Testing, testing…Milestones on Biometric Payment Cards Path to Mass Market

Testing, testing…Milestones on Biometric Payment Cards Path to Mass Market

Lina Andolf-Orup

VP Marketing at Fingerprints

Views 483

Testing, testing…Milestones on Biometric Payment Cards Path to Mass Market

12.03.2020 10:30 am

It’s no secret the payments world is immensely complex. But the extent of the testing and certification behind the card in your wallet would likely surprise many.

The processes and standards in place to ensure our payment cards are robust, secure and work in harmony with the rest of the ecosystem are given little spotlight, but they’re invaluable to the payments world’s smooth operation.

When Fingerprints first began its mission to develop biometric payment cards, it was important for us to sing from the same song sheet. And, we’ve made immense progress. All our R&D sites are EMVCo accredited since October and November 2019, our technology is in use in over 20 contactless pilots across the globe, included in the first commercial biometric bank card, and, earlier this year, we were part of the first global network commercially certified biometric payment card with Thales.

But what does all this testing and certification mean? And where are we now on the path to mass market launch?

The checklist

Any payment card has several boxes to tick before it can enter the hands of consumers. EMVCo is the organization at the center of the ecosystem and, in many ways, top of the checklist. It manages and evolves the EMV®* specifications and related testing processes, the standards and processes that enable the worldwide acceptance, interoperability and security of contact and contactless chip cards and terminals.

In addition to achieving certification and adhering to EMVCo requirements, any payment card or chip-based payments product also needs to comply with the unique requirements implemented by the payment network, whose rails the transaction will run over.

These requirements differ from network to network, but broadly define a series of physical, performance and security requirements that are fundamental before being put in the hands of consumers. On completion of these tests, the payment network issues a certificate, enabling the product to go to market. It’s this that was issued to Thales for its biometric payment card – the first for such a solution. 

Testing, testing…

So, what’s entailed in the testing processes? The processes are similar across payment networks and includes several hardware and software tests.

From a hardware perspective, the card needs to prove its flexible, robust, slim and resistant enough to survive the rigours of daily life. In real terms, this means subjecting both the card and our sensor to battering, bending and various pressure tests. These include assessing the thickness and size, temperature and humidity exposure thresholds, abrasion and heat resistance, durability, and even chemical and UV light testing. Thanks to extensive R&D, we’ve been able to develop a sensor that can withstand this testing and integrate seamlessly into the traditional card ecosystem.

It looks and feels like a standard payment card then, but any new technology added also needs to show it’s able to live up to the proven high security and performance standards set already by the payment ecosystem. In accordance with the payment network requirements, we conducted a full security audit of our software and algorithms that also feature on the Thales implementation. Solutions also undergo vulnerability analysis and penetration testing that essentially attempt to identify where and if a software solution is vulnerable to hackers or data compromise. Conducted by an expert independent lab, areas of weakness are more easily spotted and scrutinized than simply internal testing – a testament to the rigorous nature of these testing processes. The successful completion of these tests demonstrated the biometric authentication process on-card matched the levels of privacy and security of the payments industry.

As our solution sees no biometric data leave the card and the matching process is confined to the card itself, it’s worth stressing this has had no impact on security testing for payment terminals or banks and, reassuringly for consumers, there’s no cloud-based database of biometric data.

Sticking with security, it’s here where the EMVCo site accreditation comes into play too. Interestingly, though, this isn’t an evaluation of our solution. This process validates that the development sites where our code is created operate in compliance with security best practices.

These points combine - our approved development sites with our hardware and software, mentioned above – demonstrate the quality and security of our platform. This is why our technology features in every announced contactless biometric card pilot to date.

Making milestones…

The significance of the first commercial certification by a global payment network cannot be underestimated. With all testing and certification delivered by an independent third-party lab or body, it indicates that biometric payment cards can meet the needs of the payments ecosystem and stand up to consumers’ busy lives.

For banks, it’s a hallmark of quality and trust that will undoubtedly encourage more to kickstart their projects. For other payment networks, it’s an incentive to redouble efforts to enable acceptance of biometric payment cards over their rails. It shows the technology is ready and eases the path to further certifications on the road to volume deployments.

Learn more about biometric payment cards, and what banks are thinking, in this free eBook.

*EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.

Latest blogs


How Technology Has Disrupted the Used Car Buying Experience

We’ve seen many fields change rapidly as a result of the integration of modern technological advancements over the last couple of decades. And it looks like more is coming on the horizon as well, judging by current trends. One of the markets that Read more »

Shuvo G. Roy Mphasis

Reboot 1.0: How financial services technology can enable the supply chain to support a post-lockdown boom

Ground control and Captain Tom When veteran Captain Tom Moore decided to walk one hundred laps of his garden before his 100th birthday to raise funds to support NHS heroes battling Covid-19 from the frontline, he never imagined that he would Read more »

Lisa Gutu Salt Edge

Building a PSD2 compliant channel: challenges and opportunities for financial institutions

PSD2 obliges ASPSPs including banks, e-wallets, prepaid cards and other companies that offer payment accounts to provide at least one channel for secure communication with third party providers (TPP). Even neobanks or e-money institutions, including Read more »

Thomas Pintelon Capilever

Credit origination - A lot of innovation on the horizon

While consumer credits are becoming more automated and user-friendly to request, all other credits are often still very manual and labor intensive to originate. In this (relatively long) blog I will try to give a description of the (potentially Read more »

Kelly Kearsley Hourly.io

Time Card Theft is a Big Problem. Here's How to Stop It.

Trust is at the core of every employer-employee relationship. You trust your people to do their jobs, and they trust you to compensate them for their work. Most of the time, it works. However, there's always the person looking to bend the rules or Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel