Visa integrates biometrics for credit card payments

Visa plans to tighten payments with biometric authentication - although 'cardholder not present' will remain a problem

Payments network Visa has launched a new platform that will provide banks with the ability to integrate biometrics for credit card payments.

The company is using technology from Daon, which develops authentication and identity assurance solutions across the globe, to integrate biometrics into the Visa ID Intelligence platform.

It is intended to give financial institutions, developers and commerce partners easy access to the latest authentication technologies - letting them offer customers secure ways to shop, pay and bank on-the-go.

Visa claims that the service will enable banks to offer near-instant card account and approvals, along with secure payments.

The service is available as part of the Visa Developer Platform, providing developers with access to a host of third-party authentication technologies that work with Visa APIs and SDKs.

As a result, they should be able to create, test and roll-out biometric authentication quickly and relatively inexpensively. The company is also working on new user data and device data services, which will launch in 2018.

Current features include the ability to identify documents and match photo IDs to selfies, using eye, face and fingerprint biometrics for quick authentication and quick customer information comparisons.

Mark Nelsen, senior vice president of risk and authentication products at Visa, said: "Traditional methods for authenticating a customer can create frustration or are simply not designed for the new ways people are shopping and paying.

"Visa ID Intelligence brings together innovative, secure authentication solutions that can scale to the needs of the payments industry."

Daon CEO Tom Grissen added: "Visa ID Intelligence... will benefit consumers who are growing more and more frustrated by an antiquated password system."

However, David Emm, principal security researcher at Kaspersky Lab, warned that biometric technology should be used with caution. "Biometric data, unlike a username or password, is persistent: we carry it with us for life. There's one major downside to its use - stored by a service provider, biometric data is just as valuable as a database containing usernames and passwords.

"However, any security breach resulting in leakage of this information is likely to have much more serious consequences than the theft of a password: after all, we can change a weak password, but we can't change a compromised fingerprint, iris scan or other biometric."

Etienne Greeff, chief technology officer and co-founder of cyber security consultancy SecureData, also believes that biometrics should be used with caution.

"The general perception is that biometric security - iris scans, fingerprints and voice recognition - is inherently secure because it's taking something you are, something that never changes, and using it as a means to access your accounts to verify your identity," he said.

"While this is significantly more secure than using passwords, which have been shown to be a very poor form of authentication, a few caveats apply. The person using the authentication data has a big responsibility to store the data in a secure fashion.

"If we think about a ‘normal' breach, for example when a password is hacked, it's easy to reset your password or change the security settings. It's also relatively easy to recover from one of these threats."