The rise of biometric authentication

The use of biometrics in the authentication of payments has become noticeably more common over recent years. A study carried out by Juniper Research in 2021 found that the use of biometrics is expected to grow to over $3 trillion worth of transactions by 2025, driven by new legislation such as Strong Customer Authentication (SCA) and the launch of PCI DSS v4 later this year, as well as the increased use of new technologies in smartphones and OEM (original equipment manufacturer – such as Google Pay and Apple Pay) that feature built in biometric authentication.

What are biometric payments?

Biometric payments use biological and behavioural data such as fingerprints and facial recognition to identify individuals as part of the authentication process when making a payment. They offer a new level of security, adding to existing ‘something you know’ authentication, such as a password or PIN, with ‘something you are’ – a unique physical characteristic. Traditional passwords have long been a point of weakness in security systems – the benefit of biometrics is that they are much harder to lose or have stolen.

Biometrics in card-not-present transactions and remote payments

With the recent implementation of SCA as part of the EU’s Payments Services Directive (PSD2), requiring multi-factor authentication to be applied to online transactions over €30, the move towards incorporating biometrics into remote payment processing has accelerated. Smartphone technologies, with inbuilt cameras for facial and fingerprint recognition, have aided this advancement and helped to ensure the smooth processing of payments. In addition to this, behavioural biometrics such as typing patterns (also known as keystroke dynamics) have also been used by some banking and finance organisations as a means of confirming identities – taking advantage of the prevalence of keyboards on most electronic devices and enabling verification at the point of login.

Biometrics and MOTO payments – how might that work?

MOTO payments are exempt from SCA legislation in recognition of the challenge of incorporating such authentication into the transaction process for payments made over the phone. However, many are concerned about the lack of verification leading to major fraud risks for businesses and as a result, there is talk and movement towards increasing authentication for payments made via this channel. Voice recognition is already employed by some in the finance industry as a means of authenticating individuals and could become more widespread. Like other modes of authentication, there are flaws in its reliability, however, when used in conjunction with other forms of identification can work very effectively.

While increasing authentication is beneficial at tackling the issue of cybercrime and card fraud, there are those that are cautious – adding too much complication to the payment process isn’t necessarily good for business. Customers prefer a quick and easy payment experience so a balanced approach between simplicity and protecting against data breach is key. That said, we should expect to see even greater focus on biometrics over coming years, becoming commonplace as technology is further developed and deployed.

Here at PCI Telecom, we create bespoke card payment processing solutions for payments made over the phone, via IVR and online, that meet the needs of businesses whatever their shape and size. Our solutions are not only accredited to a Level 1 standard for PCI DSS compliance but are also compatible to meet the requirements of SCA. You can find out more by visiting our Solutions page or get in touch to discuss your requirements in more detail.

NEWS: It’s now possible to integrate our solutions with Stripe

Here at PCI Telecom we’ve recently updated our solutions to become fully integrable with Stripe. This means that our customers can now benefit from our fully PCI compliant card payment gateway working alongside Stripe’s unique processing services.

What this means for your business

Our multi-channel payment gateway solutions enable you to accept card payments online, over the phone to a call handler and/or via an IVR. Your customers simply input their card details into our secure system that encrypts the information as it is entered so that at no point is it visible to either an operator or a member of staff behind the scenes, making the process fully compliant with the very latest PCI DSS. From then, our gateway solution speaks directly and seamlessly to a PSP (Payment Service Provider) that processes the payment and arranges funds to be moved to a merchant account that can then be transferred to your business. The difference with Stripe is that no separate merchant account is required – they approve the payment, handle the communication with the issuing bank and move the funds from their account to yours – saving you time and resources on unnecessary admin.

There are many benefits to combining our solutions with the service provided by Stripe, not least the simplicity of the set-up process. All of our payment gateway services are created on a bespoke basis to meet the needs of your business and added to that, have the ability to integrate with other back end systems such as accounting software and CRM databases. Combining our services with those of Stripe will deliver an effective card payment solution that requires very little time or effort to manage while ensuring a consistent delivery of high level customer service and end to end security.

You can visit our Solutions page to find out more, or alternatively, if you’d prefer to talk through your requirements, you can contact us here. We’d love to hear from you.

Find out more about the service provided by Stripe here