IDEX Biometrics is urging the financial industry to embrace biometric payment cards. The company is making its plea a few months before Europe’s new PSD2 rules for Strong Customer Authentication (SCA) are set to go into effect, and argues that biometric cards are an effective and consumer-friendly way to comply with those requirements.
The PSD2 SCA regulations were originally supposed to kick in in 2019, though the deadline has been pushed back several times to March of 2022. Some of the delay can be attributed to COVID-19 disruptions, though some of it reflected the fact that card and payment technology was not yet advanced enough to support SCA without infringing on the customer experience.
IDEX believes that the industry is starting to round that corner with biometric cards. In brief, the PSD2 SCA regulations will require two-factor authentication whenever the payer is the one initiating a transaction. In order to be compliant, those two authenticators must fall into one of three different categories. The authenticators can either be something a person knows (such as a password, which is vulnerable), something a person has (such as a smartphone or a card), or something that person is (such as a fingerprint or another biometric).
Biometric payment cards are useful because they are able to fulfill two of those requirements in a single consolidated package. The card itself serves as the first authentication factor, since it is a unique object that is only issued to an authorized account holder. Meanwhile, the card’s built-in fingerprint sensor provides an additional layer of biometric security to ensure that the card has not been stolen, and that it does, in fact, belong to the person using at checkout.
Since a biometric card clears two hurdles, it negates the need for an additional token, or for a password or a PIN that needs to be memorized and typed in before every purchase. As a result, a biometric card can support a faster and more convenient payment experience without compromising security or increasing the risk of fraud.
With that in mind, IDEX suggests that payment providers should avoid quick fixes, and instead move to implement cards that are likely to be a popular and compliant payment option for many years to come. The company indicated that the SCA requirements are not likely to be delayed again, so financial institutions should try to act sooner rather than later.
The IDEX blog post will be the first in an entire series on SCA. The company’s fingerprint sensors have been featured in numerous payment card projects in the past few years, with IDEX arguing that demand is increasing and that the market is finally reaching the commercialization phase.
October 11, 2021 – by Eric Weiss