Mastercard is rolling out a new payment card that includes a fingerprint sensor built right onto the card, a feature that is meant to eliminate the need for a PIN during in-person transactions.
The new card also has a chip embedded in it and it can be used at all of the existing chip-and-PIN terminals. During a transaction, the user would insert the card into the terminal and hold his thumb on the embedded biometric sensor while the terminal reads the chip. Rather than entering a PIN, the user’s print serves as a second factor of authentication. The user’s print is stored on the card and it is compared against the one used during each transaction.
Mastercard already has tested the new card in a pair of trials in South Africa, one with a large supermarket chain and another with a bank. The company plans wider trials this year and is aiming for a full rollout by the end of 2017.
“Whether unlocking a smartphone or shopping online, the fingerprint is helping to deliver additional convenience and security. It’s not something that can be taken or replicated and will help our cardholders get on with their lives knowing their payments are protected,” said Ajay Bhalla, president, enterprise risk and security at Mastercard
The inclusion of a fingerprint sensor on a payment card is just the latest move in what has become a cat-and-mouse game between payment providers and criminals. Fraudsters and other criminals are always looking for ways to circumvent the security and authentication measures put in place by card issuers and payment companies, and in recent years they have moved to online and phone-based fraud to counter the introduction of chip-and-PIN cards. Those cards are designed to thwart card counterfeiting and in-person fraud, as is the new biometric card.
Last year, Mastercard introduced a separate facial-recognition authentication system that allows customers to enroll photos of themselves with the card issuer. Those photos then are used for comparison during transactions and the system is designed to prevent transactions from being declined by mistake if they’re outside of a customer’s normal buying pattern.
The broad use of chip-and-PIN, or EMV, cards has reduced the volume of in-person fraudulent transactions, but the cards are not foolproof. Researchers have developed techniques for bypassing the protections of EMV cards, using man-in-the-middle attacks and other tactics.