Can we say goodbye to the PIN?
June 2023 by IDEX Biometrics
While Personal identification numbers (PINs) have been at the heart of best-practice data security for decades, it is no longer the most securely available mode for transactions. The multitude of login details, passwords, and PIN numbers required for financial service platforms can represent a significant barrier to engagement for many marginalized groups. Thibault De Barsy, Vice Chairman & General Manager of The Payments Association EU spoke on LN24 to discuss biometric authentication and how it can help accelerate payments whilst also adding social value. The Payments Association EU is a business club of decision makers in the payments industry, which consists of 150 members from across the payments value chain including IDEX Biometrics.
Q: Paying with a bank card or smartphone simply by using your physical characteristics such as your fingerprint or face will soon be possible. Please could you explain how this would be achieved with biometrics?
A: To simply open your smartphone, you put your fingerprint and it recognizes your physical characteristics. So, everyone who uses Apple Pay will know the system well. You register your card on your iPhone and then your face will authorize the transaction. The long-term goal would be to completely dematerialize payments. We would no longer need anything, neither cards, nor codes, nor smartphones. The difficulty would be simply to register a biometric profile that will then be recognized and will authorize transactions.
Q: So hopefully in the long term you can only ultimately pay with your body?
A: I think it will be extremely interesting and helpful for particular audiences; for example, the elderly, people with disabilities, people with mobility problems. Unlike simple swipe cards and PIN codes, your fingerprint can’t be dropped in the canteen, or shared with a colleague, making them a valuable tool for physical security. Obviously, the goal of the payment industry is mainly to make it easier to authorize transactions and to let consumers choose the method that suits them the best.
Q: Does the public seem to adhere to the idea or are we a bit reluctant?
A: There have been surveys conducted by Mastercard, among others, and it seems the majority of people would prefer to have a solution where they can avoid using a PIN code. Some people would also argue that it would be a reason to switch banks if one bank offered a biometric solution versus another.
Q: Ok, do we have any concrete examples? In Belgium, is it slowly materializing today?
A: It’s mainly materializing through what we call the biometric payment card. So, you still have a card, but the identification is done with your fingerprint on the card. This has already been launched in France by BNP Paribas and in Poland by Pocztowy Bank.
Q: So how do you integrate your fingerprint in your bank card?
A: You either go to your bank or at home you receive a small card reader where you scan your finger once and for all.
Q: Like you do with your smartphone, right?
A: Exactly, I asked this to the experts of a company called IDEX Biometrics where they explained that your fingerprint stays on the card so it can’t be hacked, and it won’t be stored elsewhere.
Q: But this is still a hybrid solution, a world where you can pay without a card at a retailer?
A: So, if you go to Sao Paulo in Brazil, there is what is called a ‘Biometric Checkout Program’ which was launched by Mastercard. The program offers consumers the option to register your profile via a selfie and then when you pay at your merchant, the merchant’s device will scan your face and the payment is immediately authorized.
Q: But, unfortunately, at the European and Belgian level, we are not the pioneers?
A: No, so actually at the European level there is a certain willingness to say that this is a valid technology but as always in Europe, we try to weigh the pros and cons because the protection of the consumer is very important. Consumer data is clearly transforming business, and companies are responsible for managing the data they collect. Protecting the interests of the consumer and their privacy is pivotal to building trust and developing lasting relationships. Today, the different regulators have still not agreed yet on unified standards but we’re making progress.