18 August 2017

Rik Coeckelbergs

Rik Coeckelbergs - Clear2Pay

10Posts 44,361Views 6Comments
Innovation in Financial Services

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

Biometric Payments for Dummies

03 May 2010  |  5827 views  |  3

Biometric Payments is in fact not a new technology, it has been in the payments market for years and years already! No worries people, it blew my mind as well after some documentation struggling. With this post I hope to give you all an overview of what I am talking about.

For those who are not familiar with biometric payments, I hope this gives you the understanding to be able to discuss this topic with collegues. And for those who are familiar with it, please correct me where I am wrong or complete the discussion with your experiences or knowledge.
 

What is biometrics?

In my first blog I gave a definition of biometric payments, but in this post I would like to go a little deeper, starting with a definition of Biometrics.

Biometrics is “the study of unchanging measurable biological characteristics that are unique to each individual- such as fingerprints or irises. Biometrics can be implemented by: companies, governments, military, border control, hospitals, bank etc. To either verify a person’s identity for something or to identify individuals to record information about them such as with criminals, for example”.

Of course not all of these biometric options are to be used for identification, they need to be susceptible the the following characteristics: reliable, unique, collectable, convenient, longevity, universal and acceptable.

The most common solutions are indeed fingerprint and hand readers, iris scanners and voice recognition.

Biometrics will most commonly be used for two purposes:

  • Verification purpose: the system compares the person’s identifty with the captured biometric data.  You identify yourself with a card for example and instead of giving your PIN-code you just give your fingerprint
  •  Indentification purpose: the system recognises you by your biometric id. and you can login for example.

 And biometric payments is...

Now let's go back to the definition I gave in my first post: “a biometric payments is a point of sale (POS) technology that uses biometric authentication to identify the user and authorize the deduction of funds from a bank account. Fingerprint payment, based on fingerscanning, is the most common biometric payment method. Often, the system uses two-factor authentication, in which the finger scan takes the place of the card swipe and the user types in a PIN (personal ID number) as usual.”

Simply said: a consumer pays with the touch of his finger on a fingerprint scanner. This can be compared to a consumer using his credit (or debit) card to make a payment, at least from a customer point of view (the technology behind it could be totally different). However, biometric payment tend to be much faster (Pay-by-Touch and Biopay claimed the end-to-end transaction processing took about  5 to 15 seconds) and much cheaper (because they are treated as an automated clearinghouse debit).

It could also be used as an extra security measure if a bank decides to combine it with a PIN-code at ATMs for example, or a replacement of your whole wallet (ID-cards, credit and debit card maybe even driver's licence, if only technology would be that far). No more worries of loosing your credit cards or bank account info, since it is all collected in one fingerprint!

Biometric payments back to the future

Biometric payments is not a new concept at all. Already in a mid- to late ‘90s the first biometric pilots were launched (that means biometric payments exists almost as long a the commercialized mobile phone!)... The programs failed unfortunately.

The first succesful project was in South Africa in 1996 where fingerprint scanning was implemented on ATMs. From the moment Standard Bank tried to standardise it, fingerprint scanning failed after all.

Bank United tried tried biometric in 2001 using iris scans at ATMs, but an aquisition made an end to that project.

Several projects like that passed the history of biometric payments.

Again, the best business on biometric payments seems be done in developing countries: South Africa, Colombia, Nepal...

In Colombia farmers are paid for their coffee beans on an account, instead of giving them cash. Since people in Colombia are accustomed to using fingerprints (they have it on their ID-card as well) they don’t ask themselve the ‘big-brother-watching’ idea.
South Africa is, in general, one of the most progressive adaptor of biometric, so no wonder also biometric payments are more popular there than elsewhere. As in Colombia this has mainly to do with the fact that they’re comfortable with biometric technology, government was promoting it already in the early ‘90s.

However, it is not only developing countries of course. Let us take  some examples out of the United States: Wal-Mart and Costo for example are investigation whether or not to start with biometric payments. Their biggest motive is probably the lower transaction-processing fees (clients don’t use debit or creditcards anymore), others are a higher security, faster checkout etc...

In the States it seems more common then I expected:  Pay-by-Touch pushed the biometric technology in the market already in the ‘90s. After their bankruptcy other providers took over (like Indivos Inc. for example) with more supermarkets and grocery stores investigation the advantages of biometric payments. Even Shell has been piloting already with the Pay-by-Touch technology.

Next time we go further with this with some thoughts why this might or will not work in Europe (that where I will also take into account all received comments on biometrics so far, like the ones from my last post on Finextra). Why did all those projects fails in the United States? Is there a future with biometric payments, when might we expect this to boom? I am not sure I will be able to find all the answers, so every help is welcome of course.

I just hope to be able to get all the biometric payments together in case one day there are other people like me, interested in biometric payments but not really knowing where to go for all this information.

I hope it was (and will be) as usefull and interesting for you, as it was for me.

TagsSecurityPayments

Comments: (3)

Nick Ogden
Nick Ogden - ClearBank - London | 05 May, 2010, 11:55

In response to Rik's comment, no one has ever claimed that biometrics are 100 per cent even on DNA, as we haven’t all had our biometrics collected and compared. That said the probability of uniqueness when associated with other factors to create a true two factor authentication process gives substantial certainty and in our case the ability to underwrite financially a transaction which is biometrically signed to our standards.

When I guaranteed Internet payments in 2001 the security people expected our rapid demise however that business (Worldpay) still exists today. If you don’t try, you don’t learn, and it's dead easy to think of reasons to wait, however, if you innovate you learn, and  whilst it is not all good news, a lot often is! 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 05 May, 2010, 21:12

Hi Rik,

I urge great caution in respect of biometrics. It sounds like you are at the start of a fresh study of this family of technologies. Good luck with it. So I hope you don't mind if I correct some basic points? This is in the interests of rigor. I find that the biometrics field as a whole lacks rigor ... perhaps because it's all so very sexy. I've seen vendors use filmclips from sci-fi movies in their marketing materials, as if they're case studies. At the same time, most vendors avoid disclosing their full specifications. False Match and False Non Match specs are often missing, and the test conditions are always missing from spec sheets, because there are no standards. Or the best case FMR and FNMR are reported side by side with the dishonest implication that these may be achieved at the same time.

The very basis for biometrics is often misrepresented. The definition you quote says: "biometrics is the study of unchanging measurable biological characteristics that are unique to each individual". There are two problems here.

Firstly, biometrics are not necessarily unique.  For example, there is actually not a lot of evidence that fingerprints are inately unique. Moreover, the way we measure any trait introduces uncertainty.  Look closely at DNA testing.  People speak casually of DNA as a biometric (even though there is no sign of a commercially viable DNA based access system).  But forensic DNA testing doesn't measure the whole genome, only a tiny and statistically representative subset, which leads to the possibility of False Matches.  The inventor of DNA testing Alec Jeffreys was quoted years ago on the risks of the method when large databases are compiled:

Jeffreys estimates the probability of two individuals' DNA profiles matching in the most commonly used tests at between one in a billion or one in a trillion, "which sounds very good indeed until you start thinking about large DNA databases." In a database of 2.5 million people, a one-in-a-billion probability becomes a one-in-400 chance of at least one match.

Secondly, most biological traits do in fact change. For example, fingerprints lose definition as the skin ages, and can be impossible to acquire from the elderly.  In practice, any skin damage changes the fingerprint.  And the voice changes from day to day with colds and fatigue. Understanding this natural variability is critical, because it means any biometric processing system must cope with uncertainty. It means that False Matches are inevitable.  Any biometric system that was so specific that it never ever had a false match would by the same token be so 'fussy' that it would frequently reject genuine users, because of day-to-day variability in the way their traits present.  This is why False Rejects rise as False Detects fall.

In all seriousness, I argue that the word "unique" in biometrics represents false advertising. Even if a certain trait is inherently unique (as the iris seems to be) it does not follow that the trait is detected in exactly the same way every time it is presented. Sensors get dirty, lighting conditions change, there will be simplifying assumptions built into the recognition algorithm and signal processing sub-systems that cause a loss of specificity. Due to equipment variability, biometric error rates can rise dramatically when different vendors' equipment is used for enrolment and presentation. Similarly, error rates for "different day" performance (when some time passes between enrolment and presentation) is often markedly worse than "same day" testing (some finger vein testing shows deterioration by a factor of 100 in different day testing).

If it was really true in any meaningful sense that biometrics are "unique" then we should expect to see False Match rates of precisely 0.00%. But no, False Match performance is always finite -- and sometimes very modest, like 2 or 3% or higher. 

I'm a great believer in the subtle power of language. People need to beware of the optimisim and exageration that are built into the words used to loosely describe biometrics!

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 06 May, 2010, 12:38

Nick wrote "no one has ever claimed that biometrics are 100 per cent".  I'm sorry to be pedantic, but actually almost all biometrics vendors claim exactly that -- implicitly -- when they use the term "unique" to describe how biometrics work.  Biometrics lacks the rigor of conventional cyber security, where practitioners are required to steer clear of words like "guarantee" and "perfect".  It's deeply problematic to describe biometrics as "unique" when they're simply not.  Loose talk sets up false expectations, and it numbs business people so they don't know to ask the tough questions, about False Detects, False Rejects, Fail to Enrol Rate, Different Day error rates, and actual test conditions.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Rik

YouBank, the New Concept I Would Invest in!

15 August 2010  |  5192 views  |  0 comments | recomends Recommends 0 TagsRetail bankingGroupInnovation in Financial Services

Could This be the Holy Grail for Elimitation of Cheques?

12 July 2010  |  3877 views  |  0 comments | recomends Recommends 0 TagsPaymentsRetail bankingGroupInnovation in Financial Services

When Will Payments Innovations Become too Hard to Follow?

03 July 2010  |  2935 views  |  0 comments | recomends Recommends 0 TagsPaymentsRetail bankingGroupInnovation in Financial Services

Where is the Universal Payments Module?

19 June 2010  |  4194 views  |  0 comments | recomends Recommends 0 TagsCardsPaymentsGroupTransaction Banking

HSBC rolls out online video consultations

01 June 2010  |  3822 views  |  0 comments | recomends Recommends 2 TagsRetail bankingGroupInnovation in Financial Services

Rik's profile

job title Management Consultant Payments
location Brussels
member since 2010
Summary profile See full profile »
As a Management Consultant I support Senior Management of Financial Institutions and Financial Departments of Corporates in developing or reviewing a strategy or tactical solutions in their payment bu...

Rik's expertise

Member since 2009
10 posts6 comments
What Rik reads
Rik's blog archive
2010 (10)

Who's commenting on Rik's posts