Connect with us

Technology

FROM CARD ISSUERS TO RETAILERS: HOW BIOMETRIC SMART CARDS BENEFIT THE ENTIRE PAYMENTS ECOSYSTEM

David Orme, Senior Vice President at IDEX Biometrics ASA

 

With the roll-out of biometric fingerprint authentication smart cards, consumers will soon be able to make payments feeling more confident about the heightened security their new cards will offer. However, it’s not just consumers that stand to benefit from this advanced technology. Biometric payment cards will impact the entire ecosystem – from payment networks, smart card and secure Integrated Circuit (IC) vendors, through to biometric sensor manufacturers, retailers and merchants.

To make biometric payments a success though, each participant needs to fulfil its role effectively to ensure the next stage in the process can do the same. Every element of the ecosystem must interact and work seamlessly together, with common development and delivery goals of biometric payment cards driving the market to where it is today.

So, this brings us to the question of how biometric payment cards can benefit each of the key players in the ecosystem.

 

Smart card vendors: The biometric payment card is a high value proposition, which will help card vendors improve margins in a market where traditional payment card Average Selling Prices (ASPs) continue to suffer, resulting in year-on-year heavy ASP degradation.

In addition to payment cards the majority of smart card vendors also have expertise in other areas of biometric applications, for example in government identities, border control and national ID programs. From a security perspective, existing expertise in providing a secure environment from which card data can be stored and securely transacted is a huge bonus, when it comes to ensuring the right biometric payment card support is put in place.

 

Secure IC vendors: This group plays a key role at the beginning of the biometric value chain, supplying the required smart card chipsets used across a variety of applications. In fact, payment cards are one of the largest secure IC markets.

Much like smart card vendors, secure IC vendors are well versed within the payment cards market, with expertise in the supply of payment network-certified solutions that meet the Europay, Mastercard, Visa (EMV) standard. With vendor consolidation rife in the chipset market over the last few years, this presents an opportunity for leading secure IC players to take advantage of the next volume wave.

 

Issuers, banks and financial institutions: In contrast to secure IC vendors, banks, issuers, and financial institutions are at the end of the supply chain – issuing and personalising payment cards to a global customer base. However, the rising wave of fintechs and challenger banks is forcing traditional banks to focus on product and service differentiation as they try to compete against more agile entities and retain brand loyalty.

The biometric payment card is one potential solution for customer retention. Not only does it provide product and brand differentiation, but an improved, secure payment option – which is fast becoming a consumer must-have. In fact, recent research by IDEX Biometrics ASA found that more than three-in-five (63%) UK consumers are worried that their contactless payment cards could be used fraudulently. Notably, nearly half (49%) of consumers state they would actually feel more secure if they were able to use their fingerprint and PIN to authenticate transactions via their payment card. This suggests that consumers would be much more confident about contactless payments if their bank card was protected by biometric authentication, such as a fingerprint scan, and not just a PIN as the verification method.

 

Payment networks: At the centre of the entire ecosystem are the payment networks themselves. They hold a unique position, interacting with all players in the chain. Branded cards make payment networks a household name from a consumer perspective. This, in turn, means they have a central role to play in the development and certification of payment cards and standards to address security. In addition, payments are processed and authenticated over their networks, which means they are liable for any fraudulent transaction.

Consequently, security is of paramount importance to this group. It is in their interest to reduce fraudulent payment activity to lower liability-related costs. This will also help to gain and retain consumer trust, which is imperative to the livelihood of payment networks as they take a cut from all transactions made through them.

 

Retailers and merchants: Retailers and merchants are at the receiving end of the biometric payment card process, as the digital payment authentication technology. The biometric payment card has been designed to work with existing contact and contactless POS terminals, meaning retailers and merchants can reap the rewards without having to upgrade their existing POS infrastructure.

The growth and acceptance of contactless payments has increased these forms of transactions in the last decade. However, the majority of payment networks, have a maximum transaction limit, typically in the £30 range. Adding another level of multi-factor authentication (MFA) to this type of transaction, opens the opportunity to remove these spending caps though. This will help merchants and retailers to provide customers with more convenient and secure shopping experiences for all levels of spend.

For each transaction made via a POS portal, a fee has to be paid by the merchant which is typically split into 3/4 segments, with a proportion going to the payment network including processors, acquirers, and issuing banks. The risk of payment fraud is also added to transaction fees by the payment networks. Improvements to payment card security through innovative biometric means, should translate to lower-risk transactions and in turn, reduce these associated transaction fees, helping merchants improve revenue margins.

To fully realise the true benefits of biometric fingerprint payment cards for everyone in the ecosystem, all players need to support and promote the education of the market. By doing so we are more likely to gain consumer trust and encourage adoption while delivering a safer, more convenient payment experience to the end consumer.

 

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

HOW TO KEEP DIGITAL TRANSFORMATION ON TRACK AFTER THE PANDEMIC

DIGITAL TRANSFORMATION

Ashley Coker, CEO and founder, Slate

 

Introduction

The global coronavirus health emergency has made it abundantly clear how dependent we are on digital services for business continuity and social cohesion. When physical contact must be minimised, digital businesses are in a better position to rapidly adapt and continue their services and respond to customers’ needs.

This is perhaps why Chancellor, Rishi Sunak, was prompted to delay the introduction of IR35 Off-Payroll working rules to the UK private sector until April 2021, as part of his package of measures to support British businesses through the COVID-19 crisis.

While some businesses expressed relief at the delayed introduction of IR35 rules in the private sector, many financial enterprises had already terminated contracts with IT contractors in preparation for the original deadline, with the risk of digital transformation programmes stalling.

 

What is IR35?

Inland Revenue legislation 35 (IR35) is a tax law designed to prevent individuals from using intermediaries, such as their own limited company, in order to avoid paying their fair share of tax and national insurance contributions (NICs). By setting up a limited company, some people were able to leave their employment in a bank on a Friday and return to the same job on a Monday as an IT contractor, with no change in their role, duties, or place of employment. HMRC wants to put a stop to this.

However, with an estimated 170,000 contractors working through their own personal service companies, HMRC has not had the resource to address cases individually and decided to put the onus on the organisations that hire contractors.

From April 2021, the responsibility for assessing whether a contractor is genuinely self-employed (outside of IR35) will fall on every medium and large private sector organisation with a turnover of over £10.2 million, a balance sheet of £5.1 million, and more than 50 employees. This means that every contract will have to be reassessed to decide whether an individual’s work falls inside or outside IR35. Contractors must be provided with a Status Determination Statement (SDS) for each contract that they undertake, confirming the organisation’s assessment of their status for IR35 purposes.”

 

How has the financial sector prepared for IR35?

To avoid the time and resource required to scrutinise thousands of contractor contracts, many financial services organisations took a blanket decision which deems that all contractors are working inside IR35. Several prominent organisations have taken this route and terminated all contracts with contractors who bill for their services via limited companies.

Being deemed to be working inside IR35 has the effect of making hiring organisations liable for paying contractors’ income tax and National Insurance contributions at source, as though they were employees, without contractors benefiting from the sick pay and holiday pay benefits of the organisations’ employees. Tax experts have calculated that working inside IR35 will reduce contractors’ incomes by approximately 25 per cent. This makes projects less attractive to IT contractors who might be working on delivering digital change.

 

How does IR35 affect Digital Transformation?

Prior to the IR35 deadline extension, HSBC, Lloyds bank and Barclays bank were reported to have taken a uniform decision to classify all contractors as working within IR35. It was also reported that Deutsche Bank risked losing 50 out of 53 contractors working in its London-based change management team after taking the decision to cease working with contractors via personal service companies and asking them to join the payroll of a recruitment outsourcing agency used by the bank.

If IT contractors stop working with their financial service industry clients, to avoid falling foul of IR35 after April 2021, this could have a devastating impact on digital transformation projects that depend on the specialist skills of external contractors.

A number of contractors have reported that they plan to seek employment overseas after IR35 comes into force in the private sector, so that they can carry on enjoying the flexibility, job satisfaction and remuneration of working off-payroll. This could result in a brain drain for many sectors, such as banking, which relies heavily on the skills of external IT contractors to deliver digital transformation.

 

Fast track to digital delivery:

While IR35 could pose serious challenges for digital change programmes in the UK financial services sector after April 2021, some CIOs we have spoken to see the contract renewal phase as an opportunity to clear the decks, refocus and keep their best people on the pitch.

Our experience of providing corporates with highly-skilled software engineers who are born problem-solvers, who work in small, capped teams on a 5 in 50 model, has shown that they are often fundamental to getting stalled digital change programmes back on track. These developers work alongside enterprise IT teams, on a Seed, Scale, Succeed process, bringing fresh coding skills and transforming project thinking into product thinking, with continuous delivery of digital service iterations. They are technology specialists who relish the challenge of working on high profile digital journeys, but who do not wish to work as corporate employees and are therefore hard for financial services organisations to hire.

We now have another twelve months to prepare for IR35. In the meantime, as financial services organisations adapt to the demands of the pandemic, this is the time for small, agile teams of problem-solvers to shine.

Continue Reading

Technology

IN CONSUMER BIOMETRICS WE TRUST: AUTHENTICATION FOR THE DATA PRIVACY AGE

AUTHENTICATION

Jonas Andersson, Head of Standardization at Fingerprints

Data privacy is high on the global agenda. In the wake of data protection policies such as Europe’s GDPR, ensuring the integrity of personal data is an increasingly pertinent subject. This is a governmental and corporate policy reflection of the fact that our lives are moving increasingly online and, with it, our personal data is facing new and increased threats.

For all access to private data or services, we must be authenticated – this is the basis of privacy in the online world. But as PINs and passwords are increasingly viewed as insufficient to tackle this new reality, the world is looking to stronger authentication solutions, such as biometrics.

When implemented in the right way, biometrics will bring multiple benefits. It already enabled consumers to add layers of authentication to personal data previously unsecured in their owned devices – from apps and e-commerce, to our homes and devices. But its potential is phenomenal. Consumer-driven authentication via our phones and tablets is already today by far the largest application of biometrics in the world, with figures in the billions that dwarf government-led identification schemes such as India’s Aadhaar and the FBI database.

Crucially though, it’s a privacy and security measure that consumers have the power and choice to implement. And as third parties, such as financial services, healthcare and enterprise organizations, increasingly accept consumer biometrics authentication for their services, supporting the market’s continued adoption is an important and timely topic. But first, as biometrics creates its own sensitive personal data, there are a few points to clarify and discuss…

 

Consumers need confidence!

Undeniably, the success of existing applications of consumer biometrics is based on the advantages they offer consumers. Just look at the penetration and use of fingerprint biometrics in smartphones. But the success of future adoption will be determined by how confident consumers continue to feel in new situations. We’re frequently reminded not to use the same password or PIN multiple times, so it’s only natural consumers are beginning to feel concerned of their biometrics integrity as they start to utilize their fingerprint on multiple devices and apps: their phone, tablet, card, USB dongle…

In fact, consumer device authentication utilizes a ‘privacy by design’ approach that inherently protects end-user biometric data with an on-device authentication approach – where biometric data is enrolled, stored and managed all on the same device. The following principles have been fundamental to biometrics’ privacy protection in mobile and are what will enable new benefits for consumers in other personal device-based scenarios:

Translating images to templates

It’s a common misconception that biometric data, such as fingerprints, are stored as images. And in turn, if this image is accessed, the corresponding fingerprint is permanently compromised and unable to be restored or used securely on other applications. You’ll have heard the argument about biometrics: “I can change my password any time, but I only have ten fingerprints; what happens if they’re all hacked?”

In fact, data from a biometric sensor is captured and stored as a template in binary code – or encrypted 0s and 1s. This mathematical representation makes hacking basically pointless as, even if fraudsters could access the template, they can’t do anything with it. Template code cannot be reverse engineered into the original fingerprint image, nor can it be linked to other services and, in turn, other personal data. Moreover, this template is unique to the device it is on, making it impossible to re-use between devices, even if the same fingerprint has been enrolled!

The consumer is in control

This neatly leads on to my next point regarding storage. In consumer authentication use cases, information remains solely on the unique consumer device on which the template was created, remaining physically in control of the user.

Our recent consumer research found 38% were unwilling to share their biometric data but, with this approach, no data needs to be shared with third parties or cloud-based databases as everything is stored, and the authentication process is contained, within a single personal device.

Layers of security

Layering defense mechanisms is standard best practice for a range of security implementations – biometrics is no different. In addition to the transformation of biometric data into an irreversible template, these templates are also later encrypted and further protected by hardware and software both at rest and during the matching process.

The most successful example of a biometrics use case, the smartphone, utilizes the highly secure software isolation of Trusted Execution Environment (TEE) technology for storage and matching of biometric templates on device. The hardware on which it runs is intrinsically secured through its high degree of integration, complexity, miniaturization and specialization.

This approach is also championed by new use cases such as biometric payment cards. Here, the Secure Element (SE) – the chip technology that secures the financial data in your bank card – is utilized to store, process and match biometric information within the confines of the card. This treats biometric templates with the same security as the PIN and other financial data that is stored on our payment cards.

Removing the weakest link

Nothing is ‘un-hackable’, this is the reality of security. With enough time, money and effort, it’s possible to get into anything. A safe, a bank vault. However, attackers take the path of least resistance, and often it’s the end-user that is the ‘weakest link’ in the security chain when it comes to social engineering attacks.

End-users are vulnerable to attacks, such as phishing, where they can be tricked into giving away information such as a PIN or password. With consumer biometrics, the user only presents their biometrics to their personal device and can’t give anything away. This also removes the risks generated by mistakes or complacency, such as creating a password that’s easily guessed.

 

More authentication = more protection

Biometric authentication can protect a whole host of other sensitive personal data, far more quickly, conveniently and securely than was ever possible with PINs or passwords.

Today however, passwords and PINs remain the most used authentication methods outside of smartphones – something increasingly problematic. The friction created by asking users to create a new password has a significant impact on drop-out rates – especially as new ‘best practice’ guidelines recommend complex requirements such as including numbers, capitals, special characters and length. NIST’s digital identity guidelines outline the importance of usability challenges and stress, fundamentally, “positive user authentication experiences are integral to the success of an organization achieving desired business outcomes.”

6 out of 10 consumers feel they have too many PINs and passwords and worry about forgetting them. Unsurprisingly, 41% also admit to re-using the same PIN code or password across multiple sites, apps and devices. So, not only are PINs and passwords frustrating for consumers, they’re also becoming less secure.

Biometrics can be the authentication silver bullet as it combines security and a convenient UX, with leading fingerprint sensors authenticating in under a second. Its capacity to bring security to devices and processes previously either unsecured, poorly secured, or secured with a poor UX is phenomenal. Mobile is the perfect example of how it has been able to transform a device from being unsecured most of the time, to now only unlocked when in use. And now, just look at how your bank accepts your fingerprint authentication on your phone for access to your account.

With consumer biometrics, its quick and effortless to enroll onto new services and subscriptions. Consumers are happy to authenticate more frequently, because it’s so simple and the action is so intuitive. Plus, you cannot forget your fingerprint…

 

Consumer biometrics: on the agenda

It’s clear that biometrics is key to many organizations’ plans for privacy and security, but don’t just take our word for it. Many industry and government initiatives are moving quickly.

Europe’s GDPR highlighted biometrics as ‘sensitive personal data’ which clearly needs to be protected in the right way. Meanwhile, the benefits and integrity of consumer device biometric authentication were also recognized by Europe’s financial services directive, PSD2, citing biometrics as a trusted factor under its strong customer authentication (SCA) mandates.

Looking to industry bodies, FIDO Alliance is gaining significant traction in formalizing the quality and security of personal authentication with biometrics. Its work is complementing rising initiatives such as Self Sovereign Identity (SSI) models, whereby individuals or organizations are endeavoring to have sole ownership of digital identities and control how this personal data is shared and used. With an owned, FIDO-certified biometrics-secured device, users can add another authentication layer over stored digital identifiers.

For several years, we’ve also participated in industry body GlobalPlatform’s work to verify and standardize the quality of security protection on TEE. The biometric API extension defines security protections specifically around biometrics and is highly referenced in mobile implementations, and increasingly in new devices such as key fobs and home security devices too. With the dawn of the biometric payment card, we’re also supporting GlobalPlatform to define an SE specification for biometric cards.

The combination of government and industry engagement is setting the scene for so much more to be achieved with consumer authentication using biometrics. Undoubtedly, biometrics’ role in an increasingly data-conscious world has only just begun to take shape, and excitingly, it’s consumers who have the power at their fingertips – quite literally!

 

Continue Reading

Magazine

Partner Events

Trending

SOFTWARE SOFTWARE
Business19 hours ago

MAKING THE (ENTERPRISE) GRADE IN LOW-CODE SOFTWARE

By Willem van Enter, Vice President EMEA, OutSystems   We all use software applications every day, all the time. That...

INSURANCE INSURANCE
Top Stories19 hours ago

IS PRIVATE PLACEMENT LIFE INSURANCE THE PERFECT PRODUCT FOR GLOBAL HNW FAMILIES

By Louis Zuckerbraun, Managing Director, GMG Insurance    Everyone wants to know that their family will be okay after they...

FINTECH FINTECH
Top Stories19 hours ago

FINTECH IN AFRICA: WHY THIS MUSTN’T BE A DECADE OF WASTED POTENTIAL

Albert Maasland, Chief Executive Officer at Crown Agents Bank  The current COVID-19 pandemic is an unprecedented crisis of our times....

CLAIMS CLAIMS
News19 hours ago

NEW TECHNOLOGY PLATFORM REDUCES CLAIMS PROCESS FROM WEEKS TO MINUTES

New platform has potential to cut fraudulent claims by almost half Decrease claims costs by as much as two thirds...

CORONAVIRUS CORONAVIRUS
Business19 hours ago

CORONAVIRUS: FURLOUGHED WORKERS AND WHAT IT MEANS FOR BUSINESS

by Tina Chander, Wright Hassall   c All businesses with a PAYE scheme in place on 28 February 2020, regardless of size...

CAR INSURANCE CAR INSURANCE
Wealth Management19 hours ago

FIVE THINGS YOU’RE DOING THAT ARE INVALIDATING YOUR CAR INSURANCE

Car insurance is a legal requirement for motorists, but many drivers may be unknowingly voiding their policy. Failing to update...

CORONAVIRUS CORONAVIRUS
News19 hours ago

CORONAVIRUS PANDEMIC, STORE CLOSURES, SHIFT CONSUMER BUYING BEHAVIOUR LEADING TO ACCELERATED DIGITAL TRANSFORMATION FOR MERCHANTS

Forter Issues First In A Monthly Series of Coronavirus Special Reports  Forter, the leader in e-commerce fraud prevention, today announced...

FINANCIAL FINANCIAL
News20 hours ago

BTON FINANCIAL PARTNERS WITH GENESIS TO AUTOMATE TRADING FOR ASSET MANAGERS

BTON Financial, the independent outsourced dealing desk for asset managers and genesis, the Low Code Application Platform for Capital Markets,...

DIGITAL TRANSFORMATION DIGITAL TRANSFORMATION
Technology2 days ago

HOW TO KEEP DIGITAL TRANSFORMATION ON TRACK AFTER THE PANDEMIC

Ashley Coker, CEO and founder, Slate   Introduction The global coronavirus health emergency has made it abundantly clear how dependent...

DIGITAL BANKING DIGITAL BANKING
Banking2 days ago

THE FUTURE OF CUSTOMER EXPERIENCE IN DIGITAL BANKING

By Richard Billington, Chief Technology Officer, Netcall Over the past five years, the digital banking revolution has had a seismic...

COVID-19 COVID-19
Banking2 days ago

TRANSFORMING BANKING: WHY COVID-19 IS UNFREEZING CONSUMER HABITS

Raj Chakraborty, Senior Managing Director, Publicis Sapient   There is much debate about the impact of COVID-19 on the economy....

LEASE LEASE
Business2 days ago

IS YOUR OFFICE LEASE CRUSHING YOUR BOTTOM LINE? YOU HAVE OPTIONS

By Jonathan Wasserstrum, Founder / CEO, SquareFoot These are unprecedented times for us all. Nobody has a playbook to get...

HOME HOME
Wealth Management2 days ago

THE TRIALS AND TRIBULATIONS OF TRADERS TRADING FROM HOME

Steve Haworth, CEO of TeleWare Group Banks had hoped to keep their London trading floors open amid the worsening coronavirus...

OPEN BANKING OPEN BANKING
Banking2 days ago

HOW WILL REVOLUT’S MOVE INTO OPEN BANKING AFFECT US?

By Richard Mathias, Senior Technology Architect at LiveArea Despite current uncertainty, the financial services sector is experiencing transformative change year...

AUTHENTICATION AUTHENTICATION
Technology2 days ago

IN CONSUMER BIOMETRICS WE TRUST: AUTHENTICATION FOR THE DATA PRIVACY AGE

Jonas Andersson, Head of Standardization at Fingerprints Data privacy is high on the global agenda. In the wake of data...

COVID-19 COVID-19
Business7 days ago

CAPITAL MARKETS – LIQUIDITY MANAGEMENT DURING COVID-19

Tony Farnfield, Partner at management and technology consultancy, BearingPoint   When “Dr. Doom” predicted the 2008 financial crisis back in...

SONY BANK SONY BANK
News7 days ago

SONY BANK SECURES AND ENHANCES MOBILE BANKING WITH ONESPAN’S MOBILE SECURITY SUITE

App shielding, biometric authentication and additional technologies secure and improve the customer experience for Sony Bank’s mobile banking app  ...

MOBILE BANKING MOBILE BANKING
News7 days ago

KOREA’S KB BANK USES TRUSTONIC IN-APP PROTECTION TO ENHANCE MOBILE BANKING EXPERIENCE

Using Trustonic Application Protection enables KB Bank to dramatically improve the authentication experience for users of its mobile banking app...

Customer Customer
News1 week ago

CUSTOMER CARE TODAY WILL BUILD RESILIENCE FOR FUTURE CRISES

Cathal McGloin, CEO of ServisBOT writes, “The COVID-19 pandemic has created major spikes in calls to financial sector helplines dealing with customers...

CREDIT CARD MARKET CREDIT CARD MARKET
Banking1 week ago

THE CO-BRAND CREDIT CARD MARKET – SINK OR SWIM

By Chris Vinnicombe, VP Financial Services at Acxiom The co-brand credit card market is the result of the partnerships between...

Trending