Beyond Apple Pay Touch ID: Adopting Fingerprint Biometrics for Secure Payment Transactions

Author


Brijesh Chaudhary

EMV and Chip Payment Expert, Opus Consulting
linkedin

According to Apple, it sold more than 13 million new iPhone 6s and 6s Plus devices between Friday September 25th and Monday September 28th. These and all previously sold iPhone 5S, iPhone 6, iPhone 6 Plus, and iPad Air 2 devices include Touch ID, a fingerprint recognition technology that authenticates users so they can unlock their device and make Apple Pay transactions.

The widening adoption of near-field communications (NFC) technology by retailers allows secure wireless payments through Apple Pay. Biometric information from the Touch ID scan of the user’s finger is transferred and verified internally by the Apple device.The system requires users to input their VISA, MasterCard, or American Express credit-card details into their phone and — upon receipt of this detail — the card network will send a token and the transaction security key to a secure element within the iOS device. The user’s credentials are stored in the iPhone device and accessible through the user’s fingerprint biometric authentication. The biometric information of the consumer is securely stored in the iPhone device.

But how secure is this new form of authentication? According to Apple, the Touch ID fingertip scan is intended as a convenient alternative to entering a password. Various groups have claimed to have successfully bypassed this “unique” user ID (since fingerprints can be lifted from everyday objects the user touches), and an injury to a finger or Touch ID sensor malfunctions can limit its reliability. While these issuesdo not seem to have dampened the consumers’ enthusiasm for the convenience of contactless mobile payments, should the payments industry “at large” consider investing in fingerprint biometrics for customer authentication?

Biometrics: the Business Case

The rapid adoption of biometrics authentication in mobile payments offers an opportunity for payment-service providers to provide an easier and more convenient authentication mechanism for access to iPhone electronic wallet credentials than having to remember and type a PIN. This convenience would eventually make this a preferred method for authentication, especially for Generation M (Millennials with a strong preference for mobiles)

While biometric-system implementations would be a major investment for acquirers and merchants, some of these costs will be offset by the reduced demand for password-support services and lower fraud-related expenses. As with the adoption of EMV cards, the liability for transactions will also shift to the (commercial) customer.

Currently, the absence of high level standardization for biometric authentication can be a barrier to interoperability. The Fast IDentity Online (FIDO) Alliance, an industry consortium, is now developing open specifications for strong universal authentication. This would allow technologies such as biometrics to be used in a common, interoperable way.The major payment schemes have joined the FIDO Alliance, along with leading technology companies and banks, to envisage FIDO protocols in the payment space.

Summary

Fingerprint technology is quite well accepted compared to other biometric-identification technologies like hand or palm geometry, eye-iris scans or facial characters. However, biometric authentication is not yet a fully mature technology, nor is it a remedy for all problems related to securing payment transactions. Understanding its potential; how it works, when to use it — and when not to — is the current challenge for IT professionals in the payments industry.

Recent Posts

Leave a Comment

Start typing and press Enter to search

Payment Blog (4)Payment Blog (5)