Busting myths around biometric debit and credit cards

Last updated: 09 July 2018

Since Apple introduced Touch ID in 2013 the world has embraced fingerprints as a form of identification and authentication. The convenience and security afforded by the technology has led to its rapid adoption and now almost every smartphone has a sensor. Soon it will be present on your bank card too.

In January 2018 Gemalto introduced its first EMV payment card with fingerprint biometrics. It allows you to pay with a simple touch on the point-of-sale terminal with no need to enter a PIN code. This works both for contactless and when you have to insert your card. Plus, there are no limits on your spending when paying by contactless.

This video explains more about the card:

Because it’s a new technology, there are understandably questions about whether it is secure and reliable. So, we’re here to help put any concerns you may have read, or thought about, to rest. And if you have any other questions, leave us a comment and we’ll be sure to respond!

Myth 1: Your fingerprint can be easily duplicated

The new biometric card cannot be fooled by a 2D replication of your fingerprint. So even if someone has the outlines of your fingerprints, scanned from a glass or something you would have touched and printed out, the card will not register it as authentic. Even though in spy films it seems easy to fool the sensors, in the real world it is difficult to make an effective 3D copy of your fingerprint.

Myth 2: My fingerprint data will be shared with others

You will register your fingerprint data at your bank or at home when you sign up for the card. This is to confirm you are who you say you are. The fingerprint information is securely captured onto your card and no biometric information remains on the tablet/ PC where you registered it, nor is sent to any server of the bank. Your fingerprint is never shared with any party when you make a payment, but only remains with the cardholder, stored inside the Biometric Sensor Payment card.

Myth 3: I’ll have to charge my card to power the fingerprint scanner

Actually, the science here is pretty cool. The electromagnetic field made by the payment terminal provides all the power the card needs to make the fingerprint feature work.

Myth 4: It’s another way for the government to spy on us

Using your fingerprint is simply a more convenient way to pay. Plus, it makes it less likely to be a victim of fraud as you have to be there to authenticate the payment. No sensitive personal data is ever shared with anyone when you use the card. Your biometrics data only remains with you, securely stored inside the biometric fingerprint card.

Myth 5: An attacker could just chop off your finger and use the card

Biometric sensors and verification algorithms are rapidly evolving to avoid this kind of risk. In addition, the card can be blocked in a few minutes by calling your bank immediately, so there’s no point in imagining such an extreme scenario.

Myth 6: An attacker can get hold of the biometric data stored on my card

All fingerprint data is encrypted in such a way that even if the bad guys had the files, there is no way they would be able to access them.

Myth 7: My fingerprints change all the time because of my job, it won’t work for me

The new card has a dynamic solution that regularly updates the fingerprint template stored in the card. So, it can map the changes in your fingerprint. Also, you can register a second fingerprint in case the first fails.  If in addition your finger is not recognized for any reason, there’s always the possibility to present the PIN code (or signature) as a fallback mechanism in order to be able to pay in all kind of situations.

Myth 8: It is useless for people that have to pay for other people’s goods

All the new biometric cards still have the PIN option, so if you don’t want to use the fingerprint, you can pay using the usual chip-and-PIN method or signature

Myth 9: Shops have to replace all their payment terminals and will incur the roll-out costs too

The new fingerprint EMV cards work with all existing terminals, so as a customer there is no need to worry about whether your purchase will go through. And there are no roll-out costs for merchants either.

Myth 10: The fingerprint scanner should be on the terminal, not the card, as that would be easier

This would require that all the terminals are upgraded which would be both timely and costly. Furthermore, the acceptance of the cards wouldn’t be homogeneous and would create different experiences for both the users of the cards and the bank.

I hope you’ve found this useful. If you have any questions about any of the above, or would like to ask us something we didn’t cover, please get in touch with us in the comment section below or tweet us @Gemalto.

6 thoughts on “Busting myths around biometric debit and credit cards

    1. Hi Per,
      The use of the fingerprint sensor on the card is for purchases at the store, using a Point-of-Sales Terminal (concact and contactless).
      For purchases online, the card is used like normal EMV cards. There are also solutions to prevent skimming frauds such as DCV (Dynamic Code Verification)

  1. If the card is equipped with a biometric scanner, will there still be a need for an RFID chip in the card? Since the fingerprint data is stored in the card can a hacker with a wireless RFID reader still get the informations needed to duplicate or hack a card if there is still an RFID chip in the card + the biometric scanner?

Leave a Reply

Your email address will not be published. Required fields are marked *