Discover the history of card payment security and learn how biometrics are increasing the security of card payments
Futuristic advances in payment technology are being deployed across the world. Contactless payments are at the forefront of this trend, but security issues have slowed the adoption of contactless cards and contactless payments via mobiles and wearable devices.
Biometric card payments diminish consumers' fears of transaction security, whether online or in person, and are about to come out of beta testing.
Instead of concentrating on new devices to advance payment security, banks and EMV card providers have chosen to improve existing technology. (EMV is the term for standard credit card chip technology. It originally stood for Europay, Mastercard, and Visa,
the three companies that jointly developed it.) Adding biometric identification to EMV cards alleviates concerns about fraudulent activity while offering greater potential for profit by merchants and banks alike.
Not everyone has a smartphone, and not everyone who does is interested in using it to pay for goods. But there are over
7.1 billion EMV cards, both contact and contactless, in use today, and they're the preferred choice of payment for the majority of consumers.
Contactless payments – where no PIN number or signature is required to complete the sale – have grown in popularity due to their convenience. Thanks to Apple Pay and Google Pay, mobile payments are increasingly common. But a lot of consumers are still wary
of the security of these transactions and how easily credit cards and mobile phones can be stolen – along with the possibility that cardholder information could be intercepted during transactions.
According to a survey by Kantar TNS of 4,000 EMV card users across the UK, the US, India, and China, security concerns are the biggest hurdle when it comes to contactless payments.
Undoubtedly, EMV cards have transformed the way we pay for goods.
The birth of EMV cards
EMV cards have been in use since 1994 across Europe but have only become standard in the US since
2015. As long as banks and merchants comply with EMV global standards by protecting consumer data, any money stolen from consumer accounts will be reimbursed,
though unfortunately it may take a while.
Why use EMV cards?
Eliminating fraud is the main priority of EMV cards. Whether contact or contactless transactions are performed, the level of security increases when users enter a PIN number to perform the transaction or when tokenization is used as an extra measure to conceal
a user’s identity and bank details.
Consumers benefit from a vast decrease in fraud when using EMV cards and no longer need to carry cash around. This has resulted in an increase in cashless transactions across the world.
Thanks to the introduction of EMV cards, secure contactless payments are now a reality. Banks, security companies, and global brands are now providing their own EMV cards. Queueing times have been dramatically reduced, as a quick tap of the card on a POS
reader is all it takes to perform a transaction.
What’s the next step in security measures for contactless payments?
While many consumers are happy with their current system of purchasing, there’s still an air of concern when it comes to details being stolen. With EMV payments, even if information or money is stolen from a cardholder’s account, the cardholder is not held
liable and is always reimbursed. That burden falls on the shoulders of banks and merchants, especially if they don’t provide offline authentication or fail to comply with EMV standards.
To avoid fraudulent activity and increase trust in EMV cards, security issues can easily be addressed with biometric authentication. Biometric cards conform to EMV standards, using typical safety measures like end-to-end encryption along with tokenization.
But they also take security one step further by enhancing the card with a fingerprint-sized biometric sensor. Instead of entering a PIN number when the card is placed on a point of sale (POS) reader – or even having to write your signature on a receipt – all
you have to do is place your finger on the sensor and the transaction will be verified and completed in a fraction of a second.
Faster and more secure means of payment
EMV cards and biometric cards have no visual differences, save for an area that’s highlighted on a biometric card to show where to place your finger. The diameter and length of the cards are the same, as the technology for reading a fingerprint is so small
it fits into current EMV cards easily.
What are the differences between EMV and biometric cards?
The main difference between these cards is the level of security offered to consumers. EMV cards use end-to-end encryption to hide user details and protect data from being stolen. Contactless cards use tokenization for further encryption, while biometric
cards go one step further and include a fingerprint scanner to confirm the identity of users.
An EMV card contains a microchip that stores and protects the user’s information. Communication between the user and merchant takes place during transactions only, making it nearly impossible for hackers to steal data such as bank details and personal cardholder
information. POS readers authenticate the data offline to ensure the card is not counterfeit; then the user inputs a PIN number so cardholder verification can take place. Using cryptography, a unique code is generated to ensure personal details of the cardholder
are never exposed.
Up until recently, this level of security was 99.7% effective, and any attempts at stealing cardholder information were nearly impossible. In the US, counterfeit fraud dropped 76% in just over three years after the adoption of EMV technology.
But as contactless payments have become more popular, extra layers of security have had to be introduced to prevent attempts at stealing cardholder data. Tokenization was introduced for card-not-present (CNP) transactions as a way of further disguising cardholder
and transaction data.
Most EMV card fraud occurs when the primary account number (PAN) details have been intentionally attacked and exposed. Tokenization adds an extra layer of security by replacing the PAN number with an encrypted code. This way, cardholder details are never
transmitted. And even if token details are stolen, each code is unique and cannot be replicated or used again.
Biometric card security
Biometric capabilities on EMV cards bring security features to a new level. Then the transaction can be authorized. Fingerprint reference data is stored directly on the card and can therefore never be stolen, hacked, or replicated.
Keeping merchants happy
For merchants, the main benefit of biometric cards is ensuring no fraud liability can be placed on them, as these cards go above and beyond typical EMV standards. Also, there’s no need to buy new hardware, as POS readers in use today are compatible. Payment
limits can be increased or done away with entirely with biometric cards; even if a card is stolen, no one else can use it.
Increasing consumer satisfaction
From a customer’s point of view, the extra layer of security is key. Anyone who has been the victim of card fraud, which had a global cost of $22.8 billion
in 2016, will have no problem signing up for a new card. Although a small cost may be introduced to cover the manufacturing of these new cards, a one-off fee in return for years-long protection of your bank and personal details is an easy choice.
What may put consumers off is having to visit their bank initially to register their fingerprint. This gets converted into an encrypted digital template to be stored on the card. Most providers at this stage don’t offer an alternative, so uptake may be slow
What’s holding EMV providers back from employing this technology?
Production costs will be incurred, whether they’re passed on to consumers or swallowed by card providers. Instead of the $1 or $2 it takes to create a typical contactless EMV card, biometric cards can reach up to $20. Also, the typical placement of the CVV/CVC
number on the back of EMV cards may need to be moved to allow space for the biometric scanner.
Fingerprint identification has grown in popularity, especially since the introduction of the technology in mobile phones. As online payment services such as Google Pay and Apple Pay grow in popularity, users may simply prefer to use fingerprint identification
on their existing devices.
Soon to come out of test mode
Though biometric cards are still in beta testing, EMV card providers are already implementing biometric transactions in countries including South Africa, Bulgaria, Cyprus, and Mexico.
Since April 2017, Mastercard has been running trials across the world in places like South Africa, but more noticeably in Sofia, Bulgaria. After reviewing extensive feedback from trial participants, they established that:
As testing continues in Cyprus, Visa has teamed up with the Bank of Cyprus and Dutch security company Gemalto and already has tens of thousands of biometric cards running in trials. Gemalto is the world’s first card provider to offer biometric features for
both chip-and-pin and contactless payments. They’ve even taken steps to avoid the hassle of calling your local bank to register by issuing a self-enrollment
sleeve to consumers along with the new card.
The way forward for payment security
With increasing fears of card security and hackers finding new ways to access personal and bank details, a new system is the only way forward. The longer EMV technology is around, the higher the chances are that fraudulent activity will increase.
Biometric cards ensure a higher grade of security for consumers. Banks and EMV card providers have listened to the fears of their customers and are now employing new ways to tighten security. Whether consumers choose biometric bank cards over mobile and
wearable devices with the same technology is yet to be seen. But if recent studies are anything to go by, there’s no doubt biometric cards are on the horizon. It’s time to lead the charge or be left behind.