Since Apple introduced Touch ID in 2013 the world has embraced fingerprints as a form of identification and authentication. The convenience and security afforded by the technology has led to its rapid adoption and now almost every smartphone has a sensor. Soon it will be present on your bank card too.
In January 2018 Gemalto introduced its first EMV payment card with fingerprint biometrics. It allows you to pay with a simple touch on the point-of-sale terminal with no need to enter a PIN code. This works both for contactless and when you have to insert your card. Plus, there are no limits on your spending when paying by contactless.
This video explains more about the card:
Because it’s a new technology, there are understandably questions about whether it is secure and reliable. So, we’re here to help put any concerns you may have read, or thought about, to rest. And if you have any other questions, leave us a comment and we’ll be sure to respond!
Myth 1: Your fingerprint can be easily duplicated
The new biometric card cannot be fooled by a 2D replication of your fingerprint. So even if someone has the outlines of your fingerprints, scanned from a glass or something you would have touched and printed out, the card will not register it as authentic. Even though in spy films it seems easy to fool the sensors, in the real world it is difficult to make an effective 3D copy of your fingerprint.
Myth 2: My fingerprint data will be shared with others
You will register your fingerprint data at your bank or at home when you sign up for the card. This is to confirm you are who you say you are. The fingerprint information is securely captured onto your card and no biometric information remains on the tablet/ PC where you registered it, nor is sent to any server of the bank. Your fingerprint is never shared with any party when you make a payment, but only remains with the cardholder, stored inside the Biometric Sensor Payment card.
Myth 3: I’ll have to charge my card to power the fingerprint scanner
Actually, the science here is pretty cool. The electromagnetic field made by the payment terminal provides all the power the card needs to make the fingerprint feature work.
Myth 4: It’s another way for the government to spy on us
Using your fingerprint is simply a more convenient way to pay. Plus, it makes it less likely to be a victim of fraud as you have to be there to authenticate the payment. No sensitive personal data is ever shared with anyone when you use the card. Your biometrics data only remains with you, securely stored inside the biometric fingerprint card.
Myth 5: An attacker could just chop off your finger and use the card
Biometric sensors and verification algorithms are rapidly evolving to avoid this kind of risk. In addition, the card can be blocked in a few minutes by calling your bank immediately, so there’s no point in imagining such an extreme scenario.
Myth 6: An attacker can get hold of the biometric data stored on my card
All fingerprint data is encrypted in such a way that even if the bad guys had the files, there is no way they would be able to access them.
Myth 7: My fingerprints change all the time because of my job, it won’t work for me
The new card has a dynamic solution that regularly updates the fingerprint template stored in the card. So, it can map the changes in your fingerprint. Also, you can register a second fingerprint in case the first fails. If in addition your finger is not recognized for any reason, there’s always the possibility to present the PIN code (or signature) as a fallback mechanism in order to be able to pay in all kind of situations.
Myth 8: It is useless for people that have to pay for other people’s goods
All the new biometric cards still have the PIN option, so if you don’t want to use the fingerprint, you can pay using the usual chip-and-PIN method or signature
Myth 9: Shops have to replace all their payment terminals and will incur the roll-out costs too
The new fingerprint EMV cards work with all existing terminals, so as a customer there is no need to worry about whether your purchase will go through. And there are no roll-out costs for merchants either.
Myth 10: The fingerprint scanner should be on the terminal, not the card, as that would be easier
This would require that all the terminals are upgraded which would be both timely and costly. Furthermore, the acceptance of the cards wouldn’t be homogeneous and would create different experiences for both the users of the cards and the bank.
I hope you’ve found this useful. If you have any questions about any of the above, or would like to ask us something we didn’t cover, please get in touch with us in the comment section below or tweet us @Gemalto.
The post Busting myths around biometric debit and credit cards appeared first on Cybersecurity Insiders.
August 05, 2018 at 09:10PM
0 comments:
Post a Comment