How biometrics can protect future card transactions
By Susan Johnston Taylor
August 27, 2015
MasterCard announced a small pilot program in June 2015 with 500 users using facial recognition to verify the identity of the cardholder to authorize a transaction, essentially like taking a selfie before you pay.
While MasterCard made headlines for its clever use of selfies, it isn't the only financial institution to use biometrics to authenticate a customer's identity. For example, USAA became the first U.S. financial institution to allow customers to log onto its mobile app using facial and voice recognition.
As futuristic as it may sound, biometric security (checking someone's identity using bodily characteristics such as face, voice or fingerprints) has been under development for decades. Only recently has the technology become more widely used.
“In the past five years, it's starting to pick up some momentum, because it's becoming much more reliable,” says Paul Schuepp, a member of the board of directors for the Secure Identity & Biometrics Association (SIBA) and an independent biometric consultant.
Wider adoption is partly driven by the high quality cameras and fingerprint scans now available in smartphones. Prior to smartphones, the need to install biometric sensors at every payment terminal made biometrics impractical and expensive, says Joseph Atick, founder several biometrics companies. “Now devices that people carry in their pockets are equipped with biometric capture devices,” he says. That device can communicate with payment terminals once your identity is verified.
Several more financial institutions are experimenting with biometrics, but haven't yet announced how they'll use it, according to Schuepp. There are a number of other applications in addition to financial institutions. For instance, theme parks such as Disney use fingerprint-scanning to ensure that a multiday pass is used by the same person each day and Nigeria used biometric voter card readers to scan fingerprints to prevent voter fraud in its presidential election earlier this year.
“[Verifying identity] is the best really the hottest application now, so we can get rid of passwords and really, truly know who that person is on the end of the device,” Schuepp says.
However, privacy concerns have also stymied biometrics adoption. In order to verify your voice, face or fingerprint, the sample you give needs to match up against a stored reference point. “Many companies are trying to stay away from facial recognition because they don't want to be accused of invading your privacy,” Schuepp says.
Atick says smartphones have alleviated some of these privacy concerns because data can be stored locally so that it “never leaves the secure portion of his or her cellphone.”
The environment in which you verify your identity can also impact the reliability of some biometrics. For instance, facial recognition may not work as well if you're trying to authorize a transaction in a dark bar. Atick suggests that in an ideal world, your credit card issuer would give you multiple biometric options depending on the environment and the size of the transaction.
“My iPhone allows me to use my finger or my face because there's a camera in it,” he says. “Touch and a selfie could be a higher-level transaction. If I'm buying expensive earrings, they would want to ask me for more authentication. ”
Despite concerns, experts predict we'll see more card issuers and other companies using biometrics in a variety of ways. “As the technology improves, the range of environments will increase and consumers will flock to using this type of methodology of tying in your credit card to your biometric,” Atick says. “We've never been closer to the realization of the dream where you can authorize your payments via your finger, your voice or your face.”