In the 1989 science fiction blockbuster “Back to the Future Part II,” the two main characters travel forward in time to the year 2015. Here, not only is it possible to ride flying skateboards and wear self‑lacing sneakers, but also to use fingerprints to authenticate payments at a device resembling a tablet computer.
During the nearly 30 years that have passed since the film was released, we’ve seen many initiatives in the field of biometric authentication. These have come from different payment players including banks, credit card companies, point of sale (POS) terminal manufacturers and alternative payment method providers.
But despite these initiatives, biometrics currently only play a minor role in payment authentication, an area that continues to be dominated by PIN codes, passwords and signatures.
That situation is likely to change, however, as new technology and changing consumer expectations affect how we pay for purchases.
What is biometric authentication?
Authentication can be defined as the process of confirming an identity claimed by an entity. For example, someone confirming that they are the true cardholder making a payment.
Authentication can be performed by one or more of the following means:
- Knowledge: something the user knows, such as a PIN or password
- Ownership: something the user has, such as a card, token or mobile phone
- Inherence: something the user is — or, in other words, a biometric characteristic
Payment transactions are normally authenticated using methods drawing on the first two categories. But the application of biometric factors — in the third category — has recently become more feasible.
Biometric factors include physical and behavioral factors. Whereas physical factors — such as fingerprints, iris patterns or other facial features — are innate, behavioral factors are related to the user’s patterns of behavior, such as keystroke dynamics or cursor movements.
One major difference between biometric and other authentication methods is that biometric techniques have to incorporate probabilities in the authentication process. A PIN or password supplied by someone making a transaction is either correct or incorrect. But a biometric scan of, say, a fingerprint will usually only return a probability that the authentication is a match.
This poses challenges, especially for payment transactions, where authentication errors lead to financial losses or chargeback processes.
A different role in different channels and markets
In order to assess the role biometric authentication could have in the future world of payments, we have developed different hypotheses that differentiate between payment channels (POS vs. remote), payment instruments (card vs. other) and market characteristics (traditional card-focused vs. developing).
Hypothesis 1: In traditionally card-based payment markets with established payment infrastructure, biometrics will play only a minor role in the authentication of card payments at the POS.
In markets with an established card-based infrastructure, there doesn’t seem to be a customer need that using biometric authentication would solve. Such markets already have processes that work and that people know — PIN or signature — for authenticating card payments at a POS.
Moving to biometric authentication would require investment in new technology, either at the merchant’s POS (e.g., installing a camera for face or iris recognition) or for the issued cards (e.g., by issuing cards with an embedded fingerprint scanner).
Compared with the cost of such technology, fraud losses are comparatively low. So it seems unlikely that merchants or card issuers could justify such an investment. And there’s no reason to think consumers themselves would be willing to pay in order to use biometric authentication.
Hypothesis 2: The increasing prevalence and use of biometrics-enabled devices (e.g., smartphones) and the ultimate goal of having a uniform user experience across channels will promote the establishment of biometric authentication for payment transactions in the coming years.
At the POS, mobile payments are finally gaining traction among consumers and are thereby also promoting biometric authentication.
Many existing mobile devices are capable of analyzing biometric factors — for example, through cameras, fingerprint scanners or microphones for voice recognition. And biometric authentication is already being used for unlocking phones and computers or for confirming actions.
When conducting payment transactions at the POS, biometric factors can be used to supplement or replace other authentication methods, such as PIN, without extra cost, but with added convenience. Apple Pay and Samsung Pay are two mobile payment services that already use fingerprints as a biometric authentication factor.
Biometrics for remote payments
More and more remote payment transactions are being conducted on biometric‑enabled devices, such as smartphones, tablets and laptops.
Online merchants seeking to optimize conversion rates are likely to select the most convenient payment methods. And, when integrated neatly into the payment process, biometric authentication can improve user experience — again, at no additional cost.
Many payment method providers are already trying to integrate biometrics into their offering. For example, Mastercard’s Identity Check Mobile and Apple Pay’s remote payment functionality.
In the future, we’re likely to see a convergence of POS and remote payment methods, which will further encourage the use of biometric-enabled devices for conducting payments.