Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Technology

Why anti-spoofing fingerprint technology is essential for the continued growth of digital payments

Why anti-spoofing fingerprint technology is essential for the continued growth of digital payments 1

By Anthony Eaton, CTO, IDEX Biometrics

The digital payments revolution is being driven by consumer demand for ever increasing convenience. This is leading the global digital payments market towards a value of US$204.1 billion by 2028. However, along with increased convenience, comes an implicit expectation to provide higher levels of security, especially when paying with contactless cards and digital wallets.

According to McKinsey, electronic payments are growing at twice the rate of GDP in North America and Europe. This expanding market has the fintech sector overstretched as they try to address operational risks without hampering customer experience and face increased fraud control expectations. If fintechs struggle to implement effective controls, they are likely to see heightened regulation in the future, which in turn can negatively impact consumer experience.

Amid this burgeoning market, fraudsters are continually looking for new vectors of attack. UK Finance’s 2021 Fraud Report showed that fraud losses on UK issued cards totalled £574.2 [AC1] million in one year alone. To counteract such fraud, card issuers and digital wallet providers are deploying biometric fingerprint technology, which itself is evolving year-on-year to offer ever-increasing security levels.

The front-door attack

Fingerprint spoofing is considered a front-door attack on the biometric system.  It involves applying a fake finger, or so-called spoof, to the fingerprint sensor. When biometrics were first introduced on the iPhone in 2014 they did not deploy adequate anti-spoof technology. As a result it took just 48 hours before German hackers, the Chaos Computer Club, announced they had bypassed Apple’s new TouchID system with a fake fingerprint.

Attacks of this kind impact both consumer and industry confidence. As such, defending against this has been at the forefront of the emerging biometric payment card standards. Korean technology giant Samsung recently announced its entry into the biometric smart card space, and anti-spoof technology was at the centre of its story. This positioning reflects the need for added security and peace of mind in fraud prevention.

Anti-spoof: the heart of any biometric system

Anti-spoofing technology prevents fraudsters from defeating the fingerprint authentication process with false credentials. Today, it is used to increase security levels across a range of biometric systems, from smartphones to laptops and airport border control kiosks.

The biometric payment card has a compelling value proposition by bringing the biometric authentication process inside the secure enclave of the payment card’s Secure Element chip. The card’s off-grid nature ensures a much more limited surface of attack, compared with that of a highly connected smartphone. However, the challenges associated with implementing anti-spoof technology on this platform are not to be baulked at. The card has no battery and operates with limited on-board processing power. Without the luxury of the smartphone’s supercomputer-like processor a whole new wave of innovation has been needed.

As card issuers and digital wallet providers start to deploy fingerprint biometric payment cards to consumers, anti-spoofing technology must sit at the heart of their offering.

This can pave the way for a more secure future, from payment to digital and physical access, and to digital IDs and digital currencies.

Striking the balance between security and user experience

It’s clear that anti-spoofing technology must be included by default on biometric payment cards to reduce fraud and instil consumer confidence. But, despite the benefit of its added security it’s crucial to limit any potential impact on user experience. When paying for their shopping, consumers want to know that their card is safe, but more than that, they want to know their payment card will deliver a flawless user experience day-in, day-out.

When it comes to balancing security and user experience on a payment card, new design approaches have been required. The traditional approach to anti-spoof uses Neural Networks and Machine Learning techniques to train an image processing algorithm to detect the subtle characteristics of images captured from fake fingers. This requires an optimised processor and can quickly become impractical in a highly constrained smart card.

A second approach is to increase the security level of the traditional biometric authentication algorithm that matches a user’s fingerprint to the reference data captured during enrolment. This is very much a brute-force approach which, while helping to detect fake-finger attacks, will rapidly degrade user experience.

The optimum approach involves designing the fingerprint sensor, the biometric authentication algorithm, and the spoof detection system together – to all work in unison. Taking such a holistic, grounds-up approach opens up the design of biometric smart cards to new possibilities. Requirements can be met with margin allowing designers to achieve security targets and focus on delivering a flawless user experience.

Ready to fuel digital payment growth

To ensure the continued widespread adoption of biometric smart cards, it is important that all fingerprint biometric sensors are deployed with anti-spoofing technology while being optimised for user experience. Fingerprint biometric cards, when combined with anti-spoof technology allow for higher transaction limits and a faster, more secure transaction experience, while introducing increased obstacles to fraud.

Payment providers save money on fraud refunds whilst also increasing revenue thanks to higher limits and an enhanced customer base due to a secure and trusted reputation. The payment industry is already at a high level of security today. But with financial fraud on the rise, we must constantly improve to be ahead of cybercriminals and improve the customer experience for those using biometric payment services to enhance their lives.

Global Banking and Finance Review Awards Nominations 2022
2022 Awards now open. Click Here to Nominate

Advertisement

Newsletters with Secrets & Analysis. Subscribe Now