The Role of Biometrics in an EMV World

by Matthew Katz 0

The current state of payments is a rocky one, rife with increasedfraud and some confusion about new industry standards and the best ways tosecure payments. Friendly fraud continues to rise as consumers are becomingbetter informed on how to game the system. Cyber criminals are seemingly onestep ahead of the security curve, hacking into sensitive consumer data andusing other techniques (phishing, ATO and identity theft) to commit fraud. Inevery scenario, merchants pay the price.

As EMV continues its long-term rollout in the U.S., e-commerceretailers will be more vulnerable than ever to fraudulent techniques used inonline transactions. To close off these opportunities, biometrics could be aneffective approach for card-not-present (CNP) merchants to protect theirbusinesses.

What areBiometrics?

Between fraudsters shifting to online channels due to EMV, databreaches and the constant threat of new advances in cyber crime, the paymentsindustry is always searching for new authentication methods that can’t beduplicated. Biometrics could be the answer.

This technology involves capturing visible, invisible orbehavioral measurements and comparing them to existing codes. Eyescans, finger and palm prints or voice recognition all can be used toauthenticate the identity of a consumer. Newoptions are also in development, which makes biometrics a powerful tool. Forbiometrics to work, users must go through the enrollment process to havebiometric data collected by a device that records physical characteristicsand/or behavioral traits. Data is then extracted and made into a template forcomparisons.

Both card-present (CP) and CNP merchants benefit from thisapproach because it provides an extra layer of security to ensure the personmaking the purchase is the actual card owner.

As helpful as biometrics are for CPretailers, this type of protection is even more essential for merchants in theonline payments sphere. Since e-commerce merchants can never actually see thecredit card in question, they must rely on virtual methods to provide the mostdependable authentication.

“The useful days of the username and passwordas a security mechanism are long over,” said Julie Conroy, ResearchDirector with Aite Group. “Biometrics provide a way to add security whileat the same time creating a more user-friendly interaction on the mobiledevice.”

TheEvolution of Biometrics

Facial recognition tools began being used in the 1960s for theU.S. government.A decade later, speech components were introduced, providing a betterunderstanding of this type of behavioral biometrics. By1986, scientists were developing technologies for iris identification.Today, this type of technology is fairly commonplace: Apple uses fingerprintscanners in its Touch ID technology, which are used to unlock current models ofthe iPhone or log in to certain apps.

Current biometric methods usually fall into one of two categories:physiological or behavioral. Physiological technologies center on distinctpatterns in physical characteristics such as voice, eyes and hands. Behavioralbiometrics is more interested in actions such as typing rhythm and physicalmovements, including walking speed. Voice can be classified under bothphysiological and behavioral characteristics for biometric measurement.Both of these biometric forms are key in helping CNP merchants make sureindividuals conducting transactions on their sites are authorized to do so.

WhyBiometrics as Part of Multilayered Authentication Makes Sense

The current payments climate is treacherous for CNP merchants.With EMV’s arrival on the scene, retailers who generate revenue online canexpect a massive increase in friendly fraud. Adding to this reality are theemerging technologies and dynamic payments landscape, which provide many moreoptions for consumers to make purchases and potential fraud threats for merchantsat the same time.

Unfortunately, security measures equivalent to EMV just don’texist for CNP businesses. No single fraud approach can protect against everytype of fraud scenario. That’s why experts recommend merchants in onlinechannels utilize a multilayered authentication process, and biometrics can be amajor part of this structure. Fraud tools that use a combination of differentmethods are more effective at targeting a wide range of vulnerabilities.

Biometrics is a powerful identification tool along the lines ofdevice authentication, one-time passwords and randomized PIN pads. Used incombination with methods that include proprietary and/or transactional data,3-D Secure (3DS) and tokenization, CNP merchants are in a better position to preventfraud.

Post-EMV:How Biometrics Can Prevent CNP Fraud

Experts estimate the migration to EMV could take up to seven yearsfor completion.By 2018, CNP fraud is predicted to more than double from $2.8 billion to $6.3billion.These numbers are daunting for CNP merchants just trying to build theirbusinesses in an increasingly complex payments field.

The good news is that there are constant advances in biometrics,further solidifying this method as an accurate way to authenticate onlineconsumers. In fact, biometrics can potentially associate an individual to adevice or system with more accuracy than other approaches. Soit already has built-in security strength that will only improve as thisauthentication technique develops over time.

By using biometrics to identify consumers, fraudsters will have amore difficult time stealing personal information to commit in-store as well asonline crimes. And as biometrics become more commonplace in online shopping,cyber criminals will have an increasingly difficult time replicating data thatcan be used to commit friendly fraud. A recent study by research group AcuityMarket shows that an estimated 600 million biometric smartphones are in usetoday. Thismeans a powerful security measure in place today offers serious possibilities fordeterring the cyber criminals of tomorrow.

Conclusion

As friendly fraud poses a threat to CNP merchants in the wake ofEMV, new methods are needed to prevent cyber shoplifting. Biometrics, in combinationwith an effective multilayered approach to fraud, can help retailers in thee-commerce space protect their profits and prevent questionable transactions. Throughthe use of the latest biometric techniques, CNP merchants are in a betterposition to reduce the expected surge of fraud from the EMV migration in theUnited States.

Aboutthe Author

MatthewKatz is the founder of Verifi, Inc. (www.verifi.com) and currently serves asthe Chief Executive Officer. Matthew founded the company in 2005 afterdeveloping the first customized solution that systematically identifiesmultiple types of payment risk. He is also CEO of CAMS, LLC, a privately heldcompany he independently financed and founded in 2012.

Matthewhas a track record as a successful entrepreneur and has founded and partneredin several other businesses and consulting firms prior to Verifi, including hisfirst successful business in college, which introduced a new interactive onlinegambling methodology. His previous experience includes his tenure at BK Global,the first company to develop a U.S.-legal Internet casino for a U.S. land-basedcasino owner, as CEO. In his role, Katz developed the casino strategy andcreated high-level strategic partnerships. His responsibilities also includedoperations, accounting, providing disclosure to state gaming boards, managingmarketing campaigns and establishing relationships with vendors.

Matthewcontinues to drive Verifi’s vision forward, aiding in the enhancement of Verifi’scurrent capabilities and delivering new products and solutions. Matthew hashelped extend Verifi’s reach into a number of new markets and vertical withinthe payment industry. Matthew is a graduate of Washington University in St.Louis with a degree in Economics. He has been profiled by the NY Times, LATimes, Forbes, and Business Week, among others. He has also served as aspeaker, panelist and presenter for various industry events, including CNPExpo.

Inhis free time, Matthew is passionate about cars, including Tuckers, Corvettes,Cadillacs, and classic Italian cars. He is also an animal lover and proud papato a cat named Bailey and a new puppy named Indy.

http://findbiometrics.com/what-are-biometrics/

http://www.verifi.com/in-the-news/understanding-biometrics-card-present-transactions/

http://cardnotpresent.com/news/default.aspx?id=11060

http://resources.infosecinstitute.com/biometrics-todays-choice-future-authentication/

http://www.biometricupdate.com/201501/history-of-biometrics

http://www.biometricupdate.com/201501/history-of-biometrics

http://www.biometricupdate.com/201501/history-of-biometrics

http://www.makeuseof.com/tag/the-history-of-biometric-security-and-how-its-being-used-today/

https://globenewswire.com/news-release/2015/04/15/724698/10128939/en/Multi-Layer-Approach-Recommended-as-Best-Practice-for-Card-Not-Present-Fraud-Mitigation-in-EMV-Migration-Forum-White-Paper.html

http://tsys.com/solutions-services/acquiring-services/resource-center/whats-next-for-emv-in-2016

https://paylinedata.com/wp-content/uploads/2014/12/Verifi_wp_Impact-EMV_Branded.pdf

http://blog.securitymetrics.com/2016/01/biometrics-future-of-payment-data-security.html

http://www.planetbiometrics.com/article-details/i/4139/desc/acuity-reveals-growth-in-biometric-smartphone-use/