pointing the finger at biometric cards
No Pins, Just the FingerprintAt the
peak of migrating to digital platforms, physical payment cards are experiencing
a renaissance of their own. Physical credit and debit cards are still largely
used because everyone knows how to use them and are accepted in most places.
However, PINs and signatures are about to be overshadowed by biometrics.
Biometrics everywhere
The biometric trend is gaining momentum and is now moving to physical payment cards. The two major payment schemes, Visa and Mastercard, have created and are currently trialing bank cards that use a fingerprint instead of a PIN.
The main driver behind the new trend is in the word frictionless and the fact that people are not required to remember their PINs.
Another important driver is
cardholders being concerned about security issues and the fact that biometric
authentication is much more foolproof than a PIN.
The new biometric cards look the same as any card except that they contain a small biometric fingerprint scanner. The way it works is that upon payment, the cardholder puts a finger on the card’s sensor so the transaction can be authenticated without the need to enter a PIN code, both in contact and in contactless mode. At the time of payment, the biometric data stored in the card is compared with the fingerprint scan. The fingerprint data is stored in the card and is verified by a sensor integrated in the card.
This technology cannot work on the existing ATMs because when the card is in the reader, the cardholder cannot put the finger on the card.
Biometrics cannot be previously checked because the scanner does not work without an external source of power.
The extra step
The new cards do not require anything with terminal or
back-end infrastructure, so banks and issuers don’t have to worry about doing
retailers any damage while the merchants will see a decrease in fraud.
However, it requires some change from the cardholder side. After the cardholder gets the card, he needs to get to a “secure point” where it can securely scan the fingerprint and put it into the card chip. Each renewal of the card will have the same process because fingerprint data will not be stored anywhere in the bank or any other institution.
Source: Wired
In order to make the enrollment step much more simple and convenient, Mastercard has created a “sleeve” for recording the cardholder’s fingerprint for the first time. For the first usage, the person places their finger on the fingerprint scanner three times and a recording is made. The fingerprint is stored as an encrypted template of numbers. On the other hand, experts say that storing biometric data anywhere previous to the card is somewhat questionable because the fingerprint scanner never saves a “picture” of the finger.
It always saves a data hash which represents the fingerprint and each subsequent scanning creates a hash which is compared to the original one. Another potential problem of the biometric
cards is the compliance with the
national legislation of the countries where the cards are issued.
Mind the demand
The new biometric cards are indeed attractive, but do people want or need them? Gemalto carried out a research in the UK to learn more about this. The result was that 54% said they would be ready to use biometric cards if they were available and for 82% of them it would even become their preferred payment card.
This need should be further examined because this process will require more from cardholders than just their mere acceptance of the concept. Some banks stated that cardholders will be required to pay a certain fee for the new goodie which could make some people choose not to continue with the process. Regardless of how much they're essential, biometric cards have many benefits.
They will not need a central database for fingerprints, and not being connected to the internet, a hacker would need physical access to the card but would not be able to do anything with it.
Ultimately, with the many trials of biometric cards in the world, the results will deliver the final word.