The continuous growth of smartphones with biometrics, and the emergence of biometric payment cards, is ushering in a new paradigm in payments. PINs and passwords are being replaced by more secure and convenient solutions using biometrics. Hundreds of millions of mobile users have grown accustomed to fingerprint technology thanks to the ease of unlocking one’s phone in a fraction of a second by means of a quick touch. But the use of biometrics to authenticate payments is increasing the demand on security and identity assurance. It´s a challenge for the biometrics and payments industry to meet these increased security demands, while keeping friction in the payment process to a minimum.
Payments stand out as the single largest driver for the biometrics market. Biometrics for financial products and services are expected to represent one third of the total market for biometric solutions in 2020, according to the Biometrics research group. Payment providers, financial institutions and e-commerce operators support replacement of pin codes and passwords with biometrics to authenticate payments and transactions.
The increased use of mobile smart devices for financial transactions has prompted banks, payment providers and regulators to demand increased levels of security and identity assurance to provide better protection against fraud. This is driving demand for multi-factor authentication for payments and bank transactions. One apparent example is the newly implemented PSD2 (The Second Payment Services Directive) across the European payment market, which requires two-factor authentication for electronic payment services and bank transactions.
Adding more layers of authentication also means increasing friction in the payment process. But regulations such as PSD2 are also an incentive to implement biometric solutions for two-factor authentication. Mobile devices equipped with fingerprint authentication and other biometric modalities such as face or iris, enable the replacement of passwords and pin codes, which are slow and not as secure as fingerprint technology. Multimodality also enables the opportunity for continuous authentication, creating an unparalleled level of identity authentication with minimal user impact. With continuous authentication, the device’s different sensors continuously capture biometric and/or behavioral data, to automatically and seamlessly authenticate the user for instant access to applications.
To further increase the security of biometrics, anti-spoofing capabilities, such as liveness detection, can be introduced in the biometric system to detect and stop spoofing attempts, such as the use of fake fingers or printed photos, for access to sensitive applications. As with other security features, this may add some friction to the authentication process, which is why we at Precise Biometrics are offering this as an optional feature in our solutions. However, according to Acuity Research, consumers are prepared to accept an appropriate level of friction based on the risk or value of the transaction. This means that two-factor authentication with anti-spoofing functionality is probably not needed or acceptable for opening a smartphone, which we do frequently during a day, but more relevant when authenticating a banking transaction.
Payment cards are another area where biometrics are expected to have a big impact in the coming years. The growth in contactless payments, which according to VISA have increased from one out of every eight global transactions processed by the company, to one in five during the last quarter, is driving the interest in adding fingerprint authentication to cards. Contactless payment cards are convenient for small purchases, but the contactless purchase limit of $25 still requires users to enter their PIN for many purchases. The removal of PINs for small purchases has also led to fraud for contactless payments, which is a concern for every other user of contactless payment cards, according to consumer research by Fingerprint Cards.
Equipping payment cards with fingerprint technology is the next logical step to increase both the convenience and security of contactless payments. To provide a high level of security against external attacks, fingerprint authentication need to be performed in the Secure Element of the card, which is a secure chip designed to protect against intrusion and manipulation. This is a technological challenge, since Secure Elements are very limited in terms of memory and processing power. However, it considerably reduces the risk of theft of fingerprint data and essentially creates bank grade security around the entire payment process. This is an important distinction to make, as fingerprint authentication outside of the secure zone of the card does not provide the same high level of security.
By adding fingerprint authentication to payment cards, it reduces, or altogether removes, the need for today’s purchase limits on contactless payments as all transactions are secured, which reduces fraud and increases user convenience. The first commercial trials of contactless biometric payment cards are completed, and this spring more pilots were initiated by major credit card providers in cooperation with banks in Europe, Middle East and Asia.
Biometrics presents new possibilities to enhance convenience of payments, while increasing security and meeting requirements for stronger identity authentication. We are at an early stage in the use of biometrics. The growing interest and usage will lead to more innovations where biometrics will not only be used for authentication, but also for personalization and interaction with things around us, improving people’s everyday life. The winning formulas will be the ones that strike the right balance between convenience and security.
- If you´re interested in biometric payment cards, download our whitepaper on how to secure contactless payments where we go into details on what´s driving the interest of biometric payment cards, market development and technical solutions.