Payment card with fingerprint scan tackles security, data privacy
Data security has always been a key concern in the digital world. As financial institutions and businesses dive deeper into digital technology, biometric authentication services, such as fingerprint scanning, have an integral role to play in protecting and securing personal assets online.
Touch ID technology has found huge success particularly in smartphones, in which a fingerprint can be either a replacement or supplement to traditional passwords, either for unlocking a portable digital device or for enabling mobile electronic payments.
The number of fingerprint sensor-enabled smartphones in use globally rose from 58 percent of the market last year to 71 percent this year, according to a report by Hong Kong-based technology analysis firm Counterpoint Research.
Touch ID technology has now found its way onto a payment card. MeReal Biometrics, a technology firm with a corporate presence in Hong Kong and France, has launched a patented battery-powered card that combines biometric authentication – via fingerprint scanning – and near-field communication (NFC).
NFC refers to a set of communication protocols that enable two electronic devices, one of which is usually a portable device such as a smartphone, to establish communication by bringing them within a short distance – typically 4 centimetres (1.6 inches) – of each other.
MeReal Biometrics provides a product that is, in character, “between a passive bank card and everything in a smartphone, to add value to a card in terms of service and security,” stated Philippe Blot, co-founder of MeReal Biometrics, in an interview with Innovation Hong Kong.
“Our card is designed to have a chip that renders a service 24 hours a day, free from the constraints of ATMs and point-of-sale terminals. It is designed to deliver better service on identity, security, payment; and access to anywhere, any time, on any device,” he added.
How it works
To start using a MeReal Biometrics card, the cardholder places a finger on the card’s sensor. The fingerprint is then recorded and stored inside the card as an algorithm. To use the card, the cardholder switches it on, and places their thumb on a sensor mounted on the card, in order to activate the card. One card can store algorithms for multiple fingerprints, from multiple people, and each fingerprint can be designated different rights and privileges.
The fingerprint activation enables the NFC/RFID (radio frequency identification) chip technology in the card, and a ciphered – i.e., encrypted – acoustic signal that can transmit data to other devices and software.
The card then can be used with contactless readers located typically at the following places: sales counters in shops and other retail outlets; doors; turnstiles; and in NFC-enabled smartphones. The card can also be inserted in contact readers, such as those inside ATMs or kiosks.
Another option to get authorised access to the card is to play the acoustic signal emitted by it, through the microphone of either a computer laptop, a tablet, PC or telecommunications line – regardless of whether the latter is either digital or analogue. Once the acoustic signal is played, back-office software on the other side of the line can decode the signal. The card then authenticates the user’s identity and from there physical or virtual access can be granted, or a transaction can proceed.
“With the fingerprint reader, I can prove that it’s only me using the intelligence, and it can run only when I want it to run,” Mr Blot explained, adding that registered fingerprints are stored only inside the card and will not be shared beyond that device.
Approximately US$3.7 million over a period of 10 years has been spent on taking the technology from the laboratory to the consumer. Initially, MeReal Biometrics and Hong Kong-based digital hardware provider UniKeys worked together to create a credit card-style device designed for users to store and trade crypto coins as easily as using a credit card, based on blockchain technology. They found the technology could also have more general consumer and business uses.
Regarding the use for blockchain, Mr Blot noted: “In traditional transactions, there are always third parties involved, including the bank, which is the one to accept the card, and a network enabling your transaction and the communication between the two banks.”
He added: “On a blockchain, we don’t want any [third] parties involved. It is a totally decentralised or peer-to-peer network, where there’s no central authority. It is purely digital, cryptography.”
Each transaction, or “block”, is connected by cryptography, which means any changes to the data of a block would affect the content in all blocks following it. This makes blockchain a safer option for recording transactions or digitally storing assets because hackers would need to hack not only one single block but also those chained to it, in order to avoid detection.
Blockchain is not immune to hacking attempts. A major incident occurred in Tokyo earlier this year, which saw a whopping US$500-million worth of digital coins drained by hackers from a Japanese cryptocurrency exchange. The hackers managed to steal the cryptographic key for an E-wallet where the coins were stored.
For individual investors, a solution to this is to keep their private access key – i.e. something that operates in a similar way to a password – and their public key in a safe place offline.
However, when a private key sits in a USB pen drive or Bluetooth electronic wallet, it can be used straight away if it falls into the wrong hands. The card developed by MeReal Biometrics in collaboration with Unikeys, serves as an E-wallet with fingerprint authentication, and is designed to store and protect the private key and public key, adding an additional layer of protection for crypto-assets, say the developers.
“Electronic wallets can be stolen or lost, which is where biometric authentication comes in handy, because transactions can only be triggered using the cardholder’s fingerprint,” Mr Blot explained.
With NFC-enabled connection, the MeReal Biometrics card can be used as a contactless card to transact, transfer or trade cryptocurrencies. Depending on the issuer, the cryptocurrencies can be kept on an exchange platform or inside the card. One card can store up to seven different types of cryptocurrency, along with the respective public and private access keys.
The technology can be used not only for financial services transactions but is also poised to shake up the way the hospitality and retail industries operate.
Since last year, the MeReal Biometrics technology has been in use at some hospitality and entertainment venues in France. One property, for instance, is providing its employees with the card to gain access to restricted areas. The same operator is also looking to provide its guests with the card to make biometrically-verifiable payments and gain access to exclusive VIP services and authorised zones.
“The solution card enables hotels to know users’ spending habits and movements in order to offer bespoke customer services,” stated Mr Blot.