Digital payment technology has come a long way. In the space of 20 years, chip-and-pin, contactless and mobile digital wallets have all had their turn shaking up consumer payments.
The result has been digital overtaking cash as the dominant mode of payment. It has also caused major upheavals in how transactions work, from POS through to merchant banking services.
Yet we’re already standing on the brink of another potential payment revolution. This time, it’s the cards that have eventually triggered the decline of cash that are under threat. In fact, we could be seeing the beginning of the end of any sort of token, device or medium of exchange in the transaction process. In the not-too-distant future, all people might need to confirm their identity to authorize a digital transfer of funds is their fingertips.
Biometric payments replace the need for a card or digital wallet by using a person’s biological characteristics to confirm their identity for the purposes of payment authorization. The most obvious example is using fingerprints. Fingerprint scanning technology is already widely used for digital identification on smartphones, including authorizing payments in digital wallets. So for in-person transactions, it’s only a small step to introducing fingerprint scanners at POS. There are already early examples on the market.
But the possibilities of biometric payments don’t end with fingerprints. Retina scans, facial recognition, even DNA swabbing have all been mooted as options, with varying potential benefits ranging from increased security to the ability to automate payments fully with AI-powered image capture.
But how soon before we’re likely to be ditching our bank cards for biometrics? There are a few hurdles the technology has to overcome before it enjoys widespread acceptance and adoption. Here are some of the key considerations.
Security, Data Protection and Compliance
In principle, biometric payment systems should enhance security and cut down on fraud. It’s surely a lot tougher to ‘steal’ or impersonate a fingerprint, right? Tough, yes. But impossible, no. And given the sophistication of modern cybercriminal operations, there are fears that, without proper guardrails in place, biometrics could open the door to a new era of advanced identity fraud.
The issue is that biometric data (i.e. fingerprints, retina scans, DNA samples etc) has to be stored digitally. It also has to be sent back and forth between databases and endpoints (like payment terminals) if it is to be used. Data can be stolen. And stolen data, even biometric details that are unique to one individual, can be used to trick systems and commit fraud.
Given the sensitivity of the data involved, there is a pressing need to make security protocols as watertight as possible before biometric payments enter the mainstream. This includes end-to-end data encryption, and specific measures to prevent spoofing (fraudulent imitation) by introducing ways to check if authentication is ‘live’ or involves the injection of falsified data somewhere in the process.
And because biometrics involves the ultimate in sensitive personal data, there is a strong compliance imperative to all of this. Under data protection laws, organisations face massive penalties for failing to secure personal email addresses properly. The magnitude of breaches of biometric data would be many times greater. Merchants, payment system providers and banks alike will be in no rush to jump into biometric payments until they are confident the compliance risks are minimal.
Technology & User Experience
While biometric payment terminals are starting to emerge onto the market, the first generations of new technologies always face challenges around their actual and their perceived reliability.
It’s known, for example, that fingerprint scanners can be affected by dirt and grease that accumulates on their surface over time, or become desensitized with repeated use. In a retail or hospitality environment, a biometric scanner would have to be capable of performing accurately and reliably over hundreds of thousands of use cycles. Failed or false authorizations would harm the user experience.
Even once the technology has developed to be robust enough (which it seems is pretty close), there will then be an inevitable lag period before trust in it reaches the critical mass required to open the gates to widespread adoption. It’s worth noting that contactless technology, first introduced in 2007, took almost a decade to start snowballing into the dominant payment method it is today.
All in all, biometric payments at this moment in time represent an exciting possibility on the horizon for customer-facing businesses. There is still work to be done in building resilience and trust in the technology, particularly around security. But looking ahead to the medium term, it’s likely to be something most businesses will want to start exploring within the next five years.
Get in touch with the Oxhoo team to find out more.