Biometric authentication offers an innovative way for a user to authenticate themselves. A user’s face, iris, fingerprint or even voice can be used to authenticate a payment. This provides a seamless user experience without compromising on security. However, a successful project requires careful strategic planning and execution to navigate the necessary security and regulatory challenges.
In this blog, which is the latest in our biometrics blog series, I answer some of the key questions on the importance of certification and the role of testing in deploying successful biometric solutions.
Firstly, what role does certification play within the payment ecosystem?
The payment ecosystem brings together many stakeholders including payment service providers, merchants, vendors, payment networks, banks and fintechs. The process of certification acts as a layer of trust between these key players.
Certification should not be thought of as a tick-box exercise, but as a continuous process to ensure compliance with the latest standards and regulatory requirements. Through this, the whole payments ecosystem benefits, as higher levels of regulation increase both security and privacy in payment authentication.
Through certification, vendors can ensure that their products offer a seamless and secure experience. This inspires confidence for the end user, which is an accelerator of product adoption. Crucially, it’s also a way for product vendors to differentiate themselves from their competitors.
What is the importance of applying testing and certification to biometrics?
Testing and certification are fundamental to influencing and supporting the continued evolution of the biometric ecosystem. This is because biometrics, if implemented correctly, can provide robust security and a frictionless user experience. These two factors are seemingly contradictory, as often strong security means a more arduous customer experience. Therefore, striking the delicate balance between them is critical and can give a notable competitive advantage to any payment solution.
However, the biometrics ecosystem is largely fragmented, causing additional challenges for stakeholders. Individual companies and standards organisations are increasingly requiring certification to validate the security and reliability of a solution. Given the variance in requirements between the different international and domestic schemes, developing a product which satisfies multiple standards requires deep expertise and sophisticated testing strategies.
Robust testing and certification protocols ensure that any product meets the latest protections benchmarked against best-in-class solutions. This means that if a solution provider wants to demonstrate the value of its product by achieving certification, it must meet the relevant requirements. By developing biometrics certification initiatives, payment schemes can play a crucial role in advancing the ecosystem by continually pushing providers to improve their solutions and align with ever advancing demands.
Certification is also solving several vendor challenges. For example, it contributes to reducing product time-to-market. This is because when choosing a sensor which is already qualified, product vendors no longer need to go through all the required testing. Additionally, it enables multi-sourcing and the selection of several providers, which is key in the context of the chip shortage.
How are consumer attitudes to biometric payment cards and mobile payments changing?
After over a decade of biometric integration on smartphones, a large number of users are already familiar with using their fingerprint to authenticate themselves. Statista reports that 97% of mobile devices in 2022 worldwide are capable of utilising biometric authentication. This familiarity translates well to user adoption of biometric payment cards, which will help drive widespread implementation.
However, to make the most of this familiarity, a biometric solution must be secure. If any vulnerabilities can be exploited, it risks a major loss in public trust. Testing can help ensure trust. Harnessing the latest artificial intelligence and machine learning techniques to validate products against the broadest set of use cases, requirements and benchmarks can ensure a solution is tested meticulously. It can be assessed not just against certification conditions, but also against the myriad of variables and attack capabilities that certification does not yet account for.
Likewise, reliability is essential to encourage adoption. Businesses need to ensure that they can provide a consistent payment experience, otherwise they will risk reputational damage. Factors such as light and humidity can influence the performance of biometric solutions. Solutions that address how environmental conditions impact the reliability of biometric solutions allow payment providers to enhance the quality and reliability of their products.
How do you see biometric payment authentication evolving in the next 12 months?
Comparing past certifications to the most recent ones highlights the evolution of testing. This progress has allowed solution providers to produce next generation payment products. As this process continues, more solutions can leverage the unique benefits of biometric authentication. For example, multimodal implementations – where a solution utilises multiple biometric identifiers – don’t just allow solution providers to give consumers even more ways to authenticate payments. More importantly, they also provide a secure authentication method without sacrificing the user experience.
Biometrics are now a staple of mobile technology, and this trend looks set to expand into the payment card ecosystem. The market is also seeing the introduction of use cases from companies such as Amazon and Alipay, where consumers do not even need to carry their phone or wallet while shopping. As long as consumers have their biometrics registered, they can make purchases.
As innovative new use cases expand the reach of this technology, understanding how to securely deploy biometrics is key for solution providers. Standardised testing and certification lay the foundations for this.
The regulations and requirements that govern biometric authentication are constantly evolving in line with the latest technological developments. Comprehensive certification and testing allow developers and OEMs to compare their products against uniform benchmarks. This ensures that they are meeting fundamental requirements that help them retain user trust.
Stéphanie El Rhomri is Vice President of Services at Fime