It had to happen sooner or later, we guess. Mastercard is now testing fingerprint readers on its plastic credit cards to authenticate in-person payments.
Mastercard is testing fingerprint authentication in the South African market. If successful, it will begin making the technology available around the world before the end of this year.
Fingerprint readers are almost ubiquitous on smartphones these days. Users use them to unlock devices and individual apps, and confirm payments. Apple Pay and Android users can technically already make credit card payments with fingerprints — where those services are available.
According to Engadget, the Mastercard process would involve you physically visiting a bank to supply two fingerprints. The bank will also verify that both belong to you and only you.
The fingerprint reader lives on the card itself, and if verification is successful it sends the information to the card’s chip. This way, the technology can roll out without requiring changes to in-store terminals.
Verifying It’s You: The Challenge
In-person credit card payment has historically been pretty woeful. Signatures are easily-forged and research shows cashiers don’t pay much attention to them anyway. A few banks have also experimented with ID photos printed on cards, but they never really took off.
EMV, or “chip-and-PIN” security protects most credit/debit cards in Europe, UK, Canada and Australia. It’s recently become more common in the US too, though chip-and-signature is still the dominant method.
Meanwhile, both the public and verifying authorities are embracing fingerprints as their preferred identification. Smartphones are partly to thank for this. However many passports will soon record this information on their built-in chips, and visitors to countries like Japan and the United States have been providing fingerprints at entry points for years now.
Credit Card Security Technology Still Limited
Whether fingerprint or chip-and-PIN/signature security though, it’s for in-person purchases only. Online, all you need is the numbers printed on the card.
Of more importance is, even with fingerprint authentication, once a merchant has your credit card details they have full access to your available funds. Wherever these are stored, they’re vulnerable to theft or a hack attack. And it seems there’s a data breach of some kind every week lately.
This is the difference between “pull” and “push” payments. Credit and debit cards “pull” funds from your account after you provide full access. Digital currency wallets, however, only “push” the required amount to the recipient. In this sense, paying with bitcoin, ether, dash, litecoin etc. is more secure than any card.
In other words, no matter how many layers of security credit card companies add, they’re still credit cards. To reach new levels of security, we’ll probably have to fundamentally change the way electronic payments are made.
What security does your bank use for credit cards? We’d like to hear.
Images via Mastercard