The use of biometrics in the authentication of payments has become noticeably more common over recent years. A study carried out by Juniper Research in 2021 found that the use of biometrics is expected to grow to over $3 trillion worth of transactions by 2025, driven by new legislation such as Strong Customer Authentication (SCA) and the launch of PCI DSS v4 later this year, as well as the increased use of new technologies in smartphones and OEM (original equipment manufacturer – such as Google Pay and Apple Pay) that feature built in biometric authentication.

What are biometric payments?

Biometric payments use biological and behavioural data such as fingerprints and facial recognition to identify individuals as part of the authentication process when making a payment. They offer a new level of security, adding to existing ‘something you know’ authentication, such as a password or PIN, with ‘something you are’ – a unique physical characteristic. Traditional passwords have long been a point of weakness in security systems – the benefit of biometrics is that they are much harder to lose or have stolen.

Biometrics in card-not-present transactions and remote payments

With the recent implementation of SCA as part of the EU’s Payments Services Directive (PSD2), requiring multi-factor authentication to be applied to online transactions over €30, the move towards incorporating biometrics into remote payment processing has accelerated. Smartphone technologies, with inbuilt cameras for facial and fingerprint recognition, have aided this advancement and helped to ensure the smooth processing of payments. In addition to this, behavioural biometrics such as typing patterns (also known as keystroke dynamics) have also been used by some banking and finance organisations as a means of confirming identities – taking advantage of the prevalence of keyboards on most electronic devices and enabling verification at the point of login.

Biometrics and MOTO payments – how might that work?

MOTO payments are exempt from SCA legislation in recognition of the challenge of incorporating such authentication into the transaction process for payments made over the phone. However, many are concerned about the lack of verification leading to major fraud risks for businesses and as a result, there is talk and movement towards increasing authentication for payments made via this channel. Voice recognition is already employed by some in the finance industry as a means of authenticating individuals and could become more widespread. Like other modes of authentication, there are flaws in its reliability, however, when used in conjunction with other forms of identification can work very effectively.

While increasing authentication is beneficial at tackling the issue of cybercrime and card fraud, there are those that are cautious – adding too much complication to the payment process isn’t necessarily good for business. Customers prefer a quick and easy payment experience so a balanced approach between simplicity and protecting against data breach is key. That said, we should expect to see even greater focus on biometrics over coming years, becoming commonplace as technology is further developed and deployed.

Here at PCI Telecom, we create bespoke card payment processing solutions for payments made over the phone, via IVR and online, that meet the needs of businesses whatever their shape and size. Our solutions are not only accredited to a Level 1 standard for PCI DSS compliance but are also compatible to meet the requirements of SCA. You can find out more by visiting our Solutions page or get in touch to discuss your requirements in more detail.