Biometrics: The next frontier in securing contactless payment cards
James Thorpe
Share this content
Today, the way we pay for our in-store purchases is vastly different from just a few years ago.
One of the stand out features of this payment revolution is the rise of ‘tap-to-pay’, with consumers turning to contactless payment cards and, increasingly, mobile wallets. It is easy to see why. Instead of fumbling with cash, or worrying about the hygiene of shared surfaces like PIN pads, consumers simply tap and go. However, does this convenience come at a cost and is contactless becoming more attractive to fraudsters?
To help cement the rise of contactless and unlock cashless opportunities, the card payments industry is learning lessons from the mobile ecosystem to add more security to the ‘tap’ of a ‘tap-to-pay’, without sacrificing convenience.
The rise of contactless
Even before the pandemic, contactless was quickly becoming a preferred payment method. And once hygiene was high on the agenda, contactless adoption went through the roof.
According to Fingerprints’ research, on average around the world, contactless cards account for nearly half of in-store transactions, with significant regional variations.
Take a look at the UK, for example. According to Lloyd’s bank, in June 2019 65% of face-to-face payments were made using contactless. Today, it is more than nine in ten. Reflecting the rise of contactless in the UK, the contactless payment limit increased in October 2021 from £45 to £100, making it the highest limit in Europe. In the immediate months that followed, the total number and average value of contactless in-store transactions crept up. Across the Channel in France, considered the spiritual home of card payment technology, the pandemic saw a 216% spike in contactless card use. In Germany, a traditionally cash-heavy society, cards now outrank cash, with 60% of in-store transactions being made using contactless.
A ‘thief’s dream’?
Like any payment solution, security is essential and fraudsters will always find the path of least resistance and contactless cards, with ever-expanding limits, are certainly on crooks’ radars.
When contactless was first introduced, it was limited to low-value transactions (£10 in the UK in 2007). Today, however, consumers can spend far more using contactless before they need to authenticate themselves. In the UK, it is £300, leading some (rightly or wrongly!) to label contactless payment cards a ‘thief’s dream’.
Even as contactless use was rocketing, fraud was a cause for concern. According to UK Finance’s latest Annual Fraud Report, lost and stolen card fraud incidents increased by 1% between 2020-21, despite this being a time when normal high-street shopping habits were drastically altered due to pandemic restrictions. Worryingly, the same report highlighted that when pandemic restrictions were eased in late 2021, contactless fraud on payment cards and devices went up 20%.
When Fingerprints surveyed consumers around the world, it was found that half (51%) were worried about the lack of security if their contactless card was lost or stolen. Although spending caps do add some protection, on average a quarter of consumers are confused about these limits, detracting from the overall convenience of contactless.
To further solidify the potential of contactless, security needs to evolve in a way that does not sacrifice convenience.
How has the industry secured contactless so far?
Addressing the security gap in the evolving payments ecosystem is a top priority. Europe, for example, implemented Strong Customer Authentication (SCA) as part of the Second Payments Services Directive (PSD2). For contactless cards, Strong Customer Authentication (SCA) rules are met by triggering a chip-and-PIN authentication when spending limits are reached. But this adds friction to contactless and is contributing to other issues like contactless walk-offs.
In tandem with warning consumers to be more vigilant, one approach taken by banks and card issuers to help secure contactless is to give consumers a more active role. For example, in the UK when the limit increased, some banks allowed consumers to set their limits. Some consumers were only too willing to do this. According to Lloyds Bank, more than 800,000 customers have set alternative limits (with 60% opting for a cap of less than £50) or deactivated contactless entirely. The onus should not be placed on the consumer to protect themselves.
Contactless cards are not going to vanish from our wallets any time soon – can the payments community do more to make cards unattractive to fraudsters? Established technology can help secure contactless to help stay one step ahead, whether they are criminal gangs, muggers or even opportunistic thieves seeing a lost card in the street and then going on a spree.
Unlocking the full potential of contactless
The evolution of card technology is marked by several milestones. Each step saw significant enhancements in the security and usability of cards. Biometric authentication represents the next logical evolution for card technology.
By integrating a biometric sensor into the payment card, consumers can personally authenticate every transaction with a highly unique credential – their fingerprint, achieving new levels of security. Armed with a biometric sensor, fraud risks and subsequent lost revenue are directly addressed and suppressed. Furthermore, there would be no need for PINs or contactless limits, creating a less confusing and frictionless experience.
Biometrics is already a proven technology that consumers trust and are familiar with. After years of integration into our smartphones and laptops, consumers have come to prefer using biometrics to traditional PINs and passwords when authenticating themselves.
Closer than you think
Research shows that there’s a strong appetite for biometric payment cards amongst all consumer demographics. More than half of consumers would say “yes” if they were offered a biometric payment card and the same amount would switch banks for one. With the decline of a ‘bank for life’, there is a golden opportunity for banks and card issuers. By attracting new customers through the ‘cool factor’ of a biometric payment card and a visible commitment to securing contactless transactions with the latest tech that many currently associate with smartphones and laptops.
To date, commercial roll outs of biometric payment cards have been seen in countries like France, Switzerland, Mexico, Poland and Morocco. And a further 24 commercial pilots – two of which are in the UK with NatWest and RBS – have happened or are in progress around the world. Standardisation and certification is also here with solutions achieving compliance with initiatives like Mastercard’s new Fingerprint Sensor Evaluation Process. Not only does this support trust and security, but it also helps lower market barriers by providing card manufacturers with a pre-approved, ready-to-use biometric solution.
The biometric payment card has emerged as a key security trend within the payments ecosystem. In a world where convenience and security are king and queen, biometrics holds the keys to the kingdom. The next evolution of contactless will be as secure as it is convenient and it is just around the corner.
By Michel Roig, President – Payment and Access, Fingerprint Cards
To learn more about biometric payment cards, go to Fingerprints’ payments solutions webpage and explore the next horizon in contactless technology.
