Vince Graziani, CEO of IDEX Biometrics ASA, discusses how the adoption of biometric payment cards can enable retailers to balance the security measures needed for compliance whilst also delivering ease of use for the consumer.
Significant developments are afoot in the retail and payments industry, with vendors needing to prepare for Strong Customer Authentication (SCA). It’s set to be the most significant change to how people pay for things, not only online but also for card-present retailers across Europe. The deadline for compliance with the regulation has recently been extended again, this time to March 2022.
This is now the third time the deadline for retailer compliance has been pushed back, with the Financial Conduct Authority (FCA) worried vendors are not prepared for the new payment security approach. This raises the question, will SCA ever really take off? Well, for retailers the extended deadline can be viewed in a positive light. The fact that there are now a further ten months to pilot and then launch their response gives retailers more time to adapt their authentication and verification tools. But it’s also a benefit for banks and payment providers too.
The ongoing delay to the SCA will give the payments industry extra time to prepare for the rollout of the directive so they can deliver a secure SCA payment option to consumers. If the payment ecosystem fails to use this time to prepare or implement the right technology to comply with this new ruling, it will open consumers up to a significant threat of card fraud.
The challenges faced within the retail space
There has been a large amount of focus on the implications of SCA when shopping online; however, face to face purchases will also need to be revisited. Even when using a card physically, SCA will require two-factor authentication for every purchase made over the contactless limit. This additional layer of protection provides a more stringent authentication process that will help to keep millions of accounts safe from both traditional fraudsters and cybercriminals.
Two-factor authentication means that not only will the user need to provide their details when making a purchase, they’ll also have to confirm their identity with:
- something they know (a PIN or password),
- something they have (such as a smartphone),
- or something they are (biometric face or voice features or a fingerprint).
Once implemented, this will be beneficial in protecting consumers, however, getting to this stage will be a challenge. The requirements are set to cause widespread disruption to the retail space. The introduction of SCA will require in-person merchants and card issuers as well as online Payment Service Providers (PSPs), such as PayPal and WorldPay, to have in place the technical enhancements and testing needed by the deadline.
Educating the shopping public on SCA
This presents a significant logistical challenge; maintaining effective fraud prevention while keeping an optimised customer experience is not easy. But perhaps the biggest challenge of all is that consumers themselves still aren’t entirely aware of SCA or what will be expected of them come March.
The introduction of SCA demands collaboration within the industry to educate consumers, but ultimately it is up to payment providers to provide a reliable, secure and SCA-approved method of payment to consumers. Providers must also ensure that the method they choose is not only up to standard but is affordable and accessible to all.
Preparing for the future of secure payments with biometrics
Biometric payment cards offer the answer for payment providers to help prepare for SCA. Not only will these cards – with inbuilt fingerprint sensors to verify ownership – provide strong customer authentication, but they also come with the added benefit of convenience. Validating your payment with a fingerprint speeds up the transaction process and removes the requirement of PINs or the use of a smartphone.
Biometric fingerprint payment cards offer banks and payment providers, an opportunity to embrace payment innovation that will help them meet these new secure forms of authentication with confidence and ease.
It is worth noting that some payment card manufacturers, such as IDEMIA, are already preparing biometric payment card solutions. These will be ready for banks and card issuers to adopt so they have the time they need to pilot and roll out the new payment method before the new SCA deadline is imposed.
- Biometric authentication: the good, the bad and the ugly
- The security threat of Bring Your Own Device (BYOD) initiatives
- How CIOs can become CEOs: tips from a tech leadership headhunter
- What’s the state of gender diversity in the tech industry?
The FCA has also outlined previously that long-term authentication through biometrics and mobile app-based solutions is the future of secure payments. The use of biometric payment cards to authenticate online payments will offer an important way for retailers to balance security measures that comply with the SCA regulation whilst also delivering ease of use for the consumer.