View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Analysis
February 2, 2018

Biometric authentication: Security at the user’s fingerprints

By Briony Richter

Once an aspect of science fiction, fingerprint scanners are now commonplace. Since Touch ID was installed on the iPhone 5S, biometric technology has become a part of many consumers’ day-to-day life. Now, it’s making the move to plastic cards. Patrick Brusnahan writes

Several firms are bringing biometrics to debit and credit cards.

Sweden-based Fingerprint Cards, a biometrics company, is collaborating with Visa to deliver a trial of biometric payment cards in the US, in partnership with Mountain America Credit Union.

In addition, Gemalto is working with Fingerprint Cards and Bank of Cyprus to issue a biometric EMV card that uses fingerprint recognition instead of a PIN to authenticate the user.

Biometric cards have been a talking point in the industry for some time.

Paul Kobos, SVP Banking and Payment at Gemalto, tells CI: “It’s been in development for a while. I think the idea is not specific to Gemalto.

“It’s a no brainer, everyone in the industry sees people paying and getting access with their smartphone and doing things with fingerprints and biometrics. This is logical. The idea is a general idea and it’s being pushed by a couple of the card associations.”


Considering how logical the idea is, there are many options available. As well as the options already considered, Mastercard is testing biometric EMV cards in South Africa and hoping to launch them this year.

However, Mastercard’s plans for this go as far back as 2014 and the firm hoped to launch them across the UK in 2015.

With options in the market, what separates Gemalto’s offering?

“I would say Gemalto’s spin is that we’re promoting the feature that it doesn’t have a battery,” Kobos explains.

“Some of the other ones have a battery which adds shelf life. When you slide ours into the reader, it is powered by the connection to the EMV chip. If it’s contactless, it uses the radiowaves that it uses in the EMV transaction to power the necessary microprocessor and fingerprint sensor. There’s no concern about battery life. That’s one of our main differentiators.”

With fingerprint biometrics now on the majority of recent smartphone hardware, it’s become commonplace. Surely this means the consumer is ready for it on other devices.

Kobos says: “I saw a statistic from Visa Europe when they polled their customers and 7/10 customers said they wanted some kind of biometric identification when they do payments and 53% of them prefer fingerprint.

“I think it’s definitely a good time as people are used to the technology and actually want it and see the inherent security value.”

While it is fair to say that there could be wide adoption for such a product, it is not guaranteed. There are some stumbling blocks to actually giving this product to a consumer.

“Realistically, there are two hindrances,” Kobos says. “First of all, you have to go into a branch to register your fingerprint which is stored on the card.

“Going into the branch, particularly in the US, is not something a lot of the big banks are interested in right now and would prefer self-service. So there is limited adoption in the short term.

“If the larger banks were good at segmenting their portfolios into those who make higher value transactions or those who are high net worth individuals, they could offer it to them to limit fraud on high value transactions. It could work for larger banks in that way.

“In the US, there could be a place for credit unions as they actually encourage people to enter a branch. They want to give that human touch to differentiate over the larger banks which are considered impersonal. They welcome people entering the branch.”

One of the most appealing aspects of biometric security is in the name; the security it brings. However, especially in the early days of the technology, there were many cases of false positives and negatives. While a false negative is annoying, it can easily be fixed by using the card naturally with a PIN. On the other hand, a false positive can give an unauthorised person access.

Kobos explains: “The performance of our biometric contactless cards complies with international standard requirements, which are less than 1 in 10,000 for false acceptance rate and below 5% for false rejection rate.

“Additionally, the fingerprint sensor used on the card is based on capacitive technology. That offers stronger security, as it cannot be fooled by a 2D copy of a fingerprint, unlike the optical sensors used in some smartphones and tablets. It’s almost impossible for a fraudster to make a 3D copy of a fingerprint from the prints or traces left on a stolen card.”

Kobos concludes: “It’s just up to the market acceptance. If people see it and think that really adds some security, there could be some natural pull from the market. I think the first steps will be those with differentiated portfolios.”


NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy


Thank you for subscribing to Electronic Payments International