Recent advances address biometric payment card security concerns, Fingerprint Cards says in paper
Hacks of biometric payment cards are possible, but recent technology advances make scalable attacks practically impossible, according to an article in the journal Biometric Technology Today written by Fingerprint Cards Director of Product Management Henrik Nilsson.
‘Biometrics – The missing piece of the payment card puzzle?’, available online via ScienceDirect, suggests that beyond false acceptance rates (FARs) of 1 in 20,000, and solving some of the security problems associated with PINs like shoulder-surfing, the security of several risk points in the system has recently been addressed to make the commercial roll-outs like BNP Paribas’ successful. The key to ensuring security is robust, he argues, is to make sure that attacks are ‘one shot’ attempts, rather than scalable hacks.
The risk points identified by Nilsson are the initial image capture stage, during processing, and the matching process itself. He notes seven different possible attacks, including spoof attacks, replay or sensor image manipulation attempts, manipulation of processing and feature extraction, biometric feature replay or manipulation and template injection.
The shift to active capacitive sensors has greatly mitigated the chances of a successful presentation attack, according to the paper. Injection and image replay attacks, which Nilsson considers a major threat vector, consists of a fraudulent device replacing the fingerprint sensor. Cards can be secured against this kind of attack with sensor-image authentication processes.
Attacks against the operation of the biometric software which can lead to ‘side-channel leakage’ of data used to optimize other fraud attempts are mitigated with sophisticated algorithms and by conducting both feature extraction and matching processes within the secure element.
BNP Paribas biometric payment card cost announced
The biometric bank card from BNP Paribas which is planned for commercial roll-out in 2021 will be issued at an annual cost of €24 (roughly US$29), in addition to the €134 ($163) yearly cost of a Visa Premier membership, according to French outlet MoneyVox.
The bank says the contactless payment card, with biometric authentication through a built-in fingerprint sensor, will be available from all bank branches in the second half of 2021. The card utilizes biometric technology from Thales and Fingerprint Cards, and its commercial launch was announced at the beginning of the year after a trial with 15,000 customers.
The card will enable BNP Paribas’ Visa Premier customers to make payments of any amount without entering a four-digit PIN, though the PIN will still be available as a backup authentication method.
MoneyVox notes that the dynamic cryptogram payment card offered by BNP Paribas comes with a €12 ($15) price tag.
Fraud rates for bank cards are roughly 0.01 percent, according to Banque de France statistics, with contactless payment fraud registering a 0.019 percent rate, and 0.17 percent of remote purchases fraudulent.