Mastercard: Biometric payments to take centre stage under PSD2

Mastercard: Biometric payments to take centre stage under PSD2

Mastercard is forecasting a bright future for biometric technology, as new rules on strong customer authentication under PSD2 come into force across Europe.

The European rules aim to tackle online fraud, by increasing the number of transactions subject to two factors of authentication by the payer. While in-store transactions using Chip and PIN technology already comply, the biggest impact will be felt in online shopping, where consumers are already overwhelmed by password fatigue.

With regards to card payments, currently just one-to-two per cent of online transactions require cardholder authentication to complete a transaction, but this is set to rise to up to 25% from next autumn, says Mastercard.

Ajay Bhalla, president global enterprise risk and security, Mastercard points to the card scheme's implementation of selfie payments and fingerprint cards, alongside changing consumer attitudes, as scene setters for a biometric futures.

“The use of passwords to authenticate someone is woefully outdated, with consumers forgetting them and retailers facing abandoned shopping baskets," he says. "In payments technology this is something we’re closing in on as we move from cash to card, password to thumbprint, and beyond to innovative technologies such as artificial intelligence. It’s far easier to authenticate with a thumbprint or a selfie, and it’s safer too.”

Comments: (4)

Philip Andreae
Philip Andreae - PA&A - Sea Island, Ga 05 July, 2018, 15:12Be the first to give this comment the thumbs up 0 likes

One wonders how this use of Biometrics is to be implemented.  Will it be based on a central register of the persons face - allowing any phone with a camera to be used for authentication?  Are we simply storing passwords in a vault on the device, unlocked with the devices biometric sensor?  Are we thinking about an out of band (different channel) solution? Or, are we planning to exploit international standards like FIDO & WebAuthN?

Eli Talmor
Eli Talmor - ID-Bound - Haifa 06 July, 2018, 07:43Be the first to give this comment the thumbs up 0 likes

If 25% of online transaction will require consumer and payment authentication then the real question one must ask how many of them will result in cart abandonment for any of the following reasons:

1. False Rejection

2. Too lengthy authentication process.

In addition- the problem of scaling up from benchmark trials to All-European deployment is far from being trivial. For example:

1. Luke Olbrich, the head of core payments for PayPal Europe, said he had seen the pitfalls of overly intricate or burdensome authentication controls when attempting to introduce a new security protocol, 3D Secure, in 2015. During trials, average authentication failure rates across Europe reached around 60% — the normal figure, he said, would be around 5 % :“I finally said pull the plug, we have to stop this,” .

2.facial recognition with 98 percent false positive rate:

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 06 July, 2018, 09:34Be the first to give this comment the thumbs up 0 likes

Online payments in India have been subject to 2FA for several years now. In the early days, the failure rate used to be as high as 70%. Now, according to a recent article in ET SUNDAY, it has come down to around 35%. I'm not sure if this figure includes what I call "premature failures", which are abandonments caused by consumers who are too daunted by the huge number of moving parts to even attempt the payment in the first place.

Philip Andreae
Philip Andreae - PA&A - Sea Island, Ga 06 July, 2018, 15:15Be the first to give this comment the thumbs up 0 likes

Totally agree with everyone's comment.  the kley will comne down to a few acronyms FAR > FRR > PAD and two key words Convenience and Security.  Measuring and understanding the risk of the transaction therefore is the key to what is an acceptable level of friction.