Biometrics connecting ID and payments through digital wallets, apps and passkeys

Biometrics are connecting with payment credentials, whether through numberless credit cards and banking apps or passkeys, as the concrete steps towards linking digital identity and payment systems shows up as a major theme in the week’s most-read stories on Biometric Update. Mastercard announced it will ditch the familiar credit card number in favor of on-device biometrics and tokenization, while everyone in digital wallets, from the EUDI Wallet Consortium to Fime and Mattr to Apple is looking at how to bring together identity and payments, and Visa arguing for the role of passkeys in a converged digital ID and payments ecosystem.

Top biometrics news of the week

Mastercard is retiring the 16-digit credit card number and replacing it with a combination of tokenization and on-device biometrics to prevent card-not-present fraud following data breaches. The change will happen gradually between the initial rollout announced with Australia’s AMP Bank and 2030. Mastercard has also designated Europe’s longest-named towns as Click to Pay Capitals, as card numbers are not the only piece of data being replaced by tokens.

Digital wallets have already gained substantial traction in certain niches within payments and digital identity, and posts from Fime and Mattr following the publication of a EUDI Wallet Consortium white paper suggest that combining the two functions could improve each. David Birch notes that Apple Pay paved the way for Apple ID, which he argues will soon be the primary use case for Apple Wallet.

Not to be outdone, Visa makes the case for another digital identity technology – passkeys – as the way to secure payments against fraud in a guest post by VP and Global Head of Authentication, Identity and Tap Matt Charpentier for Biometric Update. The FIDO Alliance developed the technology to replace passwords, but they also serve to connect biometrics and payment credentials, Charpentier writes.

U.S. national security authorities, privacy advocates and government IT workers are sounding the alarm over attempts by the administration of President Donald Trump to run the government with AI while slashing oversight. A former employee of a company belonging to Trump’s Silicon Valley advisor Elon Musk has proposed an integration of authentication service Login.gov with other government databases which appears to be illegal.

Add reduced benefits fraud, leading to lower illegal immigration and therefore less support for populists to the arguments advanced by former PM Tony Blair in favor of adopting digital identity. Blair also called for greater government digitalization and for police use of facial recognition to advance beyond trials.

The market reverberations to the UK government’s announcement that it will issue digital wallets and mDLs continue, though at a low volume. The answer to the question posed at the end of Computer Weekly’s insightful assessment – why not use a government ID over one from the private sector – is found earlier in the article, in the description of Gov.uk Verify.

The latest update to the UK’s DIATF registry adds Persona, Konfir, Verify365, Keesing, Gov.uk One Login and others to the list of certified service providers, bringing the total to 55. Kantara and the Age Check Certification Scheme issued the new certificates, while NQA has exited the pilot. OfDIA has also released more details for its planned trust mark.

Aadhaar authentication is coming to India’s private sector, with the release of rules for its use by non-government entities. Businesses will need to request to use Aadhaar, UIDAI will review the request for public interest and compliance with the rules, and MeitY will issue approvals.

Idemia Public Security is supplying facial recognition to a Canadian police force under an $800,000 contract to compare investigative images against mugshots. The contract follows similar deals with two other regional forces last May, and Halton Police say the technology will follow a strict policy similar to theirs.

Atos is in hot water again, with officials investigating the French company’s use of its Russian office to purchase software for the EU’s EES traveler registration scheme. The purchases were made prior to Russia’s invasion of Ukraine, but the office’s operating license grants the country’s security agency access to its work, and whether employees there had the right security clearance to make EES purchases is unclear.

The ISO/IEC 25456 standard for biometric injection attack detection is now in development. FaceTec VP of Global Standards Andrew Hughes provides Biometric Update with a snapshot of the process and how the IT security and biometrics fields are coming together for it in an interview.

Tony Allen of the ACCS sets the stage for the 2025 Global Age Assurance Standards Summit in an interview with Biometric Update. Last year’s event played a significant role in settling the question of whether age verification is technically possible, and this year’s introduces national delegations as the community seeks a consensus on the standards needed.

Please let us know about any interviews, blog posts or other content you see that you think we should share with the people in biometrics and the digital identity community, either in the comments below of through social media.

Article Topics

biometric authentication  |  biometric identification  |  biometrics  |  digital ID  |  digital identity  |  week in review