On April 20, Mastercard launched a new type of payment card, which has an in-built fingerprint scanner. The announcement follows two successful trials in South Africa with employees of supermarket chain Pick n Pay and Absa Bank, a subsidiary of Barclays Africa. A full nationwide roll-out is expected by the end of the year, with Europe and Asia-Pacific trials scheduled for the coming months as well.
The new cards, which are the same shape and size as their predecessors, combine chip-and-pin technology with a fingerprint reader to remember the holder’s identity. The cards’ EMV chip can store up to two fingerprints in an encrypted digital template, both of which have to be taken from the same person. The cards are compatible with existing chip-and-pin terminals worldwide, meaning vendors do not have to buy new hardware.
“Biometric capability will mean added convenience and enhanced security for our customers,” said Richard van Rensburg, deputy CEO of Pick n Pay. “The technology creates a platform on which we can further our strategy of personalising the shopping experience in a meaningful way. We have been extremely impressed with the robust and secure nature of the technology.”
The new cards combine chip-and-pin technology with a fingerprint reader to remember the holder’s identity
Such biometric safeguards are generally more secure than keyed passwords like PINs, which can easily be stolen, spied on or phished. That said, fingerprint readers can also be fooled with the right techniques. For example, a German security firm recently got around the locking features of Samsung Galaxy S8 and iPhone devices by lifting a fingerprint from an impression on glass and recreating it in a glue mould.
The introduction of biometric controls to a time-honoured, offline device is a breath of fresh air in the payment technology sector, which is increasingly turning towards mobile phones and online platforms as a means of innovation. Since Apple launched its Pay service in December 2015, many others have followed suit.
Mastercard itself has been rolling out biometric security measures for some time. In October 2016 it launched a mobile application that allows online payments to be made with selfies and fingerprint scans, taking advantage of the latest facial recognition software and touch-based hardware on smartphones.
While biometric security will probably be the future of payment technology, classic measures like security codes and signatures are likely to endure for some time. For example, PINs will still be necessary at cashpoints that swallow cards whole and are therefore incompatible with a card that needs constant physical contact with the user. Consequently, the introduction of biometric security to payment cards is likely to unfold in a similar way to contactless payment systems, which have generally been welcomed warmly by users whose security-related qualms died down relatively quickly.