MasterCard today unveiled a biometric chip-and-pin credit card featuring a built-in fingerprint sensor that takes cues from mobile payment systems such as Apple Pay.
The card can be used to make purchases like any other, except rather than keying in a PIN number, card holders can choose to place their finger over the square sensor to approve the transaction.
Alternatively, users can take a two-tier authentication approach and use both their PIN and fingerprint to approve the purchase. However, users of the card won't have the convenience or security that comes with registering their print with their smartphone.
With Apple Pay, fingerprint data is encrypted and protected with a key available only to the Secure Enclave on the user's iPhone. The Secure Enclave is walled off from the rest of the hardware and the OS, meaning iOS and other apps never have access to user fingerprint data, it's never stored on Apple servers, and never backed up to iCloud or anywhere else.
The biometric credit card has no such protections. Instead, the user must register their print with the bank or financial institution that issued the card, and while the fingerprint is encrypted on the card itself, it's still unclear what security and privacy measures are in place to deal with the registration process.
Despite those concerns, Mastercard's chief of safety and security, Ajay Bhalla, said that the fingerprint technology was "not something that can be taken or replicated", and that the biometric card would help "to deliver additional convenience and security".
MasterCard plans to roll out the cards in Europe and the Asia Pacific region soon, following successful tests in South Africa through Barclays subsidiary Absa and supermarket Pick n Pay.
Top Rated Comments
I mean, I get it. I probably wouldn't use this either. But if you're uncomfortable sharing your fingerprint with your financial institution, maybe you shouldn't be sharing every other detail about your life with them, too.
EDIT: alright folks I get it! You can change the other stuff but you can't change your fingerprint! Please stop quoting me!
What about readers that pull a card in and don't give you the option to hold the sensor? My credit cards are scratched and marked up from being in my wallet, I can see the sensor being just as scuffed up. I'd rather not be fumbling at a register trying to buy something and because I have scratches on the my credit card I cannot use that card.
Also I'm not about to give my bank my fingerprint.
TouchID is never validated by a third party as being the fingerprint of the actual phone owner. Anyone with knowledge of the passcode (say, a thief who shoulder-surfed the owner) can change the prints registered with TouchID.
In other words, the fingerprint registered on the card is GUARANTEED to be that of the actual card owner, unlike with TouchID where there is no such guarantee, but simply a "good enough" likelihood of it being so.
That's assuming the bank even stores any fingerprint info. They have no need to, since the necessary info is put in the card's secure element (just like putting TouchID info in the secure enclave), not authenticated over the network.
How about I play Captain Obvious for you and ask WTF I should care if someone snags my credit card and cannot use it at a POS terminal? It can be used at a POS terminal that doesn’t support this fingerprint technology or can be used online. Regardless of any of the above, I’m still not liable for any fraudulent transactions.
Try being a decent human being and not just look for every chance you have to be a jerk to people. You might enjoy it. (Note, this is about your response to ‘Kaibelf’, who seemingly asked a simple question, to which you decided to go off on your bubble world rant.)