Mastercard is testing credit cards with embedded fingerprint sensors

[midian182]

Fingerprint sensors continue to make their way into everyday life, so it’s not too surprising to see the security feature being embedded into credit cards. Mastercard is currently testing the technology in South Africa and hopes to roll it out to the rest of the world by the end of 2017.

The biometric cards are no thicker than standard credit cards, but there’s a built-in fingerprint sensor located in the corner that’ll let you authorize in-person transactions using just your thumb instead of a PIN number or by signing a paper receipt.

"Whether unlocking a smartphone or shopping online, the fingerprint is helping to deliver additional convenience and security. It's not something that can be taken or replicated and will help our cardholders get on with their lives knowing their payments are protected," said Ajay Bhalla, Mastercard’s president of enterprise risk and security.

Setting up one of these cards won’t be as simple as using an app. Assuming your financial institution decides to use the system, you’ll need to visit an enrollment center to have your fingerprints scanned. An encrypted digital template will then be stored on the card’s EMV chip. It’s possible to have two prints on the same card, though they must both belong to the owner – you can’t add other people’s fingerprints.

Should the South African trials go well, the next step is to start testing in Europe and Asia. A worldwide rollout before the end of the year may sound ambitious, but the fact merchants won’t require new machines to accept the cards should speed things along.

Permalink to story.

https://www.techspot.com/news/69028-mastercard-testing-credit-cards-embedded-fingerprint-sensors.html

 

[Skidmarksdeluxe]

Good old Pick n Pay supermarkets, they help themselves lot of my coin. Yeah, I received my biometric card from Standard Bank earlier today, I guess I'll be taking it for a spin tomorrow morning after tea at that supermarket... if my wife can wait that long.

 

[Kibaruk]

Good way to go. It would be best, in my mind at least, to have a "Mastercard" app, that will be linked to your credit card... "there is a transaction for $XX.XX pending, do you want to approve" YES NO.

Yes, it will require that you have internet enabled, it is probable that at some point you don't have access to your phone or internet, could be followed by a keycode generator you can use instead of a pin. Now if you don't have your phone AND your keychain-code-generator... well it's not my fault you don't care about your security =P

 

[TheBigT42]

Finger Prints are too easy to fake

https://www.theguardian.com/technol...isters-fingerprints-using-photos-of-her-hands

 

[lipe123]

Finger Prints are too easy to fake

https://www.theguardian.com/technol...isters-fingerprints-using-photos-of-her-hands

You watch too many spy movies, its everything but easy. Since when is it easy to take a perfectly focused high res picture of someones finger unless they are asleep or passed out ?
It's possible but not easy and how are you going to explain some weird finger faking contraption on the card to the teller?

Also just wear gloves 24/7 and your secret is safe

 

[Uncle Al]

Maybe they just need to upgrade their policy on thumbprints? After purchase, they snip off your thumb to guarantee authenticity. If it comes back approved you get your thumb back .... if not, it goes into the shredder. That should limit illegal purchase to ..... two!

 

[psycros]

"It's not something that can be taken or replicated and will help our cardholders get on with their lives knowing their payments are protected," said Ajay Bhalla, Mastercard’s president of enterprise risk and security."

This is a guy we're supposed to trust with our money? All you need is the DATA FILE that contains the digital fingerprint. Since that file is now going to be stored ON THE CARDS themselves it will be child's play (by hacker standards) to obtain them and make phony cards. There's also the chance of either the CC company itself or the government using your fingerprints for nefarious purposes.

 

[JW0914]

The security of fingerprint encryption is based upon how many points of reference is being used. Anything less than somewhere in the mid-20s wouldn't be secure, as there's a high probability points of reference less than that would match at least one other person. The failure of law enforcement forensic labs to require points of reference matching in the 20s have resulted in numerous misidentifications, with a well-publicized case occurring ~2010 with the misidentification of a gentleman based upon a reference match in the mid-teens.

The problem with a broad adaptation of using fingerprints for security is the untested assumption that each human is born with unique fingerprints, something that has never been quantitatively proven, yet alone tested since less than half the human population has been fingerprinted. Fingerprint security is great when used in controlled situations based around a [relatively] small number of people (lab security, corporate security, etc.), but without employing reference matching in the mid-20s, it should not be viewed as foolproof security.