Can Biometrics Help Mag-Stripe Cards Prevail?

EMV continues to die a slow death. At least that’s what a growing number of vendors are hoping as they roll out more sophisticated, and secure, payment products, some of which operate along the traditional network rails. Their goal is to encourage financial institutions to explore alternatives as merchants, and issuers, increasingly view EMV as relic technology.

Whereas much of the emphasis on EMV alternatives has been on mobile solutions, including NFC technology, supported by Google Wallet and Isis, for example, and on QR codes, such as the Starbucks and Dwolla apps, they typically require changes at the point of sale. These changes may incur merchant cost, or they may take precious room on checkout counters for readers.

But, a Houston-based company, Epic One, says it has come up with a payment card that requires no changes at the point of sale or with the merchant’s processor, and boosts security for both retailers and issuers through the use of a built-in fingerprint reader that activates the card. Once activated, the Epic One card generates a one-time code that, if intercepted by hackers or malware, would be useless.

Epic One joins a growing list of companies seeking to stem the momentum of mobile-based solutions. SmartMetric, for example, similarly offers a fingerprint-activated payment card. It’s product is an EMV smart card, and it touts security through biometrics and encryption instead of single-use codes. Another company, Dynamics Inc., is also embracing EMV, but it is including two chips to enable cardholders to switch among various brands and card types with a single, battery-powered card.

The Epic One product, which can be a traditional PIN or signature debit card or credit card, continues to rely on mag-stripe technology, and it supports the existing ISO 7813 and ISO 8583 transaction and messaging standards. Once the shopper swipes his finger on the card to activate the code, the card works and routes just like any other mag-stripe card.

Few Changes

The only changes occur with the issuer’s back-end authorization systems, William Gomez Jr., Epic One CEO and co-founder, tells PYMNTS.com. Once the card is swiped and sent to the issuer for authorization, the transaction first goes to Epic One, which validates the code. A token is then sent to the bank to be matched up with the actual card number, and finally, the issuer sends the traditional approval or denial message back to the merchant. The entire process takes approximately 3 seconds, Gomez says.

“We have patents on certain pieces of information in the card standard to allow us to use one-time use codes without having to change anything in the regular systems,” he tells PYMNTS.com. “It’s basically an appliance you plug in on the back end.”

The recent Target breach reopened the long-running debate over the security of the U.S. payment system. Gomez says had Epic cards been used, the thieves would have no way to use the information, thus providing the ultimate in transaction security. Moreover, just as merchants now use card numbers, or partial numbers or tokens in their place, to track purchase activity, they similarly may use the Epic One codes for the same purpose, he adds.

Expense Issues

Though merchants would pay nothing to support Epic One transactions, the cards would come at relatively hefty price for card issuers, about $6 to $7 each with high-volume orders. That compares with typical cost of $2 to $3 for EMV cards, or around 35 cents each for mag-stripe cards.

Issuers could offset that expense by charging cardholders, just as they do now with various rewards cards, Gomez says. Such cards can impose annual fees that range from $95 to $300, or more.

Epic would help issuers in marketing the card and in training consumers on how to use it.

Online Use

Consumers may use the card for recurring billing, where two static numbers, one for the cardholder and one for the biller, would be required, thus limiting the use of the transaction code if intercepted. Gomez added that the card also is usable online through a single step that ultimately will involve NFC connectivity to one’s tablet, smartphone or computer.

Epic One, as with other vendors rolling out products designed to improve on traditional basic mag-stripe cards, faces an uphill climb in its attempt to gain traction. But, the good news for issuers is that the list of better alternatives is growing, and, as the Target breach illustrated, efforts to stem card fraud remain simply Band-Aids as crooks find ways around current antifraud solutions for both mag-stripe and EMV cards.