The central question in payments fraud is how to tell whether the customer is who they say they are—the real account holder or an impostor. Passwords can be stolen, keys can be copied, but some things are very difficult to fake, like your unique identifying features: your face, eyes, fingerprints, and more.
Biometric security uses this information to verify identities, and is already being used to authorize both card and digital payments. Instead of entering a PIN or providing a signature, the customer interacts with a biometric sensor that verifies them. Can biometric payment options help merchants defend themselves from fraud and chargebacks?
Biometric payment systems are already in place in many markets around the world, and some countries have tied them into biometric-based national ID systems. Across the globe, users of Apple Pay, Samsung Pay, and other digital wallets are already logging in and verifying their identities with biometric sensors built into their smartphones. Some market analysts are projecting biometric payment transactions to grow by as much as 18% per year.
In many regions, the ability to use biometric payment security depends entirely on whether or not the merchant accepts payment options that include them. The is considerable overlap with contactless payment solutions like digital wallets and biometric security, but some issuers are offering physical credit cards with embedded biometric sensors that can be used at any EMV-enabled card terminal.
What is Biometric Security?
Credit is just a promise to pay back at a later date, and our entire system of credit payments depends on being able to verify that the person making the promise is the same person who’s going to get the bill. In the pre-digital era, a signature was used to verify the cardholder’s identity—if there was a dispute later on, the signature on the transaction receipt could be compared against the signature on file.
The computer age brought us password and PIN protection, where memorizing an alphanumeric sequence that no fraudster could possibly guess became the standard way to confirm your identity. Of course, signatures and passwords are fraught with vulnerabilities. Fraudsters exploit them every day, to the tune of hundreds of billions of dollars lost to cybercrime every year.
Biometric security is becoming the gold standard for identity verification, especially as part of a two-factor authentication process, because of how extraordinarily difficult it is for fraudsters to steal or replicate biometric data.
While fingerprints are commonly used, biometric sensors can also scan your face, the patterns of your retinas, your unique vocal frequencies, even the patterns of veins beneath your skin. Biometric security systems will only validate your identity if the data read by the sensor matches the data on file.
How are Biometrics Used to Authenticate Payments?
Many modern smartphones are equipped with biometric scanners, including fingerprint readers, microphones (for voice identification), and cameras (for facial recognition).
To provide added security for digital wallets, providers like Apple and Samsung require their users to use biometric identity verification whenever they want to make a payment.
Mastercard has created a biometric credit card that contains an embedded sensor that reads the cardholder’s fingerprint. The card is used just like any contactless EMV card—it can be inserted in any EMV reader, or tapped at touchless payment terminals—and the biometric scan is used in place of requesting PIN entry.
In neither scenario is any biometric data transmitted to the payment terminal, the merchant, or any other party. The app or card verifies the user’s identity, and then communicates either a positive or negative authorization instruction to the merchant’s payment processing system.
Some platforms may allow the user to fall back on other identification methods, such as PIN entry, if the biometric data cannot be read.
Are Biometric Payments Beneficial for Merchants?
Biometric payments offer several advantages for merchants. First, they provide two things that customers want: security and ease of use. Most customers recognize the security benefits of biometric scanners, and they don’t find them as cumbersome to use as other higher-security methods (such as texting a one-time code).
They can also help to reduce true fraud rates, reducing chargebacks and preventing bad experiences that the customer will associate with the merchant.
As far as chargeback liability goes, it stays with the issuer in cases where the biometric data was a match.
Merchants can also use proof of biometric authorization as evidence in friendly fraud disputes, as it will clearly indicate that the cardholder initiated the transaction.
Are Biometric Payments Vulnerable to Fraud?
While biometric data offers distinct advantages over past methods of identity verification, it’s not a total panacea against fraud. Fooling these systems is difficult but not always impossible, and poor account security can give fraudsters opportunities to disable or misconfigure biometric security settings at the user account level.
Some challenges also remain with implementation, as not all devices are set up to include biometric sensors and not every person is capable of easily providing the same biometric data. A person with hand injuries, for example, may not be able to use a fingerprint scanner. These limitations mean that there will still be workarounds for biometric security, which fraudsters will attempt to exploit.
Biometric data may be the future of logging in and verifying your identity, and there are plenty of good reasons for merchants to embrace payment systems that include biometric security. They greatly increase your defense against fraud without adding friction to the user experience, and you can expect fewer chargebacks in general to result from biometric payment transactions.
As technology improves and biometric security can be made more consistent and inclusive, we can expect to see more platforms making use of it and introducing biometric sensors and other features. Merchants can already get on board the biometric payments train simply by accepting top digital wallet platforms and using EMV chip readers. Just remember to record and save any authorization messages that confirm that a biometric match was verified in case you ever have to use it as evidence in chargeback representment.