Biometric technology once resided in the realm of science fiction. But, as our world became increasingly digital, card schemes looked to new solutions to help identify users and prevent fraud. This has led to increasing adoption of biometric biometric authentication solutions for payment cards.
Still, not everyone is on board. Many merchants and cardholders are hesitant to embrace this new feature due to a lack of understanding.
Biometrics may present an opportunity for banks to make more informed authorization decisions, as well as educate clients regarding enrollment. Institutions should be aware of how biometric authentication results can integrate into their risk management platform.
How Do Biometric Cards Work?
Biometric security relies on a person’s unique identifying factors, such as voice and facial features. Biometric cards use a fingerprint to identify the cardholder and validate the purchase. In this situation, a thumbprint is seen as a much safer alternative to a PIN or signature because it is more difficult for fraudsters to steal or fake biometric data.
These cards feature a built-in sensor area embedded on the actual card. The consumer dips the card into a payment terminal and places a thumb on the sensor, which is powered by the terminal. It scans the user’s fingerprint and compares it with the stored digital impression of the cardholder’s fingerprint. If they match, the transaction is approved.
Mastercard is currently in the process of distributing these cards to cardholders. If an individual wants to obtain a biometric card, the most common approach is an in-person enrollment supervised by the issuer, commercial client, or co-brand partner. During this process, up to two fingerprints are captured and converted into digital templates to be stored on the card. Once enrolled, the card is immediately ready for biometric authentication at any EMV POS terminal.
This sounds simple enough, but as we mentioned above, many are still hesitant to trust that biometric cards are safe and secure. Let’s examine some of the main concerns cardholders and merchants might have about this striking new technology.
Biometric Cards: Fact Vs. Fiction
Misinformation regarding the use of biometric authentication already dominates much of the conversation. Institutions can help ease any misgivings by familiarizing themselves with the common arguments used against biometric cards.
CLAIM: Merchants might resist biometric cards because they don’t want to change terminals again.
FACT: Biometric cards don’t require any additional changes to current EMV-enabled terminals. Biometric cards are accepted at all locations where Mastercard chip cards can be accepted.
CLAIM: If the card stores a picture of the user’s fingerprint, it can be hijacked by fraudsters who manage to hack the card.
FACT: While a digital image of the cardholder’s fingerprint is captured, it’s in an encrypted code of 1s and 0s, rather than an actual image. The user’s biometric signature cannot be reverse-engineered.
CLAIM: Biometric data is stored and shared.
FACT: A digital image of the person’s fingerprint is stored on the chip itself and never leaves card.
CLAIM: A biometric card is powered by a battery that will eventually die, leaving the cardholder without access to their funds.
FACT: Mastercard designed their card to draw power from the terminal itself, therefore a battery is not required.
These are some of the most common objections. However, we encourage all institutions to learn more about biometrics from a variety of sources. The more knowledge one shares, the more confident cardholders and clients will feel using biometric cards.
Ups and Downs of Biometric Authentication
Biometric cards are convenient and easy to use, with benefits to consumers, retailers, and banks. Their unique technology helps detect and prevent fraud while potentially increasing approval rates.
Retailers can maximize the shopping experience and help customers feel safer and more secure, and everyone involved in the transaction can rest assured that the person using the card is the genuine cardholder. Biometric cards also offer the following benefits:
- Delays with cardholders forgetting their PIN or typing it incorrectly are avoided.
- Higher value purchases can be processed without pausing for a PIN or signature.
- Transaction volume can be increased.
- Merchants have peace of mind that the person using card is the actual cardholder.
- More confidence in the transaction means more approvals at the POS level.
When it comes to chargeback, liability rests with the issuer if the biometric match is successful. This takes some pressure off the merchant.
While these are great advantages, we should also recognize some of the technology’s shortcomings. For instance, biometric cards have no real efficacy on card-not-present transactions. Given that 60-80% of chargebacks are cases of friendly fraud, this means that its utility will be limited there.
Also, if the biometric match is not successful the transaction will be processed using the highest priority CVM supported by the card and terminal (typically a PIN or signature). This could create additional friction, thereby increasing the likelihood of a cardholder abandoning their purchase.
Biometric authentication helps solve one of the more challenging aspects of the payments fraud debate: deciphering whether the customer is who they claim to be. Thus, biometric cards could soon become the standard means of identity verification and more platforms are integrating the use of this new technology.
As more people obtain and use biometric cards, educating players on all sides of the transaction remains the best way to ensure understanding and confidence.
Institutions can help by dispelling rumors, ensuring clients understand how biometric authentication works, and offering a seamless transition during the enrollment process. However, they must also be sure to set clear expectations for merchants, and let them know about the limitations of biometric cards.