Is this the end of the PIN code and password?
This is a guest post by Xavier Larduinat, Head of Banking and Payment Innovation at Gemalto.
We’ve all struggled to remember complicated passwords when trying to access an online bank account, or forgotten a PIN number while making a payment in the past. We’ve come to accept it as a necessary inconvenience that helps to keep us safe – but wouldn’t life be so much easier if we didn’t have to use them?
With huge strides being made in biometric technologies, the end of the PIN and password could soon be a reality. While fingerprint authentication has become the norm as a way to access our phones, it could soon be the way in which we pay for goods as well. In just a few years from now, biometrics are likely to make PIN numbers, as a way of authenticating card payments, obsolete – making for a much more convenient, user-friendly customer experience.
The uptake of contactless cards worldwide is a great demonstration of consumers’ demand for convenience. But at the moment, contactless payments are restricted to a certain level of transaction – in the UK they can only be used when spending up to £30. If you want to pay for something slightly more expensive, you still need to use your PIN. But what if there was a card which you could pay with for transactions of any value, without having to use a PIN at all?
Authentication vs identification
The development of EMV cards with embedded fingerprint authentication holds the key to this. They promise not just convenience, but also extremely high levels of security. Biometrics being used in the development of bank cards is a direct result of the mainstream adoption of biometrics on smartphones; we’ve become accustomed to using our fingerprint as a means of identification. This means it’s only a small jump to begin using them for authentication as well.
This new breed of payments cards brings with them a new type of authentication – the “What I Am” authentication factor. For example, when using an EMV banking card, the use of the PIN code authenticates, but does not identify the cardholder – since the 4-digit PIN may have also been shared by the genuine user with other people. In contrast, “What I Am” uses factors like biometrics in order to determine the user’s true identity. This provides greater security as there is no easy way you can share your biometric characteristics with someone else; they are unique to the individual.
While there are numerous benefits to EMV cards being fitted with biometric sensors, from added security to consumer experience, the development is not without challenges. It’s imperative that consumers have the same, if not a better, experience as when using a contactless card, and they need to be as durable as a normal bank card. This means that a biometric card needs to have a lifespan of three to five years, and needs to continue working throughout that period. Otherwise, consumer would need to constantly request new ones, which would be an added hassle.
Privacy and security must also be absolutely watertight, since any breach would be critical in terms of mainstream adoption. It will be imperative that all customer data is stored securely, and that banks are thinking about how to obtain, register and store fingerprint information. However, as long as the right security procedures are in place, we expect biometric cards to take off in the UK; they are the logical next step in payments and banking technology.
Looking to the future
The combination of biometrics and contactless could bring the ultimate payment experience to stores, for consumers and retailers alike. Biometrics for the EMV card go far beyond convenience as it does for mobile. It brings the final touch that is needed to migrate the entire card experience to contactless, regardless of the payment amount. We’re likely to see biometric authenticated cards piloted in 2018, deployed in 2019, and then followed by cards being converted to biometrics in large volumes thereafter. They may be second nature to us now, but in a few years PIN codes will seem incredibly outdated. Biometrics is the natural next step – and using a fingerprint is the easiest, and most seamless method for the consumer.
But fingerprint authentication in payments is just the start. It’s the first step towards a truly zero interface experience in which our fingerprint, voice, face and even behaviour contributes to a biometric matrix of authentication which makes for a completely seamless and highly secure experience. And not just in payments, but in other areas of our lives – from accessing our bank accounts to even driving our cars. When we reach that point, we’ll look back at these days of PIN codes and password and wonder how we ever remembered them.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.