Why fears around biometric EMV cards are misplaced

Why fears around biometric EMV cards are misplaced
Published: 10 March 2019 - 1:47 p.m.
By: Gihane Mourad

When we consider our everyday use of facial recognition and fingerprint scanning, we'd be forgiven for thinking about a distant future containing flying cars and robots. While the realm of flying vehicles may still be some time away, the reality is that biometric technology is here now, and we are already very accustomed to using it.

Over the last 20 years, we've been scanning our prints and faces at border control, using our fingerprint to gain access to buildings at work and been taking advantage of Apple's Touch ID and Face ID features. Last month, Dubai International Airport unveiled a state-of-the-art facial recognition system. The Smart Tunnel can identify travelers by analysing pictures of their face as they walk through. This will mean passengers can get through airport control in 15 seconds, without the need for any travel documents such as passports, IDs or boarding cards. Biometric technology is evolving and becoming more widely used. It's been embedded into our lives whether we've realised it or not.

The robust alternative to your PIN

Now, it's being introduced to the banking and payments sphere through the development of biometric EMV cards. These cards remove the need for a traditional PIN number as we see it replaced with an embedded fingerprint scanner. In order to pay for goods, customers simply place their fingerprint on the sensor on the card's surface. Then, if the fingerprint stored in the card matches the user trying to make a payment, the transaction is authorised. If, for any reason, the fingerprint does not register, the PIN code is available as a back-up option.

While this has obvious benefits from a convenience point of view, removing the need to remember PIN codes or limits on contactless transactions for example, it has naturally introduced fresh security concerns. Much like when online banking and credit cards were introduced, we as a society are hesitant to trust changes to the way we handle money.

But these cards are the future, revolutionising the way we pay by making our transactions much safer and more convenient.

Last month Abu Dhabi Police issued a warning to residents regarding fraudsters who are stealing credit card details through RFID card reader machines. In the last year, thousands of UAE residents fell victim to credit-card fraud both locally and abroad. The Central Bank of the UAE (CBUAE) has reminded consumers of their responsibility to protect their personal details and credit and debit cards from fraud and unauthorised use.

In an environment where cyber breaches of credit cards and personal data can happen, such as last year's Careem attack, it's natural to be concerned about changes to our personal data. However, the fingerprint on biometric EMV cards is not stored on a central database and is therefore not susceptible to data breaches where PIN and passwords can be retrieved. Customers' fingerprint data is only stored on the card itself and so cannot be accessed by hacking into servers.

Dispelling the myths

From the outset, biometric EMV cards have security built into the design. This is the easiest way to ensure that these banking cards will be able to protect consumers against the banking and cyber threats of the 21st century.

The most common myth is that the fingerprint reader is no more secure than the PIN because it can be easily duplicated. But this is entirely false. The advanced solution within the card cannot be fooled by a 2D of your print. Moreover, the technology which is used to build the scanner will only evolve and strengthen over time. As the technology improves, so will the readings of the fingerprints, enabling a clearer, more detailed capture that could even include the individual's pores on the skin's surface, making the solution resistant to attacks including very sophisticated ones. The card can also be cancelled remotely by a bank, just like a normal debit or credit card.

Fears that a hacker could still gain access and compromise the data inside the chip despite there being no database are also misplaced. The chip's high-level encryption ensures that the card can withstand robust attempts to access its data. While any concerns that a change in fingerprint or if the print is dirty or wet could prevent the card from working would also be mistaken. The card's reader is designed not to be affected by changes to your print. Moreover, if for any reason the print is not accepted at the point of sale, the card accepts a PIN code as a secondary form of ID verification.

In the near future a majority of UAE banks plan to offer more biometric solutions to their customers. Within the next years more 88% plan to have fingerprint scanning. Consumers are also increasingly aware of the strengths of biometrics, with 75% of banks consumers in UAE think that they are more secure and 49% find it more convenient than traditional methods.

In light of these changing consumer perceptions, areeba - a fintech company that provides payment solutions for banks, governments and merchants - introduced Gemalto's contactless biometric payment card to the Middle East region for the first time this year. The biometric card allows cardholders to authorize transactions by using its built-in fingerprint scanner rather than entering a PIN, providing cardholders a faster, easier and more secure payment process.

Ultimately, biometric EMV cards are the future of consumer payments, providing easy, convenient, reliable and secure payment transactions. The technology behind the EMV card is not static, it's only going to evolve to become stronger and more secure. When you consider what consumers want - security, convenience, something that simplifies your life - the biometric EMV card ticks all the boxes.

Gihane Mourad is Director Banking and Payments for North and South ME, UAE and Egypt at Gemalto.

Click here to add your comment

Please add your comment below
Your email address will not be published