Fingerprints can unlock doors, phones and more, but are consumers ready to pay with them?
Visa, the financial services giant, thinks so.
The company, which backs credit, debit and prepaid cards, has started pilot tests of cards that have a built-in fingerprint reader. Users place their finger on the sensor area and either insert the card’s chip into a reader or hold it above a payment terminal.
By using their fingerprint, customers can skip having to enter a PIN or signing off on a purchase.
A user’s fingerprint is compared against a previously registered pattern, which is stored as a cryptogram on the card. A red or green light on the card indicates whether the fingerprints match.
“The card is trained to use your biometric thumbprint and since your thumbprint is unique, it can only be activated by the individual that’s trained the card,” said Matt Smith, vice president of platform strategy at Visa. For those who share their card with others, transactions would revert to PIN number, or pen and signature for processing.
The cards will be issued by Utah-based Mountain America Credit Union and the Bank of Cyprus.
WATCH: Company Tests Cards with Built-in Fingerprint Reader
Visa is not the first digital payments company to explore the growing field of biometrics, which relies on people’s unique biological traits, like the iris pattern of their eyes, to ensure that they are who they say they are.
Last year, Mastercard began testing a fingerprint-enabled card at Pick n Pay stores in South Africa.
Visa surveyed 1,000 Americans on their perceptions of biometrics and found that 86 percent were “interested” in biometrics as a form of authentication or a way to make payments.
Users of mobile wallets Apple Pay and Google Pay, both compatible with Visa and Mastercard, already can take advantage of paying with their fingerprints.
Not having to provide a signature or PIN number may be convenient, but is it secure?
To answer that question, Anil Jain, a professor and biometrics researcher at Michigan State University, has created with his students fake or spoof fingerprints that have been successful in unlocking systems that rely on biometric credentials.
Even so, Jain says the process isn’t easy. It first involves obtaining fingerprints to work with, either with a person’s consent or the ability to lift and replicate physical fingerprints left on everyday surfaces.
Jain believes it’s harder to steal biometric data from a mobile phone or credit card chip (like Visa’s), as opposed to biometric data stored in a central database, such as a government server containing fingerprint records.
Focusing on the end security system, Jain and his students have devised both hardware and software solutions that can better detect the difference between a real, human fingerprint vs. a fake fingerprint.
In one study, they tested fake fingerprints made of everything from PlayDoh to Ecoflex, a silicone rubber often used to create makeup special effects for television and film.
“We have shown that we can do a fairly good job in detecting spoofs versus real fingerprints. And I think in most of the cases, it’s the issue of how to raise the bar for the hacker, so that it is becoming more and more difficult for the hacker to attack the system,”Jain said.
“No security system is foolproof. The idea is to make it as difficult (as possible) for an imposter to use it,” he added.
Jain said additional biometrics can be implemented for major purchases. A $100,000 purchase at Tiffany’s, for example, could warrant a facial recognition scan in addition to a fingerprint scan.
In the end, biometrics are here to stay, especially as hardware and software costs come down and consumer adoption increases he said.
Jain offered a bit of common sense for the era of biometrics: “Don’t post your fingerprints,” he said, chuckling.