09 November 2023 | Published by John Clark
In recent years, we've witnessed an incredible evolution in the world of payment methods. Card payments have become increasingly seamless, from the widespread adoption of contactless payments to the convenience of using smart wearable devices for transactions. But what lies ahead in the realm of payment technology?
Today, we're delving into biometric payments, a cutting-edge approach that could redefine how we make card payments.
In its simplest form, biometric payments involve authorising a card payment using your unique fingerprint. If you've used your fingerprint to unlock your smartphone or access various applications, you're already familiar with this concept. Using your fingerprint instead of a traditional password for different digital interactions is becoming increasingly common.
And now, this same technology is making its way into card payments, especially for transactions exceeding the £100 contactless limit. Instead of entering a chip and PIN code to confirm a payment, you can tap your card onto a payment terminal and use the fingerprint scanner on your smartphone to verify your transaction.
Along with using a fingerprint, a few other types of biometric payments involve using a mobile device.
Fingerprint payments require individuals to initially register their fingerprints on their mobile phone, creating a secure template for identification. When making a payment, they only need to place their registered finger on their phone sensor, which matches it with the stored template for quick and secure authorisation.
You can find fingerprint payments almost everywhere in today's digital landscape. They are commonly used in mobile wallets like Apple Pay and Android-based systems, offering a seamless and secure payment experience. Financial institutions have also integrated fingerprint authentication into their mobile banking apps, giving quick and safe access without requiring a traditional password.
And it's not just fingerprints: in July 2023, global e-commerce marketplace Amazon announced plans to roll out their 'Amazon One' payment service. Amazon One uses palm recognition technology for identification, payment, and entry at over 400 locations in the US. Once successfully implemented, customers can buy from brick-and-mortar stores with a simple wave of their hand, leaving their phone and wallet at home.
Facial recognition technology authenticates payments by registering unique facial features and matching them during transactions. Users enrol their facial biometrics, and a camera or sensor scans their face. Real-time analysis confirms the match, eliminating the need for physical cards or PINs.
Facial recognition payments are used in mobile wallets, retail, and airport security, offering speedy, secure transactions. They're highly accurate, distinguishing live faces from photos, and often include liveness detection to prevent fraud. The first prevalent use of facial recognition came in 2017 with the release of Face ID on the iPhone X. Since then, it's become a popular way of validating payments and access to accounts.
While privacy and regulation are considerations, facial recognition payments provide a safe and convenient payment method when implemented correctly.
Voice biometrics uses unique vocal characteristics to verify transactions. Users register their voiceprints, which capture distinct vocal patterns. When users provide a voice sample during payment, advanced algorithms match it to the stored voiceprint, offering an efficient and contactless payment experience.
While voice biometrics are less commonplace than fingerprint or facial recognition software, they've found a home in several sectors. Voice biometrics are often used in finance, customer service, and call centres, where staff will mostly converse with customers over the phone. For example, the Royal Bank of Canada lets customers pay bills using voice commands, and the USAA provides its members access to account balances and bank statements through Amazon's Alexa. Using voice recognition in these scenarios enhances security without compromising convenience for the user.
Behavioural biometrics boost payment security by analysing unique user behaviour like typing speed and gesture patterns. These distinctive traits are difficult for unauthorised users to replicate, offering additional protection.
This type of biometric payment is less well-known than the three previously mentioned methods. Still, it can be implemented in mobile banking apps, e-commerce platforms, and workplace security systems to verify user identities during transactions and access, enhancing payment security and fraud detection. For example, HSBC uses a behavioural biometrics tool named Callsign that analyses your keystrokes as you enter your email address as an extra level of fraud detection.
Research conducted by Fingerprints, one of the world's leading biometrics companies, reported that 48% of consumers in the UK wanted biometric payment cards, with a further 62% saying that they'd switch banks to get one.
With evident consumer popularity behind them, here are some ways that small businesses can benefit from accepting biometric payments:
Biometric payments offer a notable security advantage over traditional methods. From telephone banking to debit and credit cards and even your favourite social media apps, we constantly need to remember passwords, often using similar ones across multiple platforms — an enticing opportunity for tech-savvy hackers.
With biometric payments, this headache may become a thing of the past. Biometrics are unique and extremely difficult to replicate, unlike passcodes, which can be easily shared, stolen, or even guessed.
As well as offering increased security compared to traditional passwords, biometric accuracy constantly increases with new technological advancements. The National Institute of Standards and Technology conducted a study that found that from 2014-2018, biometric accuracy increased from 96% to 99.8%.
When it comes to security, biometric payments truly shine. If someone stole your card, they would find it nearly impossible to make a payment exceeding £100, as they would need your fingerprint to authorise the transaction.
The authenticity of fingerprint recognition boasts an accuracy rate surpassing 99.99 per cent, rendering it exceptionally secure. This technology also safeguards against counterfeit 2D prints and fake rubber fingerprints, relying on electrical sensing that only a real finger can provide.
Leading card provider American Express has recently announced plans to pilot biometric recognition to crack down on fraudulent online transactions. Announced in October 2023, the firm is adding facial and fingerprint recognition to its SafeKey checkout process for selected American Express cardholders in the US.
Essentially, it means that cardholders will have the option to confirm their identity using biometric payments when completing a transaction online – offering a higher level of safety than just passwords alone. For customers, it means increasing security while decreasing friction in the checkout journey.
Speed is another advantage of biometric payments that benefits both consumers and retailers. Just as contactless payments revolutionised transactions under £100 by speeding up payment processing, biometric payments offer a similar advantage. The result? Customers can enjoy reduced queuing times and smoother transactions with a simple tap-and-go approach.
As biometric payments gain wider acceptance, we can expect this accelerated payment process to extend to larger transactions. While card payments have come a long way, they may even become more secure, efficient, and user-friendly with biometric technology innovations. With the potential to revolutionise how we pay, biometric payments could be the future of safe and convenient transactions.
Another benefit of this technology lies in its compatibility with existing point-of-sale (POS) infrastructure: a biometric credit or debit card will work with existing payment terminals, and no modification is required for existing point-of-sale devices. This means there are no rollout costs for the merchants, and this technology can become accepted quickly.
Biometric payments are a robust defence against fraud due to their unique and difficult-to-replicate nature.
Technologies like fingerprint recognition, facial recognition, voice biometrics, and behavioural biometrics offer a higher level of security than traditional authentication methods like passwords or PINs. These biometric methods ensure that only authorised individuals can initiate transactions, making it highly challenging for fraudsters to gain access.
It's worth noting that as biometric technology becomes more widespread, scammers are also developing new tactics to take advantage of it. And while biometrics are more secure than regular numerical and alphabetical passwords of old, they're not impenetrable.
Learn more about how fraudsters are taking advantage of voice recognition technology in our list of some of the most common scams to watch out for here.
Biometric payments are critical to Strong Customer Authentication (SCA) requirements. SCA is a set of requirements forming part of the Payment Services Directive (PSD2), which states that banks and payment service providers must implement security checks on card-based online orders to confirm a customer's identity.
For most credit and debit card transactions, 3D Secure is a widely accepted protocol that follows SCA requirements for verifying an online shopper's identity. It's a method for 2-factor authentication, which requires the customer to provide:
The Strong Customer Authentication requirement is enforced by the Financial Conduct Authority (FCA) to protect customers from potential fraud when completing online transactions.
Compliance requirements on biometric payments for businesses vary around the world.
In the European Union, however, the General Data Protection Regulation (GDPR) is the main legislation around biometric data. GDPR came into effect in May 2018 and sets stringent standards for collecting, storing, and processing personal data, including biometric data. GDPR also grants users certain rights, such as access to their data, requests for deletion, and objections to its processing.
But what does that GDPR look like in practice? Businesses that use biometrics for payment authentication must obtain explicit consent from users and ensure transparency regarding data usage. They are also responsible for handling biometric data with the utmost care, implementing security measures and promptly responding to user requests.
Biometrics offer a bright future to consumers who want faster, more secure ways to pay wherever they go — and the small businesses that can adapt will reap the benefits.
However, biometrics have their challenges. Here are some of our most useful tips on how SMEs can address them to keep themselves and their customers on the right path forward.
Biometric data is highly personal, so there are concerns about its collection and storage. Your customers may worry about their biometric information being compromised or misused, negatively impacting their trust in your business.
Solution: Implement transparent privacy policies
Businesses should be transparent about collecting, storing, and protecting biometric data. Communicate your privacy policies to customers and ensure their informed consent before collecting biometric data.
Small businesses may face significant costs in adopting biometric payment systems if they choose the wrong provider. This includes acquiring the necessary hardware and software and ensuring compliance with data protection regulations.
Solution: Explore cost-effective solutions and subsidies
Cloud-based biometric services or leasing hardware instead of buying is one way to reduce upfront expenses when adopting biometric technology. Additionally, government grants or subsidies may be available to support small businesses in adopting biometric payment technology. Some regions offer financial incentives to promote secure payment methods.
Biometric systems are not foolproof and can encounter technical issues, such as false positives or negatives. These can lead to frustrating payment experiences for consumers and potential business losses.
Solution: Fallback mechanisms
Implement fallback mechanisms for cases where biometric authentication fails. Allow customers to use traditional payment methods like cards or PINs as a backup to avoid transaction disruptions.
Some consumers may not have access to biometric payment methods due to the cost or compatibility issues with their devices. This can create exclusion and potentially reduce your customer base.
Solution: Multiple authentication options
Offer multiple authentication options beyond biometrics, such as mobile apps, tokens, or SMS-based verification. Alternative authentication options ensure that customers without biometric-capable devices can still make payments.
Compliance with data protection regulations, like GDPR, can be complex. Small businesses may need to navigate these regulations carefully to avoid legal issues.
Solution: Appoint a Data Protection Officer (DPO)
Compliance with data protection regulations, like GDPR, can be complex. Small businesses may need to navigate these regulations carefully to avoid legal issues. Third-party training providers can educate your staff regularly like you might train first-aiders.
The future of biometric payments is poised to bring significant changes to consumers and businesses in the digital payment landscape. The adoption of biometric payments is expected to continue growing, as over 80% of smartphones worldwide now have built-in biometric capabilities, and biometric authentication is projected to secure over $3 trillion (£2.44 trillion) in mobile payments by 2025.
As more people embrace the idea of using their biometrics for payment authentication, traditional passwords are gradually becoming a thing of the past. This shift is driven by consumer demand for a secure yet hassle-free payment process, further accelerated by the COVID-19 pandemic. New authentication methods will likely continue to emerge, making digital payments even more secure and convenient.
For businesses, adopting biometric payments can enhance customer loyalty and potentially increase sales, as it simplifies the payment process and enhances security. Biometric payments can also streamline the payment experience in the context of open banking and multi-factor authentication, ensuring that payments are both secure and convenient.
For more about what we do and how we do it, get in touch with the team on 0808 274 2017.