When you pay for goods or services, you typically use your fingers to complete the transaction. However, any set of fingers can complete that transaction, as long as the person attached to them has the proper information.
Imagine a world where your unique fingertips — or other unique physical characteristics — are needed to process a transaction, a world where whatever you paid with actually verified you were making the transaction. Imagine a credit card or digital device checking physical characteristics, such as your eyes, face, voice or fingerprints. Welcome to the world of biometric identification.
It wasn’t that long ago when a signature was the hallmark of a secure transaction. A merchant could compare the signature on the back of your card to your signature on the receipt. However, in today’s increasingly digital age, signatures are astoundingly insecure. In fact, in April 2018, the four major credit card companies in the United States (i.e., American Express, Visa, Discover, and Mastercard) made a big change: they stopped requiring a customer’s signature to process a transaction. If you’re still signing screens or receipts, that’s because of a particular merchant’s policy.
Fraud costs card issuers and merchants a lot of money. According to a 2016 Nilson Report, global losses due to fraud reached $15 billion, with card issuers bearing 72% of that amount and merchants shouldering the remainder. Because many card-issuing companies have zero-liability policies for cardholders, they’re contractually required to offset fraudulent chargers.
Card issuers and merchants have a vested interest in decreasing credit card fraud, both to improve their bottom lines and to protect consumers. As cash payments decrease, businesses are looking to new technology to secure their transactions. It wasn’t long ago that security chips were a cutting-edge security technology for credit and debit cards. This technology, the EMV chip, it allows companies to store card data on an embedded digital chip, as opposed to a magnetic strip. These chips are very difficult to counterfeit, unlike easily-replicated magnetic strips. The EMV chip generates a one-time use code for each transaction, making the transaction details less useful to hackers.
However, payment companies are hoping to capitalize on technologies that go a step farther. Many are examining the possibilities of biometric identification. Biometrics are unique sets of physical characteristics, such as fingerprints, facial recognition, voiceprints, and iris or retinal scans. Companies hope technologies that verify these unique personal traits can drastically reduce cases of fraud.
Fingerprint-reading cards are one example of this technology. These cards have self-charging fingerprint readers embedded in them and are intended to reduce “card-present” fraud. This type of fraud occurs when a consumer is physically present and making a purchase at a terminal with someone else’s card. For example, NatWest Bank in England is conducting a trial of this technology on its debit cards. By embedding this technology in cards the bank already offers, it hopes clients who can’t or don’t want to use mobile payments will have a more secure payment option. Mastercard also launched a biometric card trial in 2018 and followed up with a plan for customers to identify themselves with biometrics beginning in April 2019.
Biometric identification has worried some consumers and critics about far-reaching consequences of the technology. If companies verify consumers with highly personal information, such as facial scans or fingerprints, all that verification data must also be stored by companies. Today, security breaches typically result in passwords and other text-based account information being stolen for nefarious gains. However, most breaches typically have only short-term impacts on consumers. However, if criminals get their hands on fingerprints or facial biometrics, this can have long-lasting implications for compromised consumers. You can always change your password, but you can’t change your fingerprint.
Financial institutions bear the brunt of theft-related fallout today. Will they find ways to more securely process transactions with minimal negative implications for themselves and consumers? Time will tell.