MWC 2016: Visa Weighs in on Biometrics

-The following article was originally posted on Mobile ID World on February 23, 2016-

MWC 2016 Visa 1Biometrics are huge at this year’s Mobile World Congress in Barcelona, and Visa has been carrying a lot of the hype. Today, the global payment network company announced that it has teamed up with Morpho (Safran) to explore ways in which biometric authentication technologies can be used to enable secure and convenient payments. The new secure payments concepts include powerful biometric hardware, like the MorphoWave contactless four-print scanner, and are being showcased at the Visa booth.

Visa is fully embracing biometric tech at MWC this year—yesterday Mobile ID World president Peter O’Neill caught a snapshot of the company demonstrating iris biometrics—but according to company representatives, it’s going to be up to the consumer to decide which modality ultimately protects their payment data.

At a short presentation today, Mark Nelsen—Visa’s  senior vice president of Risk Products and Business Intelligence—outlined the company’s history with biometrics, as well as its perceived responsibility when it comes to strong authentication.

MWC 2016 Visa 3Before fingerprint sensors had become standard on consumer devices, Visa piloted voice biometrics for payment authentication, since the modality seems like the most natural fit on a device traditionally used for speaking. Every mobile phone can capture voice. However, in order to achieve the level of security demanded by the use case, dynamic passphrases had to be deployed to prevent replay attacks. This led to awkward interactions, and eventually Visa decided the modality was best left for actual phone interactions, like call center authentication (where the technology is thriving).

“What we ended up with was an odd experience for the consumer,” said Nelsen. “Because they would be going into their phones saying, ‘The happy monkey fell from the tree,’ and so you started having these weird combinations of words and the general feeling from the employees was, ‘This is interesting, but I don’t want to say that into my phone.’ It’s just a little too awkward to be saying.”

Of course, now that Samsung Pay and Apple Pay are available in multiple markets around the world, Visa payments are being authenticated by fingerprint regularly and without the uncanny experience provided by dynamic phrasing. 

Still, while those mobile wallets have encouraged fingerprint sensor adoption, Visa has not chosen any one specific modality to back. Different markets and consumer preferences offer unique opportunities and challenges. Finger vein deployments in ATMs were mentioned in the presentation as an appropriate financial biometric, as were biometric bank cards that contain templates for matching a fingerprint captured by a relying party’s own scanner at the point of sale. But those scenarios are only available in some markets—those in which banks are able to enroll verified customers and thereby provide smart bank cards or on-server authentication.

All of this adds up to Visa’s efforts in trying to introduce an interoperable standard, putting the customer’s preference first while supporting biometrics in a safe and secure way. Visa prides itself in extremely low fraud rates, and it intends to keep them low while adopting post-PIN-and-password tech. Beyond protecting payment data, however, Visa seems happy to let the consumer dictate widespread modality adoption.

When Nelsen opened up the floor to questions Peter O’Neill asked whether Visa sees the future of financial biometrics as multimodal.

“We would say yes,” said Nelsen. “Because ultimately it’s going to be the consumer that decides what type of biometric they want to use. Some consumers may want to choose fingerprint, some may want to do facial, some may want to do iris, and some may not want to do it at all. So it truly is going to be up to the consumers to decide what is going to be the type of biometric that we’ll see large scale adoption of, and like I said: we aren’t picking any particular favorite. We’re just making sure that whatever we do introduce has adequate security that we can use for payments.”

*

Stay posted to Mobile ID World throughout the week as we continue to bring you news straight from Mobile World Congress 2016 in Barcelona.