Contactless payments are a major convenience offered by credit cards, as consumers can skip entering PINs or passwords and instead make transactions in a fraction of the previously required time. Security concerns prompt many countries to limit the maximum amount allowed via contactless payments, however, or require PINs or signatures if such caps are exceeded. Australia limits contactless payments to $100 AUD ($70.44), for example, while the United Kingdom enforces a £30 ($38.21) maximum.
Many merchants and payments providers are exploring biometric verification to raise contactless payments’ limits, but it is difficult to determine which merchants offer these capabilities, making their efforts appear inconsistent and potentially derailing customers’ interest. Building biometric readers into payment cards themselves is an optimal solution, according to David Crawford, head of effortless payments for NatWest Bank.
“The key thing that bank customers say is they want convenience and safety when they’re making payments,” he told PYMNTS in a recent interview. “We look at biometrics as a way of potentially solving these pain points for our customers.”
NatWest’s biometric card initiative confronted challenges during development, but the financial institution (FI) felt the benefits were well worth the effort. Crawford said security and privacy were the bank’s top priorities when it embarked on this program.
Biometric Security And Privacy Enhancements
NatWest launched a large-scale biometric card trial last October after running a 200-customer pilot earlier in the year. The offerings feature fingerprint scanners that authorize use only for registered owners, making the cards much more secure than traditional options that can be leveraged by anyone who obtains their associated PINs.
“Customers are concerned with a number of methods fraudsters can use to gain access to their money,” Crawford explained. “For example, someone peering over your shoulder as you enter your PIN — or perhaps just asking you for your PIN details — and using all the types of stories or excuses to extract from you what your PIN actually is.”
Biometrics removes any chance that unauthorized users can make payments with consumers’ cards. Some of NatWest’s customers were initially reluctant to submit biometric data, but Crawford explained that the best way to alleviate this fear was to ensure customers knew who could access it. NatWest makes these details available only to the customers to which they belong.
“One of the decisions that we made very early on in the design process was that the biometrics did not leave the card at all,” Crawford explained. “None of that information is stored with the bank, [so the] customer owns all of that information at any moment in time.”
Stringent encryption protocols secure the data, he added, which means even hackers who manage to obtain customers’ cards cannot access their fingerprint information. Meeting these data ownership and security requirements made customers much more comfortable with using biometrics in banking.
“It’s not unheard of for someone to buy yet another cup of coffee [using the card], just to show off how it works and amaze the other people in the queue,” he said.
Overcoming Some Technical Difficulties
The biometric solution’s trial has generated largely positive feedback, but it faced several challenges during its development.
“[It is difficult to] enable that type of technology into such a small form factor, particularly when you consider a debit or a credit card and just how small and thin they are,” Crawford said. “We also had to ensure that they’re durable. … They go through a lot of wear and tear as they’re in and out of pockets, wallets and card readers.”
Some countries also impose contactless spending amount limits, which can create additional frictions. Such restrictions can vary, and many customers are unaware that they exist. “The merchant will say, ‘No, you can’t use contactless — this is above £30,’” he noted. “Customers will persuade the merchant to let them use [the biometric card], and then it’s kind of embarrassing when it doesn’t work.”
The fingerprint reader is powered directly from the Point Of Sale terminals during each payment, thus ensuring that the biometric card can be used by the cardholder without the risk of a dead battery. Some outdated terminals or merchant POS devices not using the most updated specifications could impact the biometric card transaction, however, requiring customers to use PIN verification or a signature as a fallback option.
Addressing this issue requires merchants and acquirers to correct the configuration of their older payment terminals according to specifications from payment schemes. Such issues are common for cutting-edge technologies, but being ahead of other players in the field is critical. It will only be a matter of time before those players catch up and developers and firms that have a running start can better position and differentiate themselves from their competitors.
A Bright Future For Biometrics
Innovative FIs may be waiting for their competitors to get up to speed, but Crawford has a positive outlook on biometrics’ future in banking. Smart devices’ spread will likely continue to drive innovation — especially for improved security purposes.
“When you think of being able to make a payment on smart devices, sharing a PIN or password is not going to be the most secure [method], nor is it going to be something that customers are particularly happy doing,” he said. “I really do believe that [the industry] can arrive at really strong solutions for our customers to be able to make these types of journeys.”
Biometric options are relatively new, though, and many customers are unfamiliar with them and how they work. Banks and other biometric providers must be cognizant of this and ensure they have the appropriate infrastructure in place and familiarize users with the technology’s features before implementing such solutions, Crawford said.
“We just need to make sure that we understand the aspects around biometrics that concern customers, and ensure that we address those concerns every step of the way in terms of our design,” he explained. “It’s an issue that does worry some customers, so we need to learn from what those concerns are.”
Meeting customers where they are is an important lesson for all biometric developers, not just those in the financial industry. Banks and other biometric implementers should not be too hesitant, however, or they could miss out on the seamlessness, security and data privacy the technology brings.