Fingerprints, Facial Scans & Other Tools for Biometric Payments Help Eliminate Fraud
Fingerprint scanners? Facial recognition? Iris imaging? What is this…a movie?
No, this isn’t James Bond; biometric payments are no longer the stuff of sci-fi and spy films.
The technology is gaining wider use, but how effective is biometric security at reducing the cost of fraud? How does it impact chargebacks? Most importantly, could biometric security be a net gain for your businesses…or a loss?
Biometric Security & The Three Factors of Authentication
As the name implies, biometric security is a body of varied technologies, strategies, and practices that ensure security through biometric authentication.
Biometric security tools have countless potential applications. They can be used for anything from authorising consumer payments and providing access to secured buildings to matching the ID of a suspect in a criminal investigation. What makes biometrics so much stronger than other security techniques, though? Well, that comes down to authentication factors.
All methods of validating a user’s identity are based on one of three authentication factors:
- Ownership: Something the user possesses, like a payment card.
- Knowledge: Something the user knows, like the PIN attached to a payment card.
- Inherence: Something the user inherently is, like a fingerprint.
Ownership is incredibly easy to spoof. In this example, the security measure is broken if the physical card is stolen. Plus, anyone with the right know-how can use stolen cardholder information to create a counterfeit of the card. It’s even easier online where there is no card present anyway; the fraudster can simply use the cardholder information by posing as a legitimate buyer.
Knowledge is also not hard to bypass; fraudsters are very skilled at using phishing attacks, skimmers, and cameras to trick cardholders into surrendering sensitive information necessary to authorise purchases.
With biometric payments, though, you’re employing inherence factors. These are more secure because the method of verification is physiological in nature. After all, it’s much harder to copy someone’s fingerprint than it is a plastic card or a password.
Biometric Authentication Methods
So, what different biometric payments methods are currently available to authenticate eCommerce purchases? We’ve compiled four of the most promising for you to take a closer look; two are currently in use, while the others may soon see adoption:
This tool uses a scanner to digitally image the user’s fingerprint; the original image is destroyed, while a mapping of the print is saved. All subsequent scans will be authenticated against this digital map. Digital fingerprinting is currently the dominant biometric method, and is an option for most mobile devices and mobile payment platforms like Apple Pay and Samsung Pay.
Facial recognition works like digital fingerprinting. The technology maps dozens of different points on the user’s face to create a unique impression of the individual, rather than saving the user’s actual picture. This tool is gaining popularity, with most users becoming aware of it after the iPhone X introduced Face ID support in late 2017.
This tool works by comparing the voice pattern of the user to a pre-recorded sample. Voice isn’t necessarily as distinct as face shape or fingerprint, but it does have certain advantages; for example, the technology is affordable and non-intrusive compared to other methods. Plus, more computers have built-in microphones than fingerprint scanners.
Like our more-or-less unique fingerprints, the random pattern of the human iris can help identify different individuals. This technology is highly-accurate at close range and can work with the cameras installed on most modern smartphones.
The conversation surrounding biometric payments since 2014 seems to suggest it’s the biggest innovation since magnetic stripe cards. But does biometric technology really measure up to the hype? In many ways…yes, it does.
Traditional payment card security was comparatively weak; both card-present and card-not-present environments relied exclusively on knowledge- and ownership-based authentication. Thus, if a criminal had physical possession of a stolen card, there was a good chance the person could complete a fraudulent purchase…not such an easy task with biometric technology involved.
The inherence factor makes it exponentially harder for a criminal to spoof a user’s identity. This gives biometric payments an edge over many potential fraud tactics.
Biometrics, Mobile Payments & Global eCommerce
So, if biometric payments offer considerable benefits, why aren’t they used in every transaction? Well, consumers need access to an interface capable of capturing a biometric scan during the transaction.
Some companies are working on potential solutions to get these tools into wider use, like Mastercard’s biometric-enabled payment cards. These cards scan the customer’s fingerprint at the point of purchase; of course, these are only useful in a card-present context. For now, the best bet remains mobile devices.
Mobile apps like Apple Pay, Samsung Pay, or Alipay will usually ask consumers to authorise payments using a fingerprint or other biometric scan. However, Western consumers have tended toward skepticism when using phone or tablet-based wallet apps during checkout. A relatively small subset of US consumers have tried any mobile payment technology, and even fewer use it regularly.
The story is very different overseas, though. The increasingly-affluent consumers in growing global markets like India and Vietnam are hopping on board the mobile payments movement fast. In China, the number of transactions made by mobile app outpaced those made by payment card in 2016. These so-called “mobile-native” economies enjoy the benefits of reduced fraud and more accessible and versatile payments infrastructure both online and in-store.
Eventually, the increased adoption of mobile payments in the West will open the possibility to see biometric payments on a wide scale. However, if you accept Apple Pay and other mobile payment platforms on your site…you’re already enjoying the benefits.
Biometric-enabled 2-factor authentication is effective against potential threats beyond criminal fraud. The tool can also serve as great compelling evidence to fight friendly fraud. To demonstrate, consider Mastercard’s Identity Check—sometimes referred to as “Selfie Pay”—which uses facial recognition to authorise purchases.
Assume a customer files a dispute after claiming that a transaction was never authorised. The customer might claim her account was hacked and the purchase was part of an account takever attack, or that a fraudster made an unauthorised app purchase in the customer's name. This would be a very different situation if the customer used facial recognition to authorise the purchase, as it's much easier to steal a password that to steal someone's face.
The selfie a customer submits as payment authorisation is convincing evidence of an authorised transaction. A customer attempting to commit friendly fraud by demanding an illegitimate chargeback will have a much more difficult time making a case when there is photographic evidence that she approved the charge.
No Solution is Perfect
Of course, even biometric security isn’t foolproof. The technology has several issues and other weak points, including:
You can’t rely on a fingerprint scanner or smartphone camera to be available with every transaction. While consumers can use biometric authorisation on most mobile device, desktops still make up a large portion of eCommerce sales.
Contemporary consumers are very anxious about their privacy and where personal data goes after they submit it. Even if biometric scans do not actually “save” their fingerprints or other identifiers, many consumers will still refuse to provide that information.
Biometric scans will not work the same for every person. For example, a loud background environment might interfere with voice recognition, and the technology won’t work if you lose your voice due to temporary illness. Similarly, iris scanning tools may not work with blind individuals or those with cataracts.
Plus, biometrics aren’t super-effective against all forms of fraud. For example, biometric payments have no effect on many affiliate marketing scams like click fraud or cookie stuffing. If you maintain a rewards program for customers, biometrics can have limited utility in the fight against loyalty points fraud.
One Part of a Better Strategy
Biometrics tools aren’t perfect. However, we highly recommend you embrace biometric security methods, and there’s a few good reasons why:
- Effectiveness: The 2-factor authentication provided by biometric scans are among the strongest antifraud strategies available.
- Ease: Adopting biometric payments is as simple as adding mobile payment apps like Apple Pay or Samsung Pay to your options at checkout.
- Convenience: Even though mobile payment adoption is still relatively low, it can be an attractive offer for consumers who’ve already embraced the technology.
- Cool Factor: Offering biometric options can establish an image of your business as forward-thinking and on the cutting-edge of the industry.
You can take a significant chunk out of your criminal fraud risk—and have some very compelling evidence at your disposal—with these basic tools as part of a broader strategy. Front-end fraud filters, 2-factor authentication, chargeback risk mitigation…each plays an important role in the fight for better fraud mitigation.
Want to learn more about biometric payments and other advanced authentication methods can help fight friendly fraud, recover revenue, and reduce your long-term risk? Click below to get started.