After two successful trials in South Africa, Mastercard are rolling out a payment card which features a fingerprint sensor. The cards are thought to be the first to include both the digital template of the user’s fingerprint and the sensor required to read their fingerprints at the point of sale.
Security experts have said that while using fingerprints are not foolproof, it is a “sensible” use of biometric technology. All it takes is a glass surface or something similar that a user has touched in the past in order for their fingerprints to be taken. Chances are a criminal would be able to obtain more than one finger print and in theory there can only be 10 possible assigned fingerprints per card which limits your options. But having said that things will be more secure than what we currently have now.
When it comes to web security, we do not see this feature having much of an effect when doing online transactions. But it is definitely a welcome boost for security in general. Using a combination of Chip and PIN, the PIN is the weaker of the two, but the introduction of a fingerprint will eliminate the visual security risk of someone taking a peak at your PIN whether at POS or in a cash machine.
However going back to a possible compromise of your fingerprint, that is something very much in reach and something which has been done before on mobile phone fingerprint scanners where fingerprints have been stolen using a bit of ‘play-dough’. The biometric sensor is the latest in a line of attempted security upgrades for the EMV (Europay, Mastercard, Visa) standard and its competitor, the Payment Card Industry Data Security Standard (PCI DSS), both of which have been criticised.
Moving forward, the good news is stores and retailers don’t need any new hardware because the sensor in the card reads your fingerprint. Since both the data and the scanner exist on the same card, the new payment cards work with existing EMV card terminal infrastructure — the standard chip/swipe readers you can find at many stores these days, though old magnetic stripe-only terminals won’t be compatible.
The bad news is that in order for this technology to be mainstream you maybe required to go to your bank branch in order to have your fingers scanned and registered . Your fingerprints will then be converted into an encrypted digital template that is stored on the card’s EMV chip. Not entirely bad news, but for some its a process where a part of you (your fingerprint) is stored on a database and can be hacked into by hackers. Web security should be fine but we do forecast a link with mobile phones and finger print verification becoming the norm in the near future (such as Samsung Pay).