SecurityMEA speaks with Xavier Larduinat, Head of Banking and Payment Innovation at Gemalto about the security features of its latest EMV card that comes with a biometric fingerprint reader.
Recently you launched your contactless fingerprint biometric EMV card, how does that work and how different is it from its previous versions?
The biometric card includes the latest technology that allows cardholders to authorise transactions by using its built-in fingerprint scanner rather than entering a PIN. The fingerprint is instantly compared with the cardholder’s biometric data safely stored in the card. Whether used in contact or contactless mode, the process is completely intuitive, ensuring a smooth experience.
The card is powered from the POS terminal, eliminating the need for an on-board battery. For added reassurance, the biometric card has the option of conventional PIN-based authentication, as an alternative protection for higher value transactions.
The biometric reference data is securely stored in the chip on the card and all further biometric verifications will be performed locally inside the card. It is very important privacy-wise: the cardholder, once enrolled using a secure tablet at the branch, keep his/her biometric with him/her at all time. There is no biometric central database at the bank.
The biometric sensor is compatible with all other features available on EMV cards such as Dynamic Code Verification or DCV. The ISO size is unchanged so that card can also be used at the ATM like a “normal” card.
What are the key security features? Do you think this will be able to cut down on credit card frauds?
The payment card innovation marries biometric strong authentication and contactless, two of the most powerful forces currently shaping the consumer landscape. The main benefit of this new card is to use fingerprint biometric technology in lieu of a PIN code. This new technology is convenient for the cardholder and means that banks no longer have to put a limit on contactless payments (as opposed to the current low spending limit/ no PIN code required). In addition, for issuers providing social benefits to their cardholder, fingerprint biometrics are a way to identify the cardholder with complete certainty.
With EMV technology at its most recent DDA authentication mechanism, card frauds at the POS and the ATM are declining to levels close to zero. All the fraud now concentrates on the third usage: the use of card credentials for online payments.
The biometric card brings a great convenience for payment at the POS as fingerprint is used in lieu of a PIN code. It protects the cardholder for eye dropping frauds while at the POS so in that sense, it further strengthens securely for payment at the POS. Entering a PIN code is still required to the cardholder when using a biometric card at the ATM as the card body gets inserted inside the ATM, leaving no access to the fingerprint sensor. Bottom line for ATM cash withdrawals, the biometric card provides the same –very high – security level than a standard EMV card.
For purchases online where the cardholder does enter his/her cards credentials at checkout, the current implementation of biometric EMV card does not impact the user journey and additional security features such as DCV are greatly useful to fight skimming fraud.
Why do you think users should adopt this EMV Card and what extra benefit can they derive out of it?
It’s much simpler and faster to use for cardholders as there is no PIN code to remember and type on the POS terminal. It’s also more convenient for consumers as they no longer have a limit on the amount of money they can spend using a contactless payment method.
The card can also be used for purchases online and for cash withdrawals at the ATM.
What has been the response so far both regionally and globally?
Biometrics generates a lot of demand as users are getting familiar at using fingerprint or facial recognition with their smartphones. Both banks and consumers are very enthusiastic about biometrics coming to the EMV banking card because it’s convenient, simple and modern. By introducing the biometric card to the MEA region, this may be the beginning of a new era – one that will ultimately spell an end to the need for PINs and passwords.
Many pilot projects are underway and Gemalto has already communicated about two banks launching this new revolutionary product with Gemalto (Bank of Cyprus in Cyprus and Areeba in Lebanon).
Here in the UAE, a recent study released by Visa showed that the majority of consumers prefer biometrics over traditional methods for payments due to the increased convenience and speed it enables.
Which are the major organisations have you tied-up in the region to issue these cards?
There are multiple pilots ongoing, however, Gemalto cannot communicate about those at this point. All of the banks Gemalto has been in contact with have expressed interest in the biometric EMV cards are currently establishing their marketing strategies to prepare for the new technology.
What kind of growth are you expecting from this segment in a year’s time?
The multiple pilot projects that are currently underway will be publicly launched within the next 12 months. Payment schemes are in the process of standardising biometrics as an EMV CVM (Card Verification Method) in the EMV Standards. Compared to the global EMV market of 3.5 billion cards annually, the MEA market volumes will still be moderate in a year’s time. However, the trend is set grow significantly over the long-term and we are confident that the future of EMV payment cards is contactless through biometric technology. These advancements in payment technology will co-exist with multiple new EMV form factors such as Mobile and Wearables.