The Latest In Retail Payment Authentication: Veins, Faces And Fingers
Written by Evan SchumanAs new payment types make authentication all that much more critical, it’s worth noting some of the more non-traditional authentication techniques making the rounds. NEC, for example, is pushing what it says is the world’s first biometric authentication device that simultaneously checks finger veins and fingerprints.
Yes, finger veins. It’s the relatively new technique (being used in some Japanese kiosk and banking applications) recently identified as how U.S. authorities confirmed that Khalid Sheikh Mohammed was the murderer of Wall Street Journal reporter Daniel Pearl. The video of the execution released by the killers showed just a little of the skin of the arm of the executioner. Authorities then matched a “bulging vein” in his hand with that of the suspect in custody.
Some question the accuracy of vein patterns in a retail application, but NEC argues authentication that combines a vein scan and a contactless fingerprint scan may prove to be difficult to fool.
“The simultaneous acquisition of both fingerprint and finger vein information makes it particularly difficult for impostors to deceive the authentication system using it,” an NEC statement said. “Moreover, the system’s contactless sensor is robust against the characteristics of fingers that are exceedingly dry or moist with exceptional accuracy, which is difficult for conventional contact-based fingerprint authentication devices.”
Using an older technique—comparing the face of a customer with an image of the actual customer on file—is the way a company called FaceCash is going. Its approach is now being used at about 20 stores in California, including franchised stores of the Subway and Ace Hardware chains.
The idea is that consumers sign up for FaceCash and upload their picture, along with money to populate the account. Consumer then go into a participating store and use that money, sort of like a gift card, by showing a code on their phone’s FaceCash application.
On the screen, a customer’s image is served up to the store associate from the vendor’s server. To make sure the image is properly associated with that customer, the retailer is asked to do a one-time verification.
“The first time a consumer spends money using FaceCash, the merchant will ask for a driver’s license to compare the photograph on the license to the actual person and the photograph in our system,” said FaceCash’s Aaron Greenspan. “They’ll also verify that it’s the same photo ID used during sign up.”
Neither of these authentication approaches is perfect, but as long as vendors keep getting creative with authentication, they’ll get there.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
