Mastercard and Visa ramp up biometric drive
Mastercard and Visa have kicked off 2018 with ambitious plans to accelerate the adoption of biometric authentication, reports Douglas Blakey
Mastercard has announced plans for all consumers to be able to identify themselves with biometrics when using Mastercard from April 2019.
This move means banks offering Mastercard solutions must be able to offer biometric authentication for remote transactions, alongside existing PIN and password verification. It will also apply to all contactless transactions made at terminals with a mobile device.
Meantime, Visa is collaborating with Sweden-based Fingerprint Cards, a biometrics company, to deliver a trial of biometric payment cards in the US, in partnership with Mountain America Credit Union.
In addition, Gemalto is working with Fingerprint Cards and Bank of Cyprus to issue a biometric EMV card that uses fingerprint recognition instead of a PIN to authenticate the user.
According to research from Oxford University, 93% of consumers prefer biometrics over passwords for verification and 92% of banking professionals want to adopt biometrics.
Furthermore, a report from banks highlights that the use of biometric authentication could potentially decrease purchase abandonment rates by up to 70%.
Mark Barnett, President, Mastercard UK & Ireland says: “Biometric technologies perfectly meet the public’s expectation for state-of-the-art security when making a payment.
This will be of great benefit to everyone: consumers, retailers and banks. It will make the purchase much smoother, and instead of having to remember passwords to authenticate, shoppers will have the chance to use a fingerprint or a picture of themselves.
This move is part of the firm’s plan to help banks and retailers prevent fraud. In addition, it meets regulatory requirements set out by PSD2 and new EU regulations. Other additions as a part of this include Mastercard’s Automatic Billing Updater and Decision Intelligence, an AI-powered fraud detection service.
Biometric cards have been a talking point in the industry for some time.
Paul Kobos, SVP Banking and Payment at Gemalto, tells RBI: “It’s been in development for a while. I think the idea is not specific to Gemalto.
“It’s a no brainer, everyone in the industry sees people paying and getting access with their smartphone and doing things with fingerprints and biometrics. This is logical. The idea is a general idea and it’s being pushed by a couple of the card associations.”
Considering how logical the idea is, there are many options available. As well as the options already considered, Mastercard is testing biometric EMV cards in South Africa and hoping to launch them this year.
However, Mastercard’s plans for this go as far back as 2014 and the firm hoped to launch them across the UK in 2015.
With options in the market, what separates Gemalto’s offering?
“I would say Gemalto’s spin is that we’re promoting the feature that it doesn’t have a battery,” Kobos explains.
Some of the other ones have a battery which adds shelf life. When you slide ours into the reader, it is powered by the connection to the EMV chip. If it’s contactless, it uses the radiowaves that it uses in the EMV transaction to power the necessary microprocessor and fingerprint sensor. There’s no concern about battery life. That’s one of our main differentiators.
With fingerprint biometrics now on the majority of recent smartphone hardware, it’s become commonplace. Surely this means the consumer is ready for it on other devices.
Kobos says: “I saw a statistic from Visa Europe when they polled their customers and 7/10 customers said they wanted some kind of biometric identification when they do payments and 53% of them prefer fingerprint.
“I think it’s definitely a good time as people are used to the technology and actually want it and see the inherent security value.”
While it is fair to say that there could be wide adoption for such a product, it is not guaranteed. There are some stumbling blocks to actually giving this product to a consumer.
“Realistically, there are two hindrances,” Kobos says. “First of all, you have to go into a branch to register your fingerprint which is stored on the card.
Going into the branch, particularly in the US, is not something a lot of the big banks are interested in right now and would prefer self-service. So there is limited adoption in the short term.
If the larger banks were good at segmenting their portfolios into those who make higher value transactions or those who are high net worth individuals, they could offer it to them to limit fraud on high value transactions. It could work for larger banks in that way.
In the US, there could be a place for credit unions as they actually encourage people to enter a branch. They want to give that human touch to differentiate over the larger banks which are considered impersonal. They welcome people entering the branch.
One of the most appealing aspects of biometric security is in the name; the security it brings. However, especially in the early days of the technology, there were many cases of false positives and negatives. While a false negative is annoying, it can easily be fixed by using the card naturally with a PIN. On the other hand, a false positive can give an unauthorised person access.
Kobos explains: “The performance of our biometric contactless cards complies with international standard requirements, which are less than 1 in 10,000 for false acceptance rate and below 5% for false rejection rate.
“Additionally, the fingerprint sensor used on the card is based on capacitive technology. That offers stronger security, as it cannot be fooled by a 2D copy of a fingerprint, unlike the optical sensors used in some smartphones and tablets. It’s almost impossible for a fraudster to make a 3D copy of a fingerprint from the prints or traces left on a stolen card.”
Kobos concludes: “It’s just up to the market acceptance. If people see it and think that really adds some security, there could be some natural pull from the market. I think the first steps will be those with differentiated portfolios.”
Visa Canada biometrics survey
Canadian consumers will embrace the use of biometrics as faster, easier and more secure alternatives to passwords, according to a report released by Visa Canada.
The survey finds that new forms of biometric authentication such as fingerprint, facial, and voice recognition, can make unlocking accounts and payments much easier and more convenient than traditional passwords or PINs – which are difficult to type onto tiny keyboards, easy to forget, and can be stolen.
“Advances in mobile device technology is increasing the speed and accuracy of biometrics, such that they can be used for financial transactions,” Gord Jamieson, Head of Risk Services, Visa Canada, tells RBI.
“This makes it the ideal time to integrate biometric technology into payments experiences for customers. At Visa, we are investing in the best ways to add these emerging technologies to our products and services.”
Authentication Survey Findings
According to the Visa study conducted by AYTM Market Research, 85% of Canadian consumers are interested in using biometrics to verify identity or to make payments, and six-out-of-10 (59%) of consumers are already familiar with biometrics. Findings from the survey illustrate consumers’ desire to see the implementation of biometric tools in payment authentication processes.
Highlights from the survey include:
- Canadian consumers were most familiar with fingerprint recognition, with 57% having tried fingerprint recognition, and 25% using it regularly. By comparison, 39% have tried voice recognition in the past and only 10% use it regularly;
- 65% of respondents find biometrics easier than passwords and 57% consider it faster. Fewer than a third of consumers (31%) use a unique password for each of their accounts;
- A third of Canadians (32%) have abandoned an online purchase because they couldn’t remember their password;
- 95% of consumers responded that the top benefit of using biometrics is eliminating the need to remember multiple passwords or PINs, followed by 44% who said that biometrics is more secure than passwords or PINs for verifying identity, and
- 44% of consumers are concerned both about the risk of a security breach of sensitive biometric information and 43% are concerned that biometric authentication won’t work well/will take multiple tries.