Biometric technology is no longer the stuff science fiction. Fingerprint scanners and facial recognition are now everyday realities of the payments industry, offering greater security than ever before.
These technologies are finding their way into the market, branded as new and more secure methods to authorize payments. But does the technology really live up to the hype?
The Virtue of Biometric Technology
Biometric payments offer the benefit of multifactor authentication. With payment apps like Apple Pay or Google Pay, for example, the customer must first unlock the device, then use a unique biological identifier to authorize the transaction. At the same time, both Visa and Mastercard have introduced new biometric payment cards with a built-in fingerprint scanner. Soon, customers may be able to authorize card-present sales with a fingerprint-and-PIN combination, making for a much more secure experience PIN or signature alone.
Plus, biometric transactions, whether via chip card or mobile payment app, all use the same tokenization technology, so no actual cardholder data is sent via the network. With all the advantages biometric transactions offer, it’s no wonder 93% of consumers prefer the technology over passwords.
Let’s assume you use your fingerprint to authorize a transaction. The scanner does not keep an actual photograph of your fingerprint; rather, it measures unique points in your print and distills that down into a numeric code. The computer can recognize and match your scan against the stored code, but it would be incredibly difficult to replicate in reverse.
Credit card companies are phasing out signature authentication in brick-and-mortar retail because it’s ultimately a weak verification method. Biometric scans produce a much more conclusive result.
Genuine eCommerce Security
As great as that sounds for brick-and-mortar merchants, it’s even better for eCommerce businesses. Until now, the tools in the average online merchant’s arsenal were pretty lacking compared to brick-and-mortar retail. There was no way to employ EMV technology, no PIN verification…a fraudster could realistically complete a transaction with just partially-complete cardholder information.
With biometric technology, though, online merchants could have a new way to mitigate their risk from both criminal fraud and friendly fraud.
The way fingerprint and other biometric scans function makes it hard for criminals to try and complete transactions while impersonating another individual. Similarly, it would be very hard for a cardholder to argue that she did not authorize a transaction if her biometric scan was captured at checkout. Biometrics could become a very useful piece of evidence to counter friendly fraud in chargeback representment.
Brick-and-Mortar Comes First (as Usual)
Of course, biometric payment cards only work in the brick-and-mortar environment. As with other security innovations in the past, there’s more attention placed on POS anti-fraud measures than card-not-present ones.
It’s not surprising that the industry is more focused on implementing the technology in stores; after all, security in the brick-and-mortar environment is a much simpler prospect than online.
Even with the benefit of biometrics, though, we shouldn’t fool ourselves into thinking that the technology is foolproof. Biometrics scans can be spoofed, so even with the added security, you can’t be positive that an individual on the other end of a transaction is who he or she claims to be.
Plus, storing highly-sensitive biometric data opens consumers—and in turn, merchants—to entirely new dangers. The hacking of biometric data is much more complex than stealing traditional payment information, but if criminals can manage to use it effectively, the impact could be devastating.
Part of a Broader Strategy
Biometrics are a great security tool, but they’re just one part of a broader, comprehensive strategy. They need to work alongside other defense mechanisms to take on the complex issue of payments fraud. This includes a lot of the tools you should already be using to prevent fraud, such as CVV verification, delivery tracking, and working with professionals to develop a solid fraud prevention program.
Also, protecting users’ data will be even more vital with biometric technology and the GDPR in play. Be sure you’re doing everything you can to ensure a solid data security framework, such as keeping up with PCI compliance and patching systems whenever needed.
As an eCommerce merchant, you have a responsibility to do whatever you can to protect your business and your customers. Biometric technology will be a big help, but at the end of the day, your vigilance is the key.
Monica Eaton-Cardone is an entrepreneur and business leader with expertise in technology, e-Commerce, risk relativity and payment-processing solutions. She is COO of Chargebacks911 and CIO of its parent company Global Risk Technologies.
© 2022 Newsmax Finance. All rights reserved.