Biometric smart cards use a sensor to capture a person’s biometrics, then compare the captured data to reference information stored on the card. This prevents biometric data from leaving the card, making it extremely secure.
Biometric security will help protect against online fraud, as well as allow the’sharing economy’ to continue to thrive. This technology works by comparing a person’s fingerprint, behavior or face to their stored reference data.
Secure Storage Solutions
A biometric sensor integrated into a card is a natural fit to provide two-factor authentication. A fingerprint matching the stored enrollment template provides verification of identity, allowing access and privileges to be granted only to authorized users.
A smart card contains a microprocessor and memory chips that exchange data with the card reader and other systems over a serial interface. Card readers can be connected via direct physical contact or through a short-range wireless connectivity standard, such as RFID. The card reader then passes the information to its intended destination, such as a payment or authentication system, over a network connection.
Unlike PIN codes and passwords that are vulnerable to hacking and guessing, biometrics are intrinsically secure. To ensure that a fingerprint match is valid, the biometric sensor captures and compares multiple points of the card user’s finger, such as the tip, knuckle, or middle.
The resulting digitized image is then encrypted in the card’s secure element and cannot be used outside the card. At the point of sale, the card simply compares the scanned fingerprint to its enrolled fingerprint template and authorizes the transaction if it is a match.
A fingerprint-enabled card allows a user to verify their identity in seconds with the swipe of a finger on a built-in sensor, avoiding the need for passwords or PIN codes. It can be inserted or tapped into the POS terminal in either contact or contactless mode and is compatible with all other EMV chip card options, including dynamic code verification for ATM cash withdrawals.
Offensive Testing
Biometrics offer some advantages over PIN codes, but they’re not foolproof. A recent GAO study found that biometrics could be compromised with a photograph or an iris scan, and that a fingerprint can be duplicated by pressing down on a person’s skin with a thin latex finger. These factors mean that any biometric system needs to be carefully tested to ensure its security.
The most important thing is the security of the chip that holds the biometric data. This is accomplished either with a’system-on-chip’ approach that uses a single integrated sensor and processor, or by separating the components and using an inlay to connect them. Either way, the fingerprint template must be enrolled to the secure element before use.
A biometric smart card can perform a variety of functions, including payment, access control, identification and loyalty programs and electronic signatures. Its convenience comes from the fact that there’s no need for passwords or PIN codes to be remembered.
The technology is being used to provide robust identity verification for border control and other government applications. The latest e-Passports and driver’s licenses, such as those issued in Canada and the US, contain both a PIN code and fingerprint, while India’s Aadhaar cards include both iris and fingerprint biometrics. Many airports also have biometric passport-like systems to help expedite passengers through immigration or customs.
Multimodal Authentication
Biometric smart cards allow users to authenticate themselves without having to touch a device, providing an experience that’s convenient and hygienic. Adding touchless security options like fingerprint, facial and iris recognition to existing login or work attendance systems will improve user satisfaction and productivity, while also strengthening the system against ID fraud.
With a passwordless future in mind, IT leaders are embracing multimodal authentication. Research has found that 38% of consumers would prefer a dual biometric solution, including both face and fingerprint, for enhanced convenience and more robust security.
While unimodal biometric identification offers strong protection, it’s not without its limitations. Fingerprint sensors, for example, can be impacted by clothing, environmental conditions and more. When a glove, dirty hands or obstruct the sensor, the results can be inconsistent and cause friction with the user, potentially resulting in higher False Acceptance Rates (FAR) and/or False Rejection Rates (FRR).
Multimodal biometrics resolve many of these issues by using more than one type of biological or behavioral trait for verification. Using multiple biometrics combines the advantages of both FAR and FRR to minimize the risk of spoofing, as it’s extremely difficult to fake two different traits at once. This also provides a degree of redundancy should one method fail, ensuring that the card can still be used as an authentication mechanism.
Convenient Enrollment
Since fingerprint sensors have become a standard feature in smartphones, major sensor manufacturers have focused on making their technology available for credit cards. The industry’s first remote fingerprint enrollment solution for biometric smart card has now been implemented by a significant financial institution.
A card user can enroll their fingerprint in their preferred manner – either using a tablet designed by IDEMIA and offered in the branch or at home on a small device provided with the sleeve, for example. They can then use the card anywhere contactless payments are accepted with no need to swipe a PIN or enter a signature.
Once enrolled, the fingerprint information never leaves the card. In the case of a payment transaction, the card’s fingerprint sensor is simply tapped on the merchant POS terminal and the scanned image is compared to and matched with the enrolled fingerprint template within the chip. This process is highly secure, as the enrolled fingerprint templates are not shared with the merchant or the POS terminal, and the data cannot be modified or extracted from the card.
The time from tapping on the sensor to matching and storing on the chip is less than 800ms for an excellent user experience. The card’s large sensor enables faster matching for greater reliability in daily use. It also makes it possible to register multiple reference fingerprints, which reduces false reject rates and provides a more stable and reliable user experience.