As we stated in a previous blog, biometric bank cards are a strong trend defining the future of payments. Whether it’s the enhanced security, the sleek and simple customer experience or the smooth enrolment process, biometric bank cards will soon set the precedent of what the payment process should look like.
However, as a relatively new technology, you may have some questions about biometric cards. How do they work? Are they more secure than other EMV cards? Are they easy to use?
To help explain this innovation in payment technology, we’ve answered your top five questions on biometric cards from our recent webinar:
Q1: What will be the main method of fingerprint registration to the card?
The main method of registering customers on biometric bank cards is done very simply with a sleeve. In short, a sleeve is a small card reader, made of recycled plastic. There are no electronics inside a sleeve, just a button battery which provides energy when the card is inserted during the registration process. Similar to how we onboard our biometrics on smartphones, the user needs to place their finger on the card’s sensor several times. When the green light flashes, it means the fingerprint is correctly registered.
Once registered, the activation of the biometric data in the card is done after a security step: the cardholder must be authenticated with a first transaction or cash withdrawal using their PIN code or via online approval.
There are other ways users can set up their biometric payment card, depending on a banks’ strategy. For example, banks can enrol their customers’ fingerprints in the branch. This is done using a device composed of a screen and a keypad allowing to enter the card’s PIN before starting the registration. Onboarding could also be done using the consumer’s smartphone.
Q2: What is the real market pain point that biometric payment can remove now that contactless limit has been increased and security does not seem to be an issue anymore?
First and foremost, biometric bank cards offer a streamlined, simpler user experience than traditional EMV bank cards. With a simple tap, a user can perform a transaction, removing the need to enter a PIN number on the point-of-sale (POS) terminal – for both contact and contactless payments.
What’s more, despite the recent increases in contactless payment limits, biometric bank cards remove the limit on these transactions altogether. This is because users are securely authenticated by the fingerprint scanner on the card, offering the level of security needed to enable unlimited contactless payments.
Another benefit of biometric bank cards is the enhanced security for both consumers and banks. With an in-built biometric scanner, biometric cards can only be used if the user’s biometric features are presented to the scanner at the time of transaction. Even if a biometric card is stolen, it cannot be used for even the smallest transactions without the biometric authentication.
Q3: What changes are required from the banks’ processing platform and existing POS infrastructure to accommodate biometric bank cards?
In regard to banks’ processing platforms, there is very little to no impact when it comes to integrating biometric bank cards. During a transaction, some new data is sent by the card to the bank and tell the bank whether a payment was approved by biometric verification.
If banks do not want to update their current systems, the fingerprint transaction will be seen by default as an offline PIN. Consequently, banks can either fully integrate biometric bank cards progressively or instantly.
With POS terminals, there is no change required. Biometric bank cards use the same existing protocols within payment terminals as for mobile payments, so there is no need to update the POS terminal.
Q4: What is the power source of the card to ensure that the sensor can match the stored fingerprint properly? Is it inside the card? How long does it last and is it rechargeable?
One of the beauties of the biometric bank card is that it doesn’t need an integrated battery to power it. Through the power of near field communication (NFC) technology, the card takes the energy directly from the payment terminal when it is used.
The antenna of the card is designed to retrieve the maximum power from the terminal, which is enough to run the sensor and the transaction flow.
Therefore, the card can work as long as any other standard EMV payment cards.
Q5: Are you storing the fingerprint image in the sensor and if yes how secure is this?
Biometric bank cards actually do not store the full fingerprint image, but rather an extraction of very specific points of the fingerprints.
What’s more, instead of storing these data points on a bank’s central server, biometric information is stored locally inside the secure chip integrated into the card, offering a far greater level of security to both banks and consumers.
Even if someone could access the data on the chip, it would be impossible to reconstruct the fingerprint image, meaning that the card would be unusable to the hacker.
Interested and want to learn more? Leave us a question in the comments below or tweet us @ThalesDigiSec and we will get back to you!