Biometrics: Winning the battle against payment fraud

By Dave Orme, SVP, IDEX Biometrics.


Card and payment fraud is a serious problem that is leaving financial institutions needing to pick up the financial and logistical damage left behind by fraudsters on an alarming scale. Whilst banks are left trying to manage the fall-out from fraudsters, consumers are also left feeling alarmed as they see payments, that they know they have not made, coming from their bank account. Having to take time out of their busy diaries to report missing or stolen cards is not only frustrating for cardholders, but is equally felt by banks who invest countless time and resources in managing this issue. No matter who you are, card fraud is a major challenge that will face us all.

In fact, card fraud is a serious and increasingly urgent problem. Financial Fraud Action UK (FFA UK) reports that in 2016, fraud across payment cards, remote banking and cheques totalled an astonishing £1.38 billion, an increase of 2% on the previous year. The overwhelming majority (80%) of this fraud involved payment cards; there was a particularly large (30%) increase in the proportion of cards lost and stolen, and these alone accounted for losses of £96.3 million1.

There is no single reason for these figures; impersonation and deception scams, as well as data breaches, have all played their part. But the UK is becoming an increasingly cashless state — debit card payments overtook cash payments for the first time recently — so we have no real option but to stop the fraudsters2. The question is, how?

Beating Fraud

Financial institutions currently bear much of the impact of card fraud, and in response are investing heavily in machine learning, predictive analytics and other cutting-edge technologies to beat the criminals. These are having some effect; in 2017, fraud losses on payment cards fell somewhat (which contrasts with 2016, as we have seen), but even so there was still £566 million lost to payment card fraud alone and seven pence in every £100 spent was fraudulent — a very worrying statistic in a society that is rapidly increasing its reliance on cards3.

In other words, payment card fraud has been a huge problem for a sustained period of time and the steps currently being taken to stop it are not effective enough.

But if not PINS, then what?

In a society that relies more and more on technology, payment cards are the weak link; or rather, the behaviours of the people who own and use payment cards are the weak link. It is human nature to make the mundane administration of life easier — but we all know how dangerous writing down your PIN because you keep forgetting it (and worse, keeping the card and the PIN together) can be. Many people are also guilty of sharing their PIN and card with their friend/partner/relative to enable transactions without the need to be present. Others give out cards and PINs to trusted people because they are elderly or have mobility problems and getting the necessities of life is so much easier that way. All these behaviours are very common, but they are also making card crime very easy.

People fail to keep their PINs or other card details safe not because they are inherently foolish or lazy, but because PINs are simply unfit for purpose. To be effective they demand a far higher standard of discipline and security from human nature than human nature is ever likely to give. The result is a massive headache for individuals, financial institutions and businesses all over the world.

But if not PINs, then what?

The key to fraud prevention

Biometrics, including fingerprint recognition, is a field increasingly recognised as holding the key to card fraud prevention as such fraud becomes a more and more urgent problem. And while financial services may be looking at large-scale use of biometrics now, in other security-conscious sectors this has already happened. For example, many smartphones (which are themselves fast becoming the twenty-first century replacement for the wallet) are protected via fingerprint authentication, usually via a sensor on the lock screen. Passports are also routinely issued with biometric authentication built in, as are government ID cards. Biometrics are used where security is non-negotiable.

Until recently, including biometric authentication in a payment card was very difficult. This is because it required a sensor to be incorporated in the card and for many years those sensors were too large and inflexible to make that viable. However, there have been breakthroughs in this technology recently and we are now able to deliver a very thin, flexible fingerprint sensor that is easy to add to a standard card, so the major barrier to using biometrics with payment cards has now been overcome.

The future for Biometrics

Recent advancements in off-chip fingerprint technology have meant that gold standards of authentication can be readily available, practical and affordable to roll out to the mass market. With Biometric companies already partnering with banks, financial institutions, payment processing firms and smartphone manufacturers, biometric payments will soon be a reality for all. The arrival of simple, secure and personal authentication and the deployment of biometrics across the payments industry will provide the weapons needed to win the battle against payment fraud.


References

1 FFA UK, Fraud, The Facts 2017: https://www.financialfraudaction.org.uk/fraudfacts17/

2 BBC News, Debit card payments more popular than cash: https://www.bbc.co.uk/news/business-44496513

3 UK Finance, Finance Industry Stops £1.4 Billion in Attempted Fraud: https://www.ukfinance.org.uk/finance-industry-stops-1-4-billion-in-attempted-fraud/

Related reading