The commerce giant trials a new card with a thumb-sized fingerprint reader.
Fingerprint readers are now commonplace on smartphones. Now a prototype from Mastercard suggests biometrics could soon be making their way to the credit card too.
This week, Mastercard unveiled a new card it has been trialing in South Africa, which comes with a built-in fingerprint sensor. The credit card, which is no thicker than a standard card, includes a small tab on its top-right corner. The idea is that this can be used to authorise payments without the need for a numerical PIN.
Instead, the user puts the card into a chip machine and touches the sensor. The power for the fingerprint reader comes from the terminal itself, so there's no need for the card to include a built-in battery.
While the new card has completed initial trials in South Africa, Mastercard is planning further tests in Europe and Asia, with an aim to roll out the tech worldwide by the end of 2017.
Adding biometrics to payment cards makes sense, given the added security offered by fingerprint readers compared to 4-digit PINs. The new cards are more expensive to produce than their simpler counterparts, however, and are therefore likely to be offered to wealthy or corporate clients.
Apple Pay already lets users make payments via their phone's fingerprint sensor, but plastic cards remain popular with the majority. When contactless payments rolled out a few years ago, it gave users a quick way to make small payments. Built-in fingerprint sensors could do a similar thing for larger payments – making PINs a thing of the past.
But can your fingerprints be stolen?
Yes, potentially, according to researchers at Japan’s National Institute of Informatics (NII), who have warned that photos featuring fingertips could pose a security risk, with hackers capable of recreating prints from little more than a peace sign.
According to the NII’s professor Isao Echizen, consumer camera technology has progressed to the point that photos, taken from up to three metres away, could be used to glean specific biometric information about an individual.
"Just by casually making a peace sign in front of a camera, fingerprints can become widely available," Echizen told Japanese paper Sankei Shimbun. “Fingerprint data can be recreated if fingerprints are in focus with strong lighting in a picture."
Echizen and other researchers at the NII were able to recreate fingerprints taken by digital cameras, and have said that advanced technology is not needed to do this.
This isn’t the first time in recent years that the theft of biometric data from photos has been demonstrated. In 2014, hacker Jan "Starbug" Krissler was able to use a high definition photograph to copy German defence minister Ursula von der Leyen’s fingerprints. “After this talk, politicians will presumably wear gloves when talking in public,” he joked at the time.
But if you’re not a high-ranking politician, should you really have cause to worry about hackers copying your fingerprints? Possibly. Biometrics is a growing area in security – generally seen as more secure than written passwords, and used in everything from smartphones to cars – while the proliferation of photos on social networks means it is relatively easy for a person to hijack your biometric data and sell it on the dark web. There’s also the fact that, unlike written passwords, your fingerprints stick with you for a lifetime.
Echizen and his team are developing a transparent, titanium oxide film, which can be placed over fingertips to prevent prints being stolen, but will still let you unlock devices. It doesn’t sound like the most practical solution, however, and does have a certain cyber-dystopian whiff to it.
Perhaps more likely is that biometric scanners become more sophisticated. Fujitsu’s latest PalmSecure scanners, for example, actually scan the vein patterns under your skin. Try getting THAT from a selfie.
This news story includes articles on Mastercard’s credit card with built-in fingerprint sensor and how peace sign selfies could hand hackers your fingerprints that originally appeared at alphra.com.