Global Banking and Finance Review sat down with Michel Roig, President of Payments & Access at Fingerprint Cards (Fingerprints), to ask the important questions about biometric payment cards. What opportunities do they provide for banks, retailers and consumers? How can their security be guaranteed? And when will we all get our hands on one?
How does a biometric payment card work?
Biometric payment cards are exactly like your current contactless debit or credit card, just with an ultra-thin, low-power fingerprint sensor built in. Before you use it, you just need to enroll your fingerprint. This can be done in a number of ways, such as with an enrollment sleeve that you slot the card into, in the bank’s local branch, or with a smartphone (using NFC to power the card).
When making a payment, the power for the fingerprint sensor is drawn from the point-of-sale, meaning consumers can use their biometric card as they usually would for any other transaction. Instead of a PIN, simply place you finger on the sensor as you tap the card on the terminal for contactless mode, or as you dip the card in the terminal. In less than a second, the biometric data is captured, matched and the payment is authenticated.
Purchases made using a biometric payment card automatically have two-factor authentication (through both the card itself and its fingerprint sensor), meaning that contactless limits do not apply. A consumer can buy any size purchase – whether a coffee or their weekly grocery shopping – without having to type in their PIN.
Why would consumers want one and how big is their appetite for them?
Consumers have come to love the convenience of contactless and ‘tap to pay’. Our research shows that 50% of card payments globally are made using contactless, and 77% of consumers use it regularly. However, there are still concerns with contactless payments.
On average, 51% of consumers are worried about contactless fraud if their card is lost or stolen, 25% are confused about contactless limits, and 23% feel that limits are too low. When limits have been increased – take in the UK, where the limit rose to £100 (USD137) in October 2020 – contactless cards have been dubbed as a ‘thief’s dream’, since £300 can be spent before a PIN is needed.
Clearly, more security (without sacrificing convenience) is needed for contactless cards; this is where the biometric payment card comes in. It provides all the benefits of contactless, with an added security guarantee. The appetite is clear. Across all age groups, around three-quarters of consumers would say ‘yes’ or ‘maybe’ to a biometric payment card, over half (51%) would switch banks to get one, and 43% would pay extra for one.
What opportunities do biometric payment cards bring to retailers and banks?With many consumers willing to pay to get a biometric card, and even more stating they’d switch banks to get one, there are obvious commercial opportunities for banks. This can therefore be seen as a method for attracting and retaining customers – a useful tool as the era of ‘one bank for life’ comes to an end. Further to this, since only the owner of the biometric payment card can use it, the threat of fraud is diminished. This will save banks a huge amount of money and resources previously spent on combatting fraud. It also allows banks to be fully PSD2 compliant in regard to SCA as every transaction involves strong customer authentication without interrupting or harming the consumer journey.
A major benefit for retailers stems from the elimination of both the contactless payment limit and the need for PIN entry. This will lead to far less confusion at the POS. But let’s take a growing trend as another example. Contactless walk-offs – when a customer doesn’t pay for their purchase after they fail to notice that a PIN is needed – are a growing problem. In the UK, this has been identified as a significant risk, and a key reason why some retailers won’t implement the new £100 contactless payment limit.
How do you guarantee security?
Years of innovation in biometric technology, particularly for fingerprint sensors, means that it is now almost impossible to replicate or ‘spoof’ a fingerprint on a biometric payment card.
To protect against spoofing, a user’s biometric data is stored as an encrypted binary code template (in ones and zeros) rather than an image of a fingerprint. The template is stored securely in the card itself and hence no biometric data ever leaves the card. This approach makes hacking a biometric payment card a significant and futile challenge. Even if hackers should manage to get hold of the data, which is protected in the same way as your financial information on the card, the templates are irreversible. This means the fingerprint image cannot be reverse engineered to re-create the original fingerprint image.
How do biometric payment cards compare with digital wallets?
Digital wallets are an increasingly popular choice for consumers, and like biometric payment cards, they require strong, multi-factor authentication for every use and are not affected by contactless payment limits.
Our research shows that, at present, just two percent of consumers think ‘mobile-first’ for their in-store payments, with the majority still opting for their credit or debit card. While digital wallets have clear security and authentication benefits when compared to regular contactless cards, they’re not accessible to (or wanted by) all consumers. With this in mind, in the future we expect to see biometric payment cards and mobile wallets working in harmony as there will be a rise in digital payments when cash usage is going down. This coexistence will give consumers the choice of payment methods they want, while bringing consistency to the authentication, convenience and security provided by cards and mobile.
How widespread is this technology in the payments industry?
Following 24 bank pilots there have been six commercial launches of biometric payment cards, all of which featuring Fingerprints’ solution. BNP Paribas and Crédit Agricole in France; Cornèr Bank in Switzerland; BBVA in Mexico; Bank Pocztowy in Poland; and most recently, Jordan Kuwait Bank in the Middle East, have launched the technology, and we expect to see more commercial launches happening in 2022.
What barriers are there to adoption and how are you lowering them?
The decision to roll out biometric payment cards sits with the issuing banks. As with most innovation, the initial barrier is cost so this has been a big focus for some of our recent collaborations and innovations bringing the per-card cost down. As the market grows and economies of scale kick in, the price will also reduce.
Further to this, Fingerprints has secured Mastercard approval for our latest T-Shape 2 sensor module and software platform for biometric payment cards. This ready-made, pre-approved solution will drastically lower costs and development time for banks and card manufacturers. Our work with manufacturers such as STMicroelectronics and Infineon has also evolved the technology behind biometric payment cards and significantly lowered development costs, making the solutions more attractive for smaller card manufacturers and issuers.
Alongside cost, consumer wariness of biometrics is another barrier to mass market adoption. Biometrics are becoming increasingly popular and the de facto authentication method for many smartphone users. We will continue to educate the market and consumers about biometric payment cards, the complete security and convenience of the solution, and what it means for people’s every day in-store payments.