Biometric Payment Card – Contactless card authentication

27 Jun 2019

                                                             

  • In the UK, NatWest and RBS are trialling a contactless payment card with a built-in fingerprint scanner, which matches against the biometric reference data stored in the card;

  • Consumers will be able to make purchases over the current set threshold (GBP 30) without the need of a PIN;

  • Biometric payment cards enable seamless cardholder verification with the potential to mitigate fraud on contactless transactions.

 

Point of View

 

In the UK, contactless transactions are increasing rapidly, with a 23.4% increase in use during March 2019 compared to the same month in 2018. According to figures by Action Fraud, contactless card fraud in the UK is surging, with fraudsters stealing a total of £1.18m (AUD $2.164m) from contactless users in 2018, compared to £711,000 (AUD $1.3M) in 2017. The association estimates this type of fraud accounts for about 3% of all card fraud. Visa has launched its pilot program with NatWest and RBS, giving 200 customers the opportunity from mid-April 2019 to take part in a three-month trial, during which they will be able to authenticate their contactless card purchases for any value using their fingerprint, instead of a PIN.

 

In the UK, the Average Transaction Value (ATV) on card payments has continued to decline to reach the lowest level since October 2000. The ATV fell between March and April to £41.86 (AUD$76.55), compared to £43.83 (AUD$80.15) a year ago. The set cap for transaction authentication of contactless transactions in the UK is £30 (AUD$54.86), meaning that cardholders will often be required to enter a PIN to verify their transaction. This suggests that in the UK, the introduction of a biometric payment card, which can securely verify the cardholder for transactions of any value, will provide an improved customer experience while also providing greater security to combat the rising fraud levels.

 

Biometric payment cards use an in-built fingerprint scanner to verify the cardholder. Before using the card, the cardholder needs to enrol their fingerprint. Mastercard Executive Vice President, Identity Solutions Bob Reany commented that “a convenient and effective remote enrolment process is necessary for mass adoption.” UX design specialists Block Zero have designed three different ways that cardholders can enrol their fingerprints; by using a smart box, by using a payment terminal the first time the cardholder uses the card and by using a smartphone. The enrolment creates a signature that is securely stored in the card. When the cardholder places their finger on the card’s sensor during a transaction, the card will detect whether the scanned print matches the reference data stored in the card. Assuming the biometrics match, the transaction will then be authorised. If there is an unsuccessful biometric match, the terminal will prompt the cardholder for a PIN as a fallback verification method.

 

The biometric payment card with fingerprint authentication offers several benefits:

 

  • Improved security to reduce fraud - The card stores the fingerprint reference data, bypassing the need for the secure information to be shared beyond the card for validation. Additionally, the technology safeguards against duplicated 2D and rubber fingerprints as it requires electrical capacitive sensing.

  • Convenience - Where the biometrics match, authenticated contactless purchases for any value can be made without the need for other verification methods that add friction to the transaction such as PIN.

  • Compatibility - The cards are designed to be compatible with existing payment terminals that accept contactless card payments, enabling immediate acceptance once the cards have been issued.

  • Long-lasting - Gemalto has developed a biometric EMV card which has a sensor that is powered by the payment terminal and does not require an embedded battery or need to re-charge the cards.

 

Implications

 

Australia has embraced the convenience of contactless transactions, with one of the highest rates of adoption in the world. Westpac reported that in 2017, contactless was used to perform over 90% of purchases. The RBA reported that the average transaction size of domestic card transactions is $65, which is well below the verification cap of AUD$100 for contactless transactions, meaning the majority of contactless transactions are performed in Australia without the requirement of PIN as an additional verification method.

 

While AusPayNet does not collect statistics from its Members directly on contactless fraud, the Australian Police have been active in warning merchants about the risk of unauthenticated contactless transactions. Mastercard has commented that “though contactless usage makes up more than 85 per cent of transactions in Australia, contactless fraud is only around 2.5 per cent of the total value of card fraud.”

 

Will we see biometric cards introduced in Australia? There are a number of key benefits biometric payment cards could deliver to the Australian payments network. These include:

 

  • Fraud prevention – a potential reduction in fraud. 2.5% of the total value of card fraud based on AusPayNet’s figures from 1 July 2017 to 30 June 2018 is $13.77m p.a.

  • Cardholder control – If a cardholder could customise the verification limit of their biometric card to suit their individual risk profile (so I could set my verification limit to $0, requiring biometric authentication for all transactions) – biometric payment cards could provide greater control for cardholders.

  • Accessibility – There are benefits of using biometrics as a verification method for the vision impaired, as opposed to keying a PIN into a third-party device. Work is currently being carried out to develop Accessibility Guidelines for the vision and mobility impaired.

 

Biometric payment cards are designed for use in a single channel; a card, used over the counter with a contactless point of sale device. So, with the growth of new channels (online) and viable alternatives (mobile wallet solutions including digital cards that incorporate biometric verification), there may not be a clear-cut case for biometric payment cards, with next generation solutions already apparent.

 

In the short term however, there may be a need. The RBA reported 87% of transactions are performed over the counter and there are over 1 million contactless point of sale devices in Australia. However, the continued launch of alternatives such as banking proprietary wallets and Original Equipment Manufacturer (OEM) mobile wallets such as ApplePay, GooglePay, SamsungPay makes the viability of biometric payment cards in the medium term less viable. The Commonwealth Bank reported an increase in the number of customers reaching for their smartphones to pay increasing by 35% in the first 6 months of 2018, with one in every 5 tap and pay transactions conducted in supermarkets now being performed with a mobile phone. Statistics such as these would indicate that Australians are reaching for their mobile phones to make everyday payments, shifting away from cards in general.

 

 

The opinions and views expressed in this publication are those of the authors exclusively and do not purport to reflect the opinions, views or official policy position of AusPayNet or its members. This publication is also subject to the AusPayNet Terms of Use and Privacy Policy available on the AusPayNet website.

 

 

 

Please reload

Consumer
Centric
Technology and Innovation
Policy and 
Regulation
ARCHIVES
Please reload

Disclaimer

The opinions and views expressed in this publication are those of the authors exclusively and do not purport to reflect the opinions, views or official policy position of AusPayNet or its members. This publication is also subject to the AusPayNet Terms of Use and Privacy Policy available on the AusPayNet website.

 

Copyright © 2017 AusPayNet. All rights reserved.  

Read full Terms of Use

Privacy Statement