Should Credit Cards Read Fingerprints?
The technology now exists to link a consumer’s fingerprint to a credit card. Is this a glimpse into the future, or a throwback to the early days of biometrics?
The growing adoption of biometric authentication in phones and tablets has some considering putting the technology into plastic cards.
The widespread use of fingerprint authentication in mobile devices has made many consumers comfortable with the technology. So is Mastercard’s test of a biometric payment card a case of plastic catching up to a modern tech trend, or is it instead dragging biometrics back in time?
The challenge is bringing the technology to the point of sale. Most efforts rely on special hardware, such as the fingerprint readers used by the defunct Pay By Touch or, more recently, the Near Field Communication readers required by Apple Pay, which uses the iphone’s Touch ID system as part of the payment process.
Mastercard’s recent effort shifts the hardware burden to the card itself, with the fingerprint sensor built into the plastic. It’s somewhat reminiscent of the recent wave of multi-account cards such as the recently shuttered Plastc, which allowed users to lock and unlock the card with a security code.
It’s a catchy idea that may appeal to certain issuers seeking cachet with consumers, but for a variety of reasons Mastercard’s biometric card is unlikely to be an industry “game-changer,” said Brian Riley, director of the credit advisory service at Mercator Advisory Group.
Clearly payment card fraud is a top concern for issuers, merchants and consumers, thanks to a steady parade of data breaches in the news and growing concern about sharing personal data, Riley noted, but the most robust solutions can’t be shrunk down to the size of a credit card.
Europe’s new PSD2 standards, for example call for multi-factor authentication around protocols such as Account Information Service Provider (AISP) and Payment Initiation Service Provider (PISP) that use triangulation to authenticate consumer transactions using a combination of security tools and data stored in the cloud, according to Riley.
“New multi-factor card security protocols rely on the full features of a mobile device, combined with tokenization, with emerging models including 3-D Secure 2.0, due out later this year,” Riley said.
Riley also pointed out that adding a fingerprint mechanism to a plastic card could even add new layers of vulnerability, such as how hackers used gummy bears to replicate fingerprints when Apple Pay launched.
That said, issuers and card networks have an opportunity to refine their approach as the technology comes to market. “Mastercard will continue to test many variations of the payment card that supports its global business,” Riley predicted.