This article in Computer Business Review looks at some of the biometrics that are explicitly approved by the European Banking Authority as appropriate for addressing the Secure Customer Authentication mandate issued under PSD2:
“In a payments biometrics opinion in June, the EBA took a broad view of what constitutes adequate biometric inherence.
‘The EBA is of the view that inherence, which includes biological and behavioural biometrics, relates to physical properties of body parts, physiological characteristics and behavioural processes created by the body, and any combination of these’
‘Inherence’, it noted, ‘is the category of elements that is the most innovative and fastest moving, with new approaches continuously entering the market.’
It approved: retina and iris scanning, fingerprint scanning, vein recognition, face and hand geometry (identifying the shape of the user’s face/hand), voice recognition, keystroke dynamics (identifying a user by the way they type and swipe), the angle at which a user typically holds their device, and their heart rate.”
The article also mentions the 18 month delay implemented within the U.K. but fails to identify the exemptions being offered in the E.U. on a state-by-state, network-by-network, and bank-by-bank basis. The exemptions are succinctly identified here by Stripe.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group