Connect with us


Biometric payment card FAQs with Michel Roig, Fingerprints’ President of Payments & Access



We sat down with Michel Roig to answer your frequently asked questions regarding biometric payment cards – their benefits, current market status, and future adoption.

Michel joined Fingerprints in 2016. Since then, he’s played a central role in managing the company’s diversification into new sectors, launching and expanding our smartcard portfolio, the payments and access strategy, and powering its strong position in the payments ecosystem.

  1. What value does biometric payment card technology bring to banks and consumers?

There are several benefits inspiring the adoption of our technology, starting with regulatory compliance and enhanced security. The recently imposed Strong Customer Authentication (SCA) under the Second Payment Services Directive (PSD2) requires banks to perform more checks to confirm the identity of a consumer at the checkout. Consumers must now take additional steps to authenticate themselves for certain transactions, such as those of a specific value or after every five transactions, to limit potential fraud use.

Consumers can authenticate themselves by using their PIN, however, biometrics can streamline this process. Using their unique physical characteristics to pay essentially guarantees a consumer’s identity, so they can make SCA-compliant payments of any value that effectively reset the transaction counter every time they pay. This kind of strong authentication has the potential to drastically reduce various types of fraud (and all associated costs), and it provides added convenience for consumers since they may never have to use their PIN again.

Adding biometrics to payment cards also helps issuing banks to bring some needed energy to their cards, helping them promote their brand and build consumer loyalty whenever it’s taken out to pay. This brand exposure is not as strong with other payment methods, such as mobile payments where the card is hidden inside the phone. Given the innovative nature of biometric payment cards right now, it also shows that the bank is leading the curve – not falling behind it.

Finally, thanks to smartphones, consumers are now used to authenticating with a ‘touch’ and actively want to use biometrics in their everyday lives. By capitalizing on this trend for physical cards, banks have a timely customer acquisition and retention tool. A study we recently ran found that 62% of consumers would switch banks to obtain a biometric payment card, indicating a high consumer demand for the security and convenience these cards provide.

  1. What is your best advice to banks which may be considering launching a biometric payment card?

This might not be surprising… but my advice would be not to wait. At the time of writing, we’ve conducted 24 pilot tests and eight commercial launches. We’re now in the second generation of cards, and we’ve repeatedly met the increasingly stringent certification requirements from the card schemes. Essentially, the technology is out there and starting to add value for your competitors. Don’t wait until your cardholders begin to turn elsewhere.

Since we also found that 43% of consumers are willing to pay to get hold of a biometric payment card, banks can use them as a new revenue stream and expect a return on investment when offered as a value-add or premium service to cardholders.

  1. What are the lingering concerns or misconceptions from issuing banks?

As with all new technology, there are apprehensions with being an early adopter. One question that banks often ask is: “Where is a consumer’s biometric data is stored?”. Are images of fingerprints stored in the cloud or on-prem by the issuer, creating a privacy and compliance nightmare? The answer is no! The card doesn’t store an image of your finger. When you enrol, a template is saved and stored securely as encrypted data on the card and never leaves it.

I was also recently in the Middle East and someone asked me whether the card would break if it was kept in their back pocket as they sat down for a coffee. Fingerprints has run rigorous testing to ensure the card’s biometric sensor can endure the same wear and tear as a normal card. This is an industry requirement, in fact. Our sensors have also achieved Mastercard and Visa certification – a process that ensures the sensor is robust, scratchproof, and doesn’t dislodge during the life of the card.

Card scheme certification also requires strict anti-spoof measures. These make the attack vector so small that the effort and cost required to hack one card is pointless for fraudsters. All of this comes together to make the biometric payment card much more secure than a card which only has a PIN for security.

Another common apprehension surrounds the cost of the technology. Cost of sensors has come down dramatically in the last few years, and this cost will reduce further as deployment volumes increase over time.

  1. What have been some of Fingerprints’ key accomplishments over the past year?

Earlier in the year, we were pleased to see Fingerprints’ second-generation T-Shape® sensor module and software platform for biometric payment cards achieve compliance with Mastercard’s new Fingerprint Sensor Evaluation Process. This technology enables cost-effective biometric payment cards to be produced and integrated using standard manufacturing processes. Having passed the previous specifications last year, we proactively secured this updated approval to simplify the process for card manufacturers to launch the next generation of biometric payment cards.

As mentioned earlier, we’ve supported a number of commercial launches and have several other banks in pilot testing right now. In January 2021, we also proudly announced a large-scale commercial launch with BNP Paribas in France. This was widely published with commercials running on French TV and cinemas.

  1. What’s next for Fingerprints?

Interest in biometric payment cards has been piqued, with the market now burgeoning. As a result, we expect many more launches this year, including the first Fintech companies. We’re also excited by activity brewing beyond our current key markets – Europe, Mexico, and the Middle East – with launches recently announced in Africa and India.

Following on from our latest compliance with Mastercard’s Fingerprint Sensor Evaluation Process, more card level certifications will be announced by our manufacturing partners as these are secured throughout this year. More partnerships will also come, adding to the already announced partnerships with Thales, G&D, Infineon, and STMicroelectronics.

Along with this, we’ll be working more intensively with partners to ensure a shorter time-to-market, lower barriers to entry, and easier integration time – either direct or through partnership. This is supported by our latest Mastercard compliance which is an important milestone for the deployment of biometric payment cards at scale.


GDPR: data security four years on




Bruce Penson, the managing director of cyber security and IT support company Pro Drive IT, outlines how GDPR has changed in the UK since the Data Protection Act of 2018.

If you work with data in any shape or form, you should be familiar with GDPR: the General Data Protection Regulation.

GDPR is a framework in European Union (EU) law designed to standardise data privacy laws across EU member countries in Europe, regulating how businesses share information and improving protection for consumers. This mutually agreed legislation came into play in 2018 to replace previous data protection rules across the continent, which had existed long before data was created and shared at the scale it is today.

On the same day in 2018, the UK government published a new Data Protection Act (DPA) — a legal framework governing personal data and the flow of information in the United Kingdom. Like the EU GDPR, this law updated the existing Data Protection Act of 1998 and came into effect on 28 May 2018.

Much has changed since these frameworks were first announced, and the guidance for data protection has evolved as a result. Consequently, even if your business was compliant when the GDPR legislation was first published, that doesn’t mean that it still is today.

So, how have the rules changed, and what must businesses do to ensure they aren’t falling short of the mark?

What’s the purpose of GDPR?

According to GDPR laws, all organisations that process personal data must comply with data protection legislation, regardless of their size.

Simply put, personal information is any information that someone could use to identify a living person, including names, email and home addresses, identification numbers and IP addresses.

GDPR and the DPA 2018 state that organisations must have a clear purpose for collecting personal information and allow individuals to review, amend or challenge data processing practices. Furthermore, businesses must implement appropriate security measures to mitigate against cyber attacks and data misuse and disclose any security incidents involving customer data.

The size of a business will determine the extent of its GDPR obligations. The Information Commissioner’s Office (ICO), responsible for upholding information rights in the public interest, may grant exemptions case-by-case. Exemption from GDPR is dependent on a company’s ability to prove that compliance with UK GDPR will prevent, seriously impair or prejudice the achievement of processing purposes. However, businesses shouldn’t routinely rely on exemptions.

Failure to comply with GDPR can increase a company’s risk of experiencing a data breach and the reputational and financial damage that follows. What’s more, it can lead to hefty compliance fines. So, it’s in business leaders’ best interest to ensure they achieve and retain GDPR compliance for their organisation.

How has GDPR changed since 2018?

In the context of data protection, one of the most significant events that have occurred since the original legislation was released is the United Kingdom leaving the EU.

The DPA 2018 incorporated EU GDPR and passed before Brexit legislation came into effect. As the DPA 2018 was constructed and intended to be read alongside the EU GDPR, which no longer has domestic application here, it’s since been adjusted to reflect the post-Brexit changes to domestic data privacy laws.

The amended ‘UK GDPR’ and DPA 2018 apply to UK organisations that store, collect or process personal data pertaining to individuals residing in the UK and to non-UK organisations that offer goods or services to UK residents. Alternatively, the EU GDPR only applies to organisations and individuals living in or trading with countries in the EU.

Overall, the fundamental principles, rights and obligations associated with GDPR haven’t changed. However, some differences between the UK and EU GDPR have already impacted businesses — or are likely to soon.

The government’s 2021 data strategy consultation, ‘Data: A new direction’, outlined aims to simplify policies from the EU GDPR, reducing regulatory burdens on businesses and incentivising organisations to invest more effectively in data protection. These proposals suggest changes to data protection recommendations for accountability frameworks, artificial intelligence and machine learning, legitimate interests, direct marketing and more.

The future UK data protection framework will favour a more risk-based approach and permit greater flexibility for businesses. Once implemented, these amendments will influence the way organisations are required to record and assess data privacy.

Why should businesses stay up to date with UK GDPR?

As the needs and demands of the digital world continue to evolve, legislation concerning data protection is constantly changing.

The ICO regularly publishes updated guidance for various data protection applications, as controllers and processors manage ever-increasing volumes of personal information.

For example, the Privacy and Electronic Communications Regulations (PECR), which also sit alongside the DPA 2018 and UK GDPR and give people specific privacy rights concerning electronic communications, were amended six times between 2004 and 2018.

In the EU, the PECR directive was due to be replaced by the ePrivacy Regulation (ePR) in 2018 — an update intended to clarify how website operators should handle the use of cookies and complement GDPR. However, the implementation of this regulation has been delayed and isn’t expected to come into force before 2023.

It’s not yet known whether the UK will fully implement the ePR’s requirements. Still, as UK companies are likely to continue doing business in EU countries, this legislation may impact UK businesses. So, understanding and following UK GDPR and DPA rules are crucial for any business that handles personal data.

For professional services industries such as accountancy, finance and law that regularly deal with large volumes of sensitive data, the risk and cost of a cyber attack are high. Solicitors and accountancy firms are likely to be considered ‘controllers’ of data; they’re responsible for determining how and why personal data is processed.

As such, it’s recommended that businesses seek the advice and support of a GDPR consultant that can make organisations aware of the latest legislation and ensure they are meeting their obligations under new laws.

Continue Reading


PayMe India elevates Vineet Daniel as Chief Technology Officer




Aims to leverage technologies to promote financial inclusion in the country

PayMe India, an RBI registered FinTech organization that offers short-term financial support to salaried employees, has appointed Vineet Daniel as its Chief Technology Officer. Vineet, joined PayMe India as Deputy Product and Technology Officer few months back. In his latest role, he will be working closely with PayMe India’s Founder and CEO, Mahesh Shukla, to define, prioritize and realise the product roadmap of the company.

Vineet comes with an experience of more than 18 years in understanding and managing Information Technology services and Technology across industries such as e-commerce, SaaS, Ed-tech and Publishing among others. Prior to PayMe India, Vineet has worked with companies like BenoSoftware, AiEnable, SendinBlue, HT Media Limited and

At PayMe India he will drive tech innovations, implement emerging technologies that are in alignment with the product vision and roadmap. Besides developing an automations driven culture, Vineet will spearhead the in-house engineering team, contracted development partners, and look at building deeper API integrations for PayMe India’s platform. One of his key responsibilities will be to build a technology leadership team that develops a strong and focused culture and be responsive to the organization’s needs.

Vineet Daniel

Mahesh Shukla, Founder & CEO, PayMe India, said, “Vineet is an outstanding leader and we are confident of him leading our tech strategy to greater heights thereby driving performance, efficiency and effectiveness of engineering and product development. As a CTO he will continue to work towards our mission of making high-quality financial products easily accessible for everyone in the country. ”

According to RBI’s FI-Index, the financial inclusion grew 24% across FY17-21. The major factors behind the growth have been the rise of the FinTech, as the technology has simplified and encouraged digital payments like UPI payments, easy, and quick access to credit over online platforms and finger-touch availability of other financial instruments.

Vineet Daniel, Chief Technology Officer, PayMe India, said, “Technology has played a pivotal role in bringing innovative financial products to the doorstep of the customers; witnessed especially during the pandemic when people experienced the comfort and convenience of touchless payments more than ever. I am excited to join PayMe India and aim to implement new and cutting-edge technologies that will yield competitive advantage and help in driving the organisational vision of end-to-end financial inclusion.”

From the time of its inception, PayMe India has expanded its financial offering portfolio from just small lending to next-generation financial solutions such as digital gold and mutual funds investment, online rent payment via credit card and CIBIL scores among others. In February 2022, the company also launched a new ‘Buy Now-Pay Later’ service called ‘SALT’ that allows users to make a purchase without immediate payment.

Continue Reading



Finance7 hours ago

Hey, Gen Y and Gen Z do you think you can retire comfortably?

By Penelope Gregoriou, technical investment specialist at Alexforbes   Millions of South Africans rely on the money saved in their...

Uncategorized8 hours ago

GDPR: data security four years on

Bruce Penson, the managing director of cyber security and IT support company Pro Drive IT, outlines how GDPR has changed...

Banking8 hours ago

The importance of Customer Experience (CX) for retail banks today

By James Isaacs, President, Cyara   Today’s retail banks face considerable challenges. Open banking initiatives –  that make it easier...

Finance8 hours ago

Getting ready for VAT digitisation: automation is key

Christiaan Van Der Valk, Vice President for Strategy and Regulatory at Sovos, says technology will power real strategic success for...

Banking8 hours ago

Challenging the challenger: Why the digital transformation of traditional banking is key for competing with challenger banks

By Sam Schofield, Senior Vice President: Global Enterprise at Udacity   Monzo and Revolut are only seven years old. Starling,...

Wealth Management9 hours ago

Green with Envy – an Environmentally Conscious Data Center

Mark Fenton, Product Manager, Future Facilities   Environmental considerations are at the top of every business leader’s agenda and an...

Technology9 hours ago

How Digital Adoption Platforms can enhance digital transformation and customer experience in the insurance industry

By Vara Kumar, CPTO & Co-founder, Whatfix   Like many industries, the insurance sector was prematurely hastened towards digitalisation due...

Business17 hours ago

Why do Traders Need a Managed Service Partner?

Jeff Mezger, Vice President of Product Management, Financial Markets, TNS   Does your financial institution have the understanding, resources, talent...

Business18 hours ago

The FCA will take immediate action on customer vulnerability; here’s how firms can prepare.

Author: Jonathan Barrett, CEO and Co-Founder at Comentis   Identifying and supporting vulnerable clients has become a priority for financial...

The Green Revolution In Investing - Sustainable Investing The Green Revolution In Investing - Sustainable Investing
Business1 day ago

How fintech is key to empowering climate action

Attributed to: Rory Spurway, CEO & Founder of CarbonPay   As human activity continues to have a significant impact on...

News2 days ago

Fractional NFTs- A Positive Impact on the Market

Non-Fungible Tokens (NFTs) have been making headlines for quite some time now. The phenomenon is getting a lot of attention...

Technology2 days ago

Are cyber insurance and incident response budgets the same thing?

Dominic Trott, head of strategy – UK, Orange Cyberdefense   Cyberattacks on businesses increased by 13% in 2021 compared to...

Business2 days ago

Ticketing modernization: the key success factors for an outstanding deployment

Arnaud Depaigne, Product Manager, Smart mobility, Fime   Technology has transformed the way we pay, and transport ticketing has been...

Finance2 days ago

How to increase the growth of crypto apps in a challenging market environment

By Alexandre Pham, Vice President, EMEA at Adjust   Crypto and digital assets became one of the hottest tech topics...

Business3 days ago

Businesses must adapt to meet customers’ evolving payment needs

Nathan Shinn, Founder and Chief Strategy Officer, BillingPlatform   From the lingering impact of the COVID-19 pandemic, through to the...

Banking4 days ago

Carbon Neutral and Net Zero: The New Disrupter-in-Chief

Authored by Jason Matteson, Director of Product Strategy, Iceotope   When we think of market disruptors we typically think of...

Business4 days ago

Balancing risk management with a seamless customer experience

By Andrew Davies, VP, Global Market Strategy, Financial Crime Risk Management, Fiserv   For quite some time, measures to mitigate...

Business4 days ago

The need for blockchain to be interoperable and why it matters

By Kai Waehner, Field CTO and Global Technology Advisor at Confluent   In mid-2022, it would be fair to say that...

Interviews4 days ago

How MFA can protect the financial sector from the unprotectable

The financial sector has long been a primary target for threat actors. However, the unique infrastructure of core financial systems...

Business5 days ago

Why a three-step framework can help financial advisers support their most vulnerable customers.

Author: Tim Farmer, Co-founder and Clinical Director at Comentis   We are witnessing a vulnerability epidemic. With the Financial Conduct...