The technological areas of biometrics and smart cards have overlapped for many years now, most notably in the domain of access control, where multiple access terminals and kiosks have supported both biometric and smart card-based authentication. And smart cards with built-in biometric capabilities started to emerge several years ago, in various forms: Face Forensics, for example, announced a solution that encoded face biometrics into smart cards in 2016, whereas earlier in that same year Zwipe launched a fingerprint-scanning smart card that would presage many similar solutions to come.
But as access control systems have increasingly shifted toward more biometrics-driven authentication as a replacement of access cards, another, much more promising application area for the convergence of biometrics and cards has emerged. Biometric payment cards – and those that are based on the fingerprint-scanning model in particular – are poised to become the next big wave in the payments sector, with numerous players across the biometrics and financial services sectors now deeply involved in the development and trialing of this new technology.
For biometrics players, this shift has been driven by a couple of factors. Fingerprint sensor makers enjoyed a booming market in the area of smartphones in the few years following Apple’s launch of the first iPhone featuring Touch ID in 2013 – a game-changing development that sparked the mobile biometrics revolution. But this market has become much more crowded in recent years, with Average Selling Prices for biometric sensor suppliers dropping. That has prompted the leading fingerprint sensor suppliers to look for new application areas, including in the financial services sector.
At the same time, fingerprint sensor technology has evolved in important ways. Sensors have become more compact, and even flexible, enabling applications into form factors like smart cards.
Meanwhile, parallel trends have driven the financial services sector to biometric security. Contactless payment cards, which can be tapped against a card reader to make purchases, have become more and more popular around the world in recent years. Customers love the convenience of this technology, since they don’t have to enter a PIN to complete a transaction; and merchants enjoy the benefits of faster-moving queues. But the contactless cards come with an obvious security risk: no PIN means no safeguard against thieves who want to make purchases with stolen cards.
A Compelling Answer
The solutions that biometrics vendors, digital security specialists, and card makers have come up with offer a compelling answer to this security question. At this point, multiple prototype payment cards have been developed featuring embedded fingerprint sensors. These sensors can scan authorized users during contactless transactions, with a given card able to match the user’s fingerprint to the biometric data stored in its embedded chip. This is performed almost instantly, allowing these card solutions to maintain the smoothness of a contactless transaction while delivering a level of authentication security that actually surpasses that of the old PIN system – a thief might be able to find out their victim’s secret code, but they’re going to have a much harder time replicating their fingerprint.
For some consumers who are unfamiliar with this technology, the question of data security may jump out as a concern here. There’s a growing awareness of the dangers of data breaches, so there will inevitably be concerns about the security of biometric data linked to payment accounts. But this is where one of the most important recent technological developments in biometric payment cards comes in: remote enrollment. There are now multiple prototype solutions designed to let users register their fingerprints with a new payment card as soon as it arrives in the mail, usually through the use of an electronic receptacle into which the card can be inserted. This means that biometric data can be linked directly to a card without the need to transmit it to an external server, let alone register it at a physical bank branch. And it means that biometric data never needs to be transmitted outside of the card during a transaction, ensuring that it can’t be intercepted by malicious actors.
The Biometric Future is Here (Almost)
If it sounds like the technology is all at a point where biometric cards are actually ready to make their debut, that’s pretty much the case. But this is FinTech and it’s going to involve real people’s money, so stakeholders understandably want to make absolutely sure that it’s ready before proceeding with large-scale commercial rollouts. At this point, many trials have been undertaken by banks and even huge credit card companies like Mastercard and Visa, in collaboration with biometrics and security partners like Fingerprint Cards, IDEX Biometrics, NEXT Biometrics, Zwipe, Precise Biometrics, IDEMIA, and Gemalto, with more ongoing. The major UK bank NatWest, for example, ran a trial of biometric debit cards earlier this year, and has just launched a new pilot program revolving around biometric credit cards. But a general consensus has started to emerge that mass rollouts are likely to begin in earnest over the next year.
Judging by the lack of mainstream media attention thus far, those rollouts could catch a lot of consumers by surprise. But with fingerprint authentication now a standard feature of contemporary smartphones, the vast majority of consumers are unlikely to have any difficulty adjusting the concept of fingerprint-scanning payment cards, and that means the that their payments and financial accounts are going to get much more secure in the near future, even as in-store purchases get easier.
October 10, 2019 – by Alex Perala