Jesper Domargård, VP Marketing, Financial Institutions at IDEMIA, explains how biometric cards, with an embedded fingerprint sensor, are transforming payment transactions.
In the 1971 James Bond movie ‘Diamonds are Forever’, biometrics was seen as a futuristic gadget used to miraculously lift a fingerprint off a glass just by taking a picture. Today, 50 years later, we use fingerprints and other forms of biometric authentication in our everyday lives. We unlock our smartphones with a quick glance (something that the average smartphone user does 80 times a day1), and we might also use our fingerprint to authenticate a payment transaction.
Researchers from around the world found that consumers not only think of biometrics as fast and convenient but secure as well. Biometrics can eliminate the need to memorise multiple passwords and PIN codes. After all, despite their ubiquity, PINs and passwords create several drawbacks. They can be compromised or stolen by fraudsters and, in order to truly be effective, they need to meet four demanding criteria: the PIN must be complex, changed frequently, unique to each application or service provider, and never be written down.
For people on the move, biometric authentication is easier than entering a complex password or typing in a PIN several times a day. In a purchasing scenario, this technology adds an inherence factor to the payment transaction—meaning that a biometric card confirms that the person trying to pay is the eligible cardholder. In short, when a user enters the correct PIN code, they prove that they have access to the credentials; when they use a fingerprint sensor to scan their biometric data, they authenticate their identity. The use of biometric authentication further secures contactless payment transactions, be it with a smartphone or a biometric card. When combined, contactless technology and biometrics provide a truly frictionless experience as well.
With convenience and security in hand, it’s no wonder that 74% of global consumers have a positive attitude towards biometric technology2.
Biometrics carry the promise of creating a convenient customer experience without compromising security. For example, banks can leverage biometrics to enable remote customer onboarding and identity verification via a customer’s mobile device. To prove their identity, customers are asked to submit ID documents, take a selfie, and prove liveness by moving their heads. The selfie is compared to the ID document to ensure that the claimed identity matches the customer’s. The customer can then access banking and payment service and authenticate themselves in a secure and convenient way when banking and transacting.
Biometrics is also used in various payment use cases, most notably when paying in-store with a smartphone through Apple, Samsung, or Google Pay. Since Apple Pay debuted in 2014, biometrics have become an integrated part of more recent and emerging payment journeys, such as smart home devices or wearables with payment capacities and integrated biometric sensors.
In the wake of the COVID-19 pandemic, contactless thresholds around the world have increased to enable more card POS transactions to be conducted without even touching the payment terminal or handing the card to the merchant. However: high-value payment transactions must still be carried out in contact mode. And in Europe, the PSD2 regulation requires that every fifth card transaction be carried out with strong customer authentication, typically by requesting the card PIN code (PIN code being the dominant payment authentication method in Europe).
A biometric card can easily overcome these two limitations:
A biometric sensor on the card surface seamlessly authenticates the customer’s fingerprint for every payment transaction (contact or contactless), regardless of the payment amount.
Strong customer authentication is no longer necessary for every fifth transaction since every payment transaction is authenticated with biometrics.
In practice, using a biometric payment card is really no different than using a smartphone ౼ to which we are already accustomed. After all, the user behaviour necessary to unlock a smartphone (pressing one’s finger on a biometric sensor) can also enable payment authentication when using a biometric card. This behavioural crossover is well-timed, as 81% of global consumers say they are ready to use their fingerprint instead of a PIN code3.
But in order for cardholders to benefit from the convenience and security of a biometric payment card, they must first enrol their fingerprint from home or in a bank branch:
Home enrolment: The cardholder inserts the biometric card into the sleeve it was delivered with.
Bank branch enrolment: The cardholder uses the bank’s tablet and inserts the biometric card into the integrated card reader.
Once the card is inserted in the sleeve or the bank’s tablet, the cardholder places their fingertip on the card’s biometric sensor several times — just like they would do to enrol their fingerprint in their new smartphone — and the biometric template (a mathematical conversion of key point descriptors and not an image of the biometric data) is saved in the chip of the card (and nowhere else).
Once enrolled, they can simply tap the biometric card onto a merchant’s POS terminal while holding their fingertip to the fingerprint sensor. In that very moment, their fingerprint is compared to and matched with the enrolled biometric template. This matching occurs within the card’s chip, meaning the biometric data never leaves the card and is hence not shared with the POS terminal, the card issuer, nor sent over the air. If the match is successful, the payment transaction is strongly authenticated ౼ without inserting the card or entering a PIN code. The best part is merchants do not need to upgrade their current POS terminals!
Although fingerprint recognition may have seemed like a futuristic James Bond gadget in 1971, it is now so ingrained into our daily lives that we hardly even notice it. Moreover, by 2024, 66% of smartphone owners are forecasted to use biometric authentication (versus 27% in 2019). As we look to the future, the Smart Payment Association predicts that ‘the biometric payment card has the potential for tremendous growth’4 and Mordor Intelligence expects the global biometric card market to register a CAGR of 155% from 2021 to 2026.
It is clear that authenticating one’s identity with a biometric card opens the door to a multitude of use cases in addition to payments. For example, securely signing crypto transactions or taking public transportation.
Regardless of how the future plays out, today, the biometric card already lives up to its promise of creating a more convenient and secure user experience!
About Jesper Domargård
Jesper has a genuine background from different parts of the payments ecosystem and held various senior roles with Visa and Worldline prior to joining IDEMIA. Responsible for marketing IDEMIA's global payment offering, Jesper is a frequent speaker at different events and holds an MSc in Business administration from the University of Linköping, Sweden.
About IDEMIA
As the leader in identity technologies, IDEMIA is on a mission to unlock the world and make it safer. Backed by cutting-edge R&D, IDEMIA provides unique technologies, underpinned by long-standing expertise in biometrics, cryptography, data analytics, systems, and smart devices.
IDEMIA offers its public and private customers payment, connectivity, access control, travel, identity, and public security solutions. Every day, around the world, IDEMIA secures billions of interactions in the physical and digital worlds.
With nearly 15,000 employees, IDEMIA is trusted by over 600 governmental organisations and more than 2,300 enterprises spread over 180 countries, with an impactful, ethical, and socially responsible approach. For more information, visit www.idemia.com and follow @IDEMIAGroup on Twitter.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now