Adoption of biometric payment cards is increasing across the globe, and there are many reasons for this. Let’s start with regulatory compliance and enhanced security.
The recently imposed Strong Customer Authentication (SCA) under the Second Payment Services Directive (PSD2) requires banks to perform more checks to confirm the identity of a consumer at the checkout. Consumers must therefore take additional steps to authenticate themselves for certain transactions, such as those of a specific value or after every five transactions, to limit potential fraud use.
Consumers can authenticate themselves by using their PIN, however, biometrics can streamline this process. Using their unique physical characteristics to pay guarantees a consumer’s identity, so they can make SCA-compliant payments of any value that reset the transaction counter every time they pay. This kind of strong authentication has the potential to drastically reduce various types of fraud (and all associated costs), and it provides added convenience for consumers since they may never have to use their PIN again.
Adding biometrics to payment cards also helps issuing banks to bring some needed energy to their cards, helping them promote their brand and build consumer loyalty whenever it’s taken out to pay. This brand exposure is not as strong with other payment methods, such as mobile payments where the card is hidden inside the phone. Given the innovative nature of biometric payment cards right now, it also shows that the bank is leading the curve – not falling behind it.
Thanks to smartphones, consumers are now used to authenticating with a ‘touch’ and actively want to use biometrics in their everyday lives. By capitalizing on this trend for physical cards, banks have a timely customer acquisition and retention tool.
Concerns or misconceptions from issuing banks
As with all new technology, there are apprehensions with being an early adopter. One question that banks often ask is: “Where is a consumer’s biometric data is stored?”. Are images of fingerprints stored in the cloud or on-prem by the issuer, creating a privacy and compliance nightmare? But no, the card doesn’t store an image of your finger. When you enroll, a template is saved and stored securely as encrypted data on the card and never leaves it.
I was also recently in the Middle East, and someone asked me whether a biometric payment card would break if it was kept in their back pocket as they sat down for a coffee. Rigorous testing must be run to ensure the card’s biometric sensor can endure the same wear and tear as a normal card. This is an industry requirement, in fact. Mastercard and Visa certification ensures that a fingerprint sensor is robust, scratchproof, and doesn’t dislodge during the life of the card.
Card scheme certification also requires strict anti-spoof measures. These make the attack vector so small that the effort and cost required to hack one card is pointless for fraudsters. All of this comes together to make the biometric payment card much more secure than a card which only has a PIN for security.
Another common apprehension surrounds the cost of the technology. Cost of sensors has come down in the last few years, and this cost will reduce further as deployment volumes increase over time.
Interest in biometric payment cards has been piqued, with the market now burgeoning in Europe, Mexico, the Middle East, and recent rollouts seen in Africa and India. I expect we’ll see many more this year.
The technology is ready and beginning to add value to the banks – particularly for those seeking to use biometric payment cards as a new revenue stream, they can expect a return on investment when offered as a value-add or premium service to cardholders.
More card level certifications will be announced by card manufacturers as these are secured throughout this year. Along with this, we’ll see collaborations that will support a shorter time-to-market of biometric payment cards, lower barriers to entry, and easier integration time.