Securing a Biometric Payment Card: The Tech Bringing Greater Trust to Contactless
October 2020 by Henrik Nilsson, Product Manager at Fingerprints
Fingerprint authentication is a mature and trusted technology, refined through a decade of mass adoption in the mobile world. With biometrics now in over 80% of smartphones, it is also a preferred technology, having rapidly overtaken PIN authentication to secure access to devices, make payments and secure applications.
With two further commercial rollouts recently announced by major French banks BNP Paribas and Crédit Agricole, biometric payment cards are the next big tech to hit consumer wallets. The business case is clear. With a fingerprint sensor on-card, banks can add strong customer authentication to contactless, removing the hassle of PINs and the need for contactless payment caps. Billed as ‘the biggest development in card technology in recent years’, the promised boost to contactless’ experience is hard to ignore. But just how secure are these cards? The payments ecosystem is complex. Before bringing biometrics to any new payment form factor, careful consideration is needed to ensure the technology can be seamlessly integrated into the existing infrastructure, while maintaining the highest levels of security.
The threat factors
Nothing is ever ‘un-hackable’. The key principle in security is to ensure attacks are either too expensive or too complex to be feasible at scale. While biometrics addresses some of PIN’s most important fraud challenges, such as “shoulder surfing” and shared PINs, the security of biometric payment cards also must be considered carefully before launch.
In a biometric system on card (BSoC), the on-card data flow during authentication can be divided into several key steps. Firstly, the image of the fingerprint is captured by the sensor. This is then processed and the feature, or relevant part of the image, is extracted to be matched against the biometric template stored securely on the card’s secure element (SE). If there is a match, authentication has been successful.
Several risk points emerge in this data flow: in the initial image capture at the sensor, during processing, and in the matching process. From this, there are essentially three main types of attack to mitigate: spoofing (aka presentation attack); injection and replay; and finally, manipulation of processing and template storage. Let’s have a look at each in more detail.
Spotting the spoofs
Biometric spoofing is where something other than the user’s fingerprint is placed on the sensor to try and trick the matching operation into a false acceptance, called presentation attacks. The “spoof” might be an artificial fingerprint, or perhaps a latent fingerprint reactivated on the sensor.
Thankfully, the move to active capacitive sensors has significantly mitigated the threat posed by spoofing. These require three-dimensional, conductive prints which closely resemble the texture of a real finger – spoofing such prints is now a considerable, not to mention expensive, challenge, and nigh-impossible to achieve at scale.
Would-be spoofers also have to contend with ever-increasing sensor image quality and algorithmic sophistication, the results of continual R&D investment. A sophisticated biometric algorithm paired with a state-of-the-art sensor for payment cards can now ensure a better than 1 in 20,000 False Acceptance Rate (FAR), daunting odds for any hacker. By comparison, the FAR of PIN codes are far higher at 1 in 10,000.
Injection and image replay defence
This is where the sensor itself is replaced by a fraudulent device, which provides a falsified image. The image provided might be an image of the user’s finger captured during an earlier transaction, which is “replayed” to trigger more payments.
A sensor-image authentication process provides robust security against such attacks. This process verifies the image originates from the sensor alone, as well as the time it was captured, preventing any attempt at image replay. More generally, the inherent privacy of on-device biometric systems means the risk of information leakage and subsequent replay attacks is minimal. All biometric data is stored and processed on the device and, in personal authentication, entirely unique to that device. This means even if successful, no other device with biometric authentication tied to that user is compromised. Data-conscious consumers can feel reassured. Attacks are far harder to achieve, especially at any scale that would be valuable to hackers, and their sensitive data remains encrypted and stored securely on their device at all times.
Protecting processing and template storage
This final type of attack targets the execution of the biometric software itself, either through fault injection or by monitoring for what is known as “side channel leakage”: variations in time, power consumption, or electromagnetic fields. This data is then used to optimize fraudulent input.
Once again, sophisticated algorithms form the main point of defence. The trend is heading towards the latest sensors becoming capable of conducting the entire feature extraction and matching process within the secure element (SE) itself, without the need for an additional processor. This progression is a major technical advancement. SEs remain one of the most robust hardware security solutions available, providing exceptional protection. Meanwhile, consolidating the process into the SE, eliminates many points of risk in the data flow.
Ready to roll
The security of biometric payment cards already far exceeds PIN authentication and traditional contactless. Ensuring robust security and privacy protections are in place is still fundamental to the launch and successful mass adoption of any new technology – especially when it comes to payments! For biometrics solutions, this protection lies in both the quality of biometric processing itself and the protection and storage of assets such as the sensor image and templates.
With extensive R&D work already done and invaluable feedback from 20+ global trials and commercial launches, the next generation of biometric payment card sensors deliver just that – high quality software and algorithms and even more robust protection of sensitive biometric data. And, as always, efforts endure to ensure each future generation is even smarter.
Fingerprints is proud to be at the forefront of this technology’s advancements. Our latest solution accommodates the stringent technical, market, and user requirements to enter seamlessly into mass-market rollout. It is in line with major card standards, requires no update to the existing payments infrastructure, and increasingly straightforward (and crucially, lower cost) for manufacturers to produce. Learn more about the innovation securing biometric payment cards in our latest whitepaper.