By Don Quijones of Spain, the UK, and Mexico, and an editor at Wolf Street. Originally published at Wolf Street
Mastercard has set a deadline for widespread use of biometric identification for its services across the whole of the EU: April 2019. Mastercard Identity Check, currently available in 37 countries, enables individuals to use biometric identifiers, such as fingerprint, facial, and iris recognition, to verify their identities when using a mobile device for online shopping and banking. The technology is not mandatory for customers, but from next year it will be vigorously promoted throughout the EU and many consumers will welcome it.
The impact will be felt not just by consumers but also by most European banks, since any bank that issues or accepts Mastercard payments will have to support identification mechanisms for remote transactions, alongside existing PIN and password verification. The deadline will also apply to all contactless transactions made at terminals with a mobile device.
Citing research it carried out with Oxford University, Mastercard says that 92% of banking professionals want to introduce biometric ID. This high number shouldn’t come as much of a surprise given the vast untapped value consumer data holds for banks and corporations as well the preference most banks have for electronic transactions. The study also claims that 93% of consumers would prefer biometric security to passwords, which is a surprise given the array of thorny issues biometrics throws up, including the threat it poses to privacy and anonymity and its deceptively public nature.
“A password is inherently private,” says Alvaro Bedoya, Professor of Law at Georgetown University. “The whole point of a password is that you don’t tell anyone about it. A credit card is inherently private in the sense that you only have one credit card.”
Biometrics, on the other hand, are inherently public, he argues. “I do know what your ear looks like, if I meet you, and I can take a high resolution photo of it from afar,” says Bedoya. “I know what your fingerprint looks like if we have a drink and you leave your fingerprints on the pint glass.” And that makes them easy to hack. Or track.
According to Mastercard, such concerns are not nearly as important to its customers as the promise of convenience, speed and ease of use. “[Biometrics] will be of great benefit to everyone: consumers, retailers and banks,” said Mark Barnett, President, Mastercard UK & Ireland. “It will make the purchase much smoother, and instead of having to remember passwords to authenticate, shoppers will have the chance to use a fingerprint or a picture of themselves.”
In other words, consumers will not have to use safer two-factor authentication — biometrics plus a PIN or password — if they don’t want to. Convenience is, as ever, the watchword. Card companies, banks and online retailers have good reason to prioritize speed and convenience. The quicker and easier the payment method, the more likely consumers are to complete the transaction. Compared to other methods, such as one-time SMS passwords, biometric authorization can decrease the “abandoned basket” rates by as much as 70%, according to the study.
VISA and it has just published a similar report claiming that consumers in India are equally keen to use biometrics for authentication. In this case a staggering 99% of the people surveyed said they are personally interested in using at least one biometric method to verify their identity. An equal number of participants — another staggering 99% — said they are interested in using at least one biometric method to make payments. VISA will no doubt be happy to oblige.
The roll-out of biometric-authenticated payments across Europe, in India, and in Mexico, is merely the latest example of the accelerating encroachment of biometrics into everyday life. Most national passports these days include biometric data. Driver licenses in the US (which serve as de facto ID cards) already have them or soon will. Meanwhile, millions — perhaps soon billions — of people have volunteered their digital fingerprints to log into their smartphones and other digital devices. In other words, people are already giving away their most private data to work, communicate, cross borders, or get on planes.
In China, where privacy concerns are given even less importance than in the U.S. or Europe., authorities have been collecting DNA samples, fingerprints, eye scans and blood types of millions of people in the province of Xinjiang, the only Chinese territory apart from Tibet where ethnic Han Chinese are not in the majority.
In Macao Chinese gamblers taking out money from some ATMs have to look into a camera for six seconds so facial-recognition software can confirm their identity. “This is aimed at illicit outflows of capital from China,” Sean Norris, Asia Pacific managing director at Accuity in Singapore, told Bloomberg. “It’s aimed at people drawing out money in Macau, going to the casino, betting very little, getting forex from there and moving it.”
Throughout the Chinese mainland consumers hand over personal information to e-commerce, mobile payment and food-delivery apps on their smartphones without giving it a second thought. “They’re not well-educated about how privacy should be important to them,” said Simic Chan, a senior analyst at Fung Global Retail & Technology in Hong Kong. “They feel it’s a norm to have their data collected.”
While China may be leading the way in forcing biometric tracking on consumers, there’s a long trail of countries and companies not that far behind. And as Mastercard’s massive push into biometrics shows, it’s not just governments and technology firms wanting to use it.