Fred Martinez at Gemalto explains why fears around biometric EMV cards are misplaced

Customer is paying with contactless credit card in shop.

When we consider our everyday use of facial recognition and fingerprint scanning, we’d be forgiven for thinking about a distant future containing flying cars and robots. While the realm of flying vehicles may still be some time away, the reality is that biometric technology is here now, and we are already very accustomed to using it. Over the last 20 years, we’ve been scanning our prints and faces at border control, using our fingerprint to gain access to buildings at work and been taking advantage of Apple’s Touch ID and Face ID features. It’s been embedded into our lives whether we’ve realised it or not.

The robust alternative to your PIN

Now, it’s being introduced to the banking and payments sphere through the development of biometric EMV cards. These cards remove the need for a traditional PIN number as we see it replaced with an embedded fingerprint scanner. In order to pay for goods, customers simply place their fingerprint on the sensor on the card’s surface. Then, if the fingerprint stored in the card matches the user trying to make a payment, the transaction is authorised. If, for any reason, the fingerprint does not register, the PIN code is available as a back-up option.

While this has obvious benefits from a convenience point of view, removing the need to remember PIN codes or limits on contactless transactions for example, it has naturally introduced fresh security concerns. Much like when online banking and credit cards were introduced, we as a society are hesitant to trust changes to the way we handle money. In fact, our recent survey shows 88 percent of British consumers saying for them to replace their current card, the new one would need to be more secure, with 68 percent saying it has to be easy to use and 60 percent that it has to simplify their life.

But these cards are the future, revolutionising the way we pay by making our transactions much safer and more convenient.

In an environment where cyber breaches of credit cards can happen, such as last year’s Equifax attack, it’s natural to be concerned about changes to our personal data. However, the fingerprint on biometric EMV cards is not stored on a central database and is therefore not susceptible to data breaches where PIN and passwords can be retrieved. Customers’ fingerprint data is only stored on the card itself and so cannot be accessed by hacking into servers.

Dispelling the myths

From the outset, biometric EMV cards have security built into the design. This is the easiest way to ensure that these banking cards will be able to protect consumers against the banking and cyber threats of the 21st century.

The most common myth is that the fingerprint reader is no more secure than the PIN because it can be easily duplicated. But this is entirely false. The advanced solution within the card cannot be fooled by a 2D of your print. Moreover, the technology which is used to build the scanner will only evolve and strengthen over time. As the technology improves, so will the readings of the fingerprints, enabling a clearer, more detailed capture that could even include the individual’s pores on the skin’s surface, making the solution resistant to attacks including very sophisticated ones. The card can also be cancelled remotely by a bank, just like a normal debit or credit card.

Another myth which often causes concern is that having your fingerprint registered to your card is another way for the government to spy on you. However, as there is no central data base, the customer’s data is only ever securely stored inside the card. It’s not shared with anyone else.

Fears that a hacker could still gain access and compromise the data inside the chip despite there being no database are also misplaced. The chip’s high-level encryption ensures that the card can withstand robust attempts to access its data. While any concerns that a change in fingerprint or if the print is dirty or wet could prevent the card from working would also be mistaken. The card’s reader is designed not to be affected by changes to your print. Moreover, if for any reason the print is not accepted at the point of sale, the card accepts a PIN code as a secondary form of ID verification.

Ultimately, biometric EMV cards are the future of consumer payments, providing easy, convenient, reliable and secure payment transactions. The technology behind the EMV card is not static, it’s only going to evolve to become stronger and more secure. When you consider what consumers want – security, convenience, something that simplifies your life – the biometric EMV card ultimately ticks all the boxes.

Author: Fred Martinez, Director, Biometrics & Advanced Payments, GemaltoFred Martinez