How biometrics in payments are changing the customer experience

As part of the EU’s Payment Services Directive 2 (PSD2), a two-factor ID requirement for certain transactions is being introduced, which is known as Secure Customer Authentication (SCA).

Under SCA, in order to make a payment, customers will be required to provide two of three of the following forms of ID:

• Something the customer knows, such as a PIN or password
• Something the customer has, such as a mobile phone or payment card
• Something the customer is, such as their fingerprint or voice pattern

There are fears that these new security requirements could disrupt the customer experience, so biometrics could play a key role in ensuring that the process of authenticating a payment is quick and simple for shoppers.

So what are the benefits? Compared to a PIN or signature, biometric authentication is fast and convenient, removing friction from the payments process and offering a superior customer experience. It also reduces the risk of a user forgetting their PIN and having to abandon a payment. 

There’s also a security advantage. While the arrival of chip and PIN reduced card fraud considerably, it’s still a significant risk. For example, UK Finance reports that fraud losses on face-to-face purchases on the UK high street increased 13% in 2018, to £69.8 million^[4]. Users can be vulnerable to ‘shoulder surfing’ and social engineering fraud techniques – or put their own cards at risk by writing down their PIN.

The physical characteristics that form the basis of biometric authentication provide additional security as they do not have the same vulnerabilities. Put simply, if a PIN is ‘something you know’, biometrics are ‘something you are’ – so it can’t be stolen in the same way.

That’s not to say that biometric authentication is completely fool-proof. For one thing, data may be vulnerable to theft: in 2015, hackers stole the fingerprint images of 5.6 million federal employees from the US government^[5].

There’s also the question of whether biometric scanners can be fooled. Last year, a Forbes reporter described how he had used a 3D printed version of his head to unlock four Android phones ^[6], while Dutch consumer protection organisation Consumentenbond reportedly claimed to have unlocked smartphones using a photo of the user’s face ^[7].

NYU researchers have also reportedly used machine learning to develop artificial fingerprints that they say could unlock almost a third of phones ^[8]. As with any area of security, it’s clear that robust fraud prevention efforts must continue to evolve at pace to stay ahead of the fraudsters.

While biometrics have already seen widespread adoption, further developments are in the pipeline. Behavioural biometrics are a notable area of future focus. So far, biometric techniques have focused on physical characteristics – fingerprints, vein patterns and facial characteristics. But there is also interest in exploring the possibility of validating users based on behavioural patterns, including the rhythm of keystrokes on a computer. These factors may be even harder to fake than physical biometrics.

Meanwhile, some businesses are turning to invisible payments, which don’t require any device at all. In 2017, a KFC store in China trialled ‘Smile to Pay’, a facial recognition system that enables diners to pay by scanning their faces (and entering a phone number). In 2018, the system was rolled out to over 300 branches in China^[9].

With much attention focused on this area, rapid growth is expected: Juniper Research predicts that mobile biometrics will be used to authenticate transactions worth $2 trillion by 2023, compared to $124 billion in 2018^[10]. While the average increase of biometric transactions could be as much as 76% a year globally, most of this growth is expected to come from Asia, with North America, for example, at a more modest 46% per year^[11].

Beyond payments, biometrics are set to have an increasingly diverse range of applications in the coming years. In healthcare, for example, biometrics could be used to tackle patient fraud, reduce the risk of error and control access to wards. Facial recognition is also poised to play a part at the 2020 Olympic and Paralympic Games in Tokyo, where it will enable authorised people – such as athletes and officials – to access venues more easily.

Biometrics are becoming the norm in many corners of our world, driven by speed, convenience and security. Payments technology can lead the way in demonstrating an enhanced user experience and keeping pace with consumer expectations.