EMV & Biometrics : The Way It Should Be Implemented

by Andre Delaforge 0

Natural Security Standard defines the way biometrics should be implemented, matched and enrolled for securing transactions and access to services.

Natural Security Alliance is satisfied to observe that biometrics as a CVM is being taken into consideration by the schemes, as it was recently thought and tested during our experimentation in 2013 with MasterCard.

Visa Inc.’s recent announcement that it has developed specifications for chip card transactions that admits biometric matching as a CVM method confirms the need identified by Natural Security in 2008 for an open standard for all services and platforms.

Actually, the specifications released by Visa open the possibility to delegate the CVM to a third party whatever the technology but do not define strictly the biometric part (i.e. the card applet which manages the biometric data and matching). Banks or manufacturers still need to write such specifications not only for the verification part but also for missing functions like the enrolment.

Natural Security Alliance’s full set of tested* specifications are available to card schemes, national payments associations, banks or manufacturers as a foundation of that biometric card applet and also of the terminal application, establishing and strengthening their own guidelines with a short time to market.

These specifications were developed without reference to form factor, to reach the widest audience. As such, they can be used for implementations involving chip cards, dedicated connected devices and mobile phones.

They take into account various types of communication (contact, NFC, mid-range wireless) so different usages can be developed and combined to meet the needs of both acquirers, issuers and end users. They also address implementation issues in general, such as the challenge of encrypting communication between a reader (e.g. NFC, contact) and a card or mobile phone.

Natural Security Alliance’s specifications also set the groundwork for an evaluation and certification scheme, which is key for establishing interoperability. They can be used to offer strong authentication for any kind of services and different types of payment (e.g. Sentenial SEPA Direct Debits or TSI e-wallets). They thereby make possible to develop connected devices (e.g. SesameTouch or WiBiMi) that go beyond payment to secure online access, buying online, web-to-store applications, online banking and digital signatures.

Infographic EMV Biometrics

Natural Security Alliance: Open specifications for implementing biometrics
* The report from the experiment (Natural Security – 1st Experimentation report) is available in the resource center of the Natural Security Alliance’s web site.

Featured Content