Biometrics and EMV

The current state of payments is a rocky one, rife with increased fraud and some confusion about new industry standards and the best ways to secure payments. Friendly fraud continues to rise as consumers are become better informed on how to game the system. Cyber criminals are seemingly one step ahead of the security curve, hacking into sensitive consumer data and using other techniques (phishing, ATO and identity theft) to commit fraud. In every scenario, merchants pay the price.

As EMV continues its long-term rollout in the U.S., e-commerce retailers will be more vulnerable than ever to fraudulent techniques used in online transactions. To close off these opportunities, biometrics could be an effective approach for card-not-present (CNP) merchants to protect their businesses.

What are Biometrics?

Between fraudsters shifting to online channels due to EMV, data breaches and the constant threat of new advances in cyber crime, the payments industry is always searching for new authentication methods that can’t be duplicated. Biometrics could be the answer.

This technology involves capturing visible, invisible or behavioral measurements and comparing them to existing codes. Eye scans, finger and palm prints or voice recognition all can be used to authenticate the identity of a consumer. New options are also in development, which makes biometrics a powerful tool. For biometrics to work, users must go through the enrollment process to have biometric data collected by a device that records physical characteristics and/or behavioral traits. Data is then extracted and made into a template for comparisons.

Both card-present (CP) and CNP merchants benefit from this approach because it provides an extra layer of security to ensure the person making the purchase is the actual card owner.

As helpful as biometrics are for CP retailers, this type of protection is even more essential for merchants in the online payments sphere. Since e-commerce merchants can never actually see the credit card in question, they must rely on virtual methods to provide the most dependable authentication.

“The useful days of the username and password as a security mechanism are long over,” said Julie Conroy, Research Director with Aite Group. “Biometrics provide a way to add security while at the same time creating a more user-friendly interaction on the mobile device.”

The Evolution of Biometrics and EMV

Facial recognition tools started to be used in the 1960s for the U.S. government. A decade later, speech components were introduced, providing a better understanding of this type of behavioral biometrics. By 1986, scientists were developing technologies for iris identification. Today, this type of technology is fairly commonplace: Apple uses fingerprint scanners in its Touch ID technology, used to unlock current models of the iPhone.

Current biometric methods usually fall into one of two categories: physiological or behavioral. Physiological technologies center on distinct patterns in physical characteristics such as voice, eyes and hands. Behavioral biometrics is more interested in actions such as typing rhythm and physical movements, including walking speed. Voice can be classified under both physiological and behavioral characteristics for biometric measurement. Both of these biometric forms are key in helping CNP merchants make sure individuals conducting transactions on their sites are authorized to do so.

Why EMV and Biometrics Should be Part of MultiLayered Authentication

The current payments climate is treacherous for CNP merchants. With EMV’s arrival on the scene, retailers that generate revenue online can expect a massive increase in friendly fraud. Adding to this reality are the emerging technologies and dynamic payments landscape, which provide many more options for consumers to make purchases and potential fraud threats for merchants at the same time.

Unfortunately, security measures equivalent to EMV just don’t exist for CNP businesses. No single fraud approach can protect against every type of fraud scenario. That’s why experts recommend merchants in online channels utilize a multi-layered authentication process and biometrics can be a major part of this structure. Fraud tools that use a combination of different methods are more effective at targeting a wide range of vulnerabilities.

Biometrics is a powerful identification tool along the lines of device authentication, one-time passwords and randomized PIN pads. Used in combination with methods that include proprietary and/or transactional data, 3-D Secure (3DS) and tokenization, CNP merchants are in a better position to prevent fraud.

Post-EMV: How Biometrics Can Prevent CNP Fraud

Experts estimate the migration to EMV could take up to seven years for completion. By 2018, CNP fraud is predicted to more than double from $2.8 billion to over $6.3 billion. These numbers are daunting for CNP merchants just trying to build their businesses in an ever-increasingly complex payments field.

The good news is that there are constant advances in biometrics, further solidifying this method as an accurate way to authenticate online consumers. In fact, biometrics can potentially associate an individual to a device or system with more accuracy than other approaches. So it has built-in security strength that will only improve as this authentication technique develops over time.

By using biometrics to identify consumers, fraudsters will have a more difficult time stealing personal information to commit in-store as well as online crimes. And as biometrics become more commonplace in online shopping, cyber criminals will have an increasingly difficult time replicating data that can be used to commit friendly fraud. A recent study by research group Acuity Market shows that an estimated 600 million biometric smartphones are in use today. This means a powerful security measure in place today offers serious possibilities for deterring cyber criminals of tomorrow.

Conclusion

As friendly fraud poses a threat to CNP merchants in the wake of EMV, new methods are needed to prevent cyber shoplifting. Biometrics in combination with an effective multi-layered approach to fraud can help retailers in the e-commerce space protect their profits and prevent questionable transactions. Through the use of the latest biometric techniques, CNP merchants are in a better position to reduce the expected surge of fraud from the EMV migration in the United States.

For more information on how to protect your payments in a post-EMV payments landscape, visit Verifi for a number of informative resources on the EMV and multilayer authentication topic.