
Contribute
Newsletter
Corporate

Whilst UK banks are already trialling the biometric credit card, consumers must be made aware of the wide range of benefits biometric payment cards have to offer for biometrics to be embraced as the next generation of payment technology.

Below David Orme, Senior Vice President at IDEX Biometrics ASA explains how biometric fingerprint authenticated payment cards will bring new levels of security and convenience to the payment market, taking the bank card into the 21st century.

Biometric technology continues to gain momentum in many areas of our lives. Earlier this month, NatWest became the first UK bank to trial a biometric credit card, which will see consumers carrying out contactless payments using their fingerprint, instead of a PIN, for authentication.

As similar trials take place around the world, we can expect this new payment technology to become an everyday necessity within the next year. But as biometric smart cards start to roll out, consumers may wonder, “why do I need another form of payment technology?”

The reality is, biometric fingerprint authentication cards bring many strengths that will make our payments, and therefore our everyday lives, more secure. With fingerprint authentication cards starting to land in people’s wallets, payments will soon become the area where consumers interact most strongly with biometric technology on a daily basis. Consequently, it is vital to make it clear to consumers just how much they stand to benefit from biometric-enabled payment cards, to encourage rapid adoption and ensure their successful roll-out.

Advanced levels of security

The biometric payment card has been developed to bring new levels of security to payment transactions. Fingerprint authorisation links a particular person to their payment card — as, for transactions to be processed, the owner’s fingerprint has to be matched on-card. This connection to the owner’s physical identity reduces the potential for payment fraud and improves authentication security, for both card-present and card-not-present fraud.

Biometric fingerprint payment cards also provide end-to-end encryption, securing the user’s card and their biometric data, which never leaves the card. This ensures hacking and breaches of fingerprints aren’t scalable.

Biometric payment card technology will also integrate with the expectations of Strong Consumer Authentication (SCA), part of the second Payment Services Directive (PSD2), a new European regulatory requirement to tackle online and payment fraud. For consumers, this currently means providing at least two factors of authentication such as a PIN, or a one-time passcode, are combined with the possession of a payment card, even for contactless payments.

But with biometric payment cards, the card owner can authenticate with the non-intrusive method of placing their fingerprint on the sensor while tapping their contactless card on the PoS system. This will allow users to benefit from the flexible, convenient factors of secure authentication, rather than having to remember PINs.

Making payments more convenient

While consumers value the extra security biometric smart cards bring, it’s important for this new payment technology to be as convenient as possible to ensure wide-spread adoption. Therefore, biometric-enabled payment cards need to deliver significant security improvements with very little impact on the current contactless experience, or changes to user behaviour.

Of course, consumers have been shopping with payment cards for decades and understand how to use them. Likewise, the majority will already be familiar with fingerprint authentication, thanks to its near ubiqui­tous use on smartphones, to unlock devices or to authenticate mobile payment app transactions. This familiarity and comfort with the technology reduces the barrier to adoption of biometric payment cards.

With this new payment method, a user will replace PIN entry with fingerprint authentication for all transactions. The fingerprint sensor is conveniently positioned on the card, taking into account the typical way a consumer will hold it when completing a transaction to minimise any change to the payment process.

With this new payment method, a user will replace PIN entry with fingerprint authentication for all transactions.

Importantly, existing PoS retail infrastructure must still be used to ensure smooth roll out of biometric authentication cards. This is because consumers are already used to the technology, as well as to minimise the need for additional investment from retailers.

On top of this familiarity, the shopping experience will likely become even more convenient with the adoption of biometric payment cards. By adding secure fingerprint verification to the payment authentication process, contactless transaction limits could actually be increased or even eradicated en­tirely, meaning users can benefit from not having to remember PINs, and can pay via secure contactless for all transaction values.

One card to rule them all

Nowadays, the average consumer has multiple cards weighing down their wallets, from debit and credit cards, loyalty schemes, contactless public transport tickets, IDs, healthcare cards and more. This seems out-dated in an age where we expect to do so many things all from one smartphone.

In smart phones, biometric technology is already used to securely access many different applications, including banking and payment apps. In much the same way, this multi-application authentication process can be incorporated in a physical payment card with a built-in biometric fingerprint scanner. This will reduce the number of cards in a person’s wallet, making it faster to tap-and-go securely for many different transactions, all from one card.

Achieving top-of-the-wallet status

Today, consumers expect more speed and convenience from their services, and the same applies to the payment process. They’re looking for a transaction procedure that is fast, secure and free from hold ups. Adopting biometric fingerprint authentication will help achieve this, making payments more beneficial. This will also allow banks and financial institutions who introduce this technology to achieve top-of-wallet status with their cards.

Overall, biometric fingerprint authenticated payment cards will bring new levels of security to the payment market, taking the bank card into the 21st century. Through biometric fingerprint-authentication cards, consumers can access the best in terms of payment security, convenience and usability. As a result, now is the time to embrace this new form of payment technology.

Personal identification numbers (PINs) are everywhere. These numeric versions of the password have been at the heart of data security for decades, but time moves on and according to Dave Orme, SVP at IDEX Biometrics, it is becoming evident that the PIN is no longer fit for purpose. It is too insecure and leaving consumers exposed to fraud.

Why bin the PIN?

In a world that is increasingly reliant on technology to complete even the most security-sensitive tasks, PIN usage is ludicrously insecure. People do silly things with their PINs; they write them down, share them and use predictable number combinations that can easily be discovered via social media or other means. And this is entirely understandable: PINs must be both memorable and obscure, unforgettable to the owner but difficult for others to work out. Previous research has shown that when people were asked about their bank card usage, more than half (53%) shared their PIN with another person, 34% of those who used a PIN for more than one application used the same PIN for all of them and more than a third (34%) of respondents used their banking PIN for unrelated purposes, such as voicemail codes and internet passwords, as well. In the same study, not only survey respondents but also leaked and aggregated PIN data from other sources revealed that the use of dates as PINs is astonishingly common1.

But if the PIN has had its day, what are we going to replace it with?

Biometrics

Biometrics may seem to be the obvious response to this problem: fingerprint sensors, iris recognition and voice recognition have already been trialled in various contexts, including financial services. In fact, wherever security is absolutely crucial, you are almost certain to find a biometric sensor — passports, government ID and telephone banking are all applications in which biometric authentication has proven highly successful.

For biometric authentication to work, there has to be a correct (reference) version of the voice, iris or fingerprint stored, and this requires a sensor. The search for a flexible, lightweight, but resilient, fingerprint sensor that is also straightforward for the general public to use, has been the holy grail of payment card security for quite some time.

It is one thing to build a sensor into a smartphone or door lock, but quite another to attach it to a flexible plastic payment card. A major advantage of fingerprint sensors for payment cards is that the security data is much more difficult to hack.

Not only are fingerprints very difficult to forge, once registered they are only recorded on the card and not kept in a central data repository in the way that PINs often are - making them inaccessible to anyone who is not physically present with the card.

Your newly flexible friend

Fortunately, the impossible has now been achieved. The level of technology that has been developed behind the sensor makes it simple for the user to enrol their fingerprint at home, and once that is done they can use the card over existing secure payment infrastructures.

Once it is registered and in use, it can recognise prints from wet or dry fingers and knows the difference between the fingerprint and image ‘noise’ (smears, smudging etc.) that is often found alongside fingerprints. The result is a very flexible, durable sensor that provides fast and accurate authentication.

The PIN is dead, long live the sensor

Trials of payment cards using fingerprint sensor technology are now complete or under way in multiple markets, including the US, Mexico, Cyprus, Japan, the Middle East and South Africa. Financial giants including Visa and Mastercard have already expressed their commitment to biometric cards with fingerprint sensors, and some are set to begin roll-out from the latter half of 2018. Mastercard, in particular, has specified remote enrolment as a ‘must have’ on its biometric cards, not only for user convenience but also as means to ensure that biometrics replace the PIN swiftly, easily and in large volumes2.

With the biometric card revolution now well under way, it’s time to say farewell to the PIN and look forward to an upsurge in biometric payment card adoption in the very near future.

1 Bonneau J, Preibusch S and Anderson R. A birthday present every eleven wallets? The security of customer-chosen banking PINs: https://www.cl.cam.ac.uk/~rja14/Papers/BPA12-FC-banking_pin_security.pdf

2 Mastercard announces remote enrolment on biometric credit cards: https://mobileidworld.com/mastercard-remote-enrollment-biometric-credit-cards-905021/

About Finance Monthly

Universal Media logo
Finance Monthly is a comprehensive website tailored for individuals seeking insights into the world of consumer finance and money management. It offers news, commentary, and in-depth analysis on topics crucial to personal financial management and decision-making. Whether you're interested in budgeting, investing, or understanding market trends, Finance Monthly provides valuable information to help you navigate the financial aspects of everyday life.
© 2024 Finance Monthly - All Rights Reserved.
News Illustration

Get our free monthly FM email

Subscribe to Finance Monthly and Get the Latest Finance News, Opinion and Insight Direct to you every month.
chevron-right-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram