Biometrics: a broad scope of application in payment
Biometrics consists in identifying a person by analyzing his or her biological and behavioral data, which is unique to him or her. Among its applications are, for example, fingerprint scanning and facial recognition, technologies that are increasingly used nowadays because they are often implemented in our smartphones. Payment players are closely studying ways to use biometric data, with the main objective of strengthening the security of payment transactions. This concern is also part of the race to implement strong authentication, which is required by the PSD2.
The interest of biometrics in payment
Biometrics is therefore positioning itself as the next bulwark against payment fraud. This fraud is constantly evolving in order to circumvent the security measures put in place to counter it. Having your wallet stolen was the first form of fraud, and there are many forms of fraud today.
One of the main concerns in terms of payment security is the control of transactions made online, particularly through new ways of paying for purchases. Cash and bank cards are no longer the only ways to make a transaction, and payment players needed to think about ways to secure these new media. With the advent of e-commerce, it was indeed necessary to quickly find answers to the new forms of fraud. It was during this period that we saw the imperative capture of the visual cryptogram during an online transaction, followed a few years later by the implementation of 3D Secure (SMS confirmation of the transaction) as an additional barrier.
These initial measures taken when the two Payment Services Directives (PSD1 and PSD2) were adopted were able to counter the first forms of online fraud, but they no longer cover all the risks in 2021. The European Commission and the European Banking Authority have therefore decided to impose in September 2019 Strong Authentication* for online purchases, which has since been progressively implemented.
This strong authentication adds a confirmation step during online transactions and can use biometrics to do so. In fact, the directive stipulates that two of the following three security factors must be combined: what you know (code or password), what you have (telephone), and what you are (biometrics). Confirmation of purchase can be made by scanning your fingerprint on your bank’s banking application. Already used for other increasingly common actions, such as unlocking your smartphone, this scan could become in the near future the best way to authenticate yourself when making an online purchase.
Applications of biometrics in payment
Indeed, biometrics concerns many new use cases in terms of authentication: customs crossings in some airports, for example, can be done by scanning a biometric passport combined with facial recognition.
Credits : Idemia
As far as the world of payment is concerned, it won’t take long for biometrics to become an important part of it. New concepts are emerging every day, driven by both young Fintech companies and traditional banks. Here are a few examples:
- The biometric payment card is gradually making its appearance in the payment sector. The latest announcement to date is that of BNP Paribas, which should generalize its biometric card in a few months. This card is equipped with a fingerprint scanner. At the time of payment, the cardholder will present his or her card in front of the payment terminal as for a contactless payment, while keeping his or her finger on the scanner. There is no need to type in the security code: the biometric scan will replace it, making it even more secure and reliable.
- Some biometric VSEs already exist, although designed for specific markets. This is the case in India, where the Aadhaar program has been in operation for several years. This program consists of the creation of a gigantic database containing the biometric traits of the entire Indian population. Biometric VSEs would therefore, in theory, allow them to pay for their purchases simply by placing their finger on the scan integrated into the VSE.
- The opening of online bank accounts, with facial recognition as a guarantee of your identity.
- Behavioural analysis of Internet users would also make it possible to identify suspicious behaviour. Is he left-handed? Does he type quickly on his keyboard? These questions seem insignificant, yet they are part of more than 2,000 behavioral parameters that would ultimately allow the reliable identification of the Internet user.
Biometrics therefore has many arguments to become the most common way to authenticate oneself during payment acts, both online and in store. Security in payment is the number one concern of the various players involved, and biometric analyses are emerging as the next bulwark against new types of online fraud. The application of strong authentication is likely to accelerate this adoption.
The reliability of the biometric solutions discussed in this article logically make them a favorite. The challenge for merchants and payment players alike will be to make this transition smoothly. Changing a population’s consumption habits is far from easy, and it will be necessary to take the time to inform and raise awareness before launching these biometric programs on a large scale. Nevertheless, it remains undeniable that for security and technological reasons, biometrics is the future of authentication.