Interview by Zoya Malik
Mobile and online purchasing via contactless cards is struggling to gain ground due to consumers’ mistrust of security within the payment system, against fraud.
Rather than rendering consumers freedom from card usage, payment card developers and fintechs are adding layers of biometric security to payment cards in a bid to protect buyers and vendors, and to offer comfort and garner the loyalty of a new generation of customers. Zoya Malik, Managing editor TFT spoke to Fred Martinez, Director, Biometrics & Advanced Payments and Xavier Larduinat, Director Marcomms Financial Services, Gemalto about Gemalto’s R&D and solutions for the market
ZM: What are Gemalto’s developments in card security?
XL: In recent years, Gemalto’s security innovation in the payments card space has accelerated. Banks and financial institutions have actioned consumer demand for an improved experience and to have better security at their fingertips.
Whether it’s in-store, using ‘contactless’ or the traditional Chip & PIN, withdrawing funds at an ATM or
making purchases online, consumers face a variety of payment card threats. But owing to the high-level security behind the Chip & PIN and the restrictions on contactless payments, fraudsters have turned their attention to eCommerce payments.
The motivation is that online payment services bypass the secure EMV Chip & PIN and can enable malicious code to steal unsuspecting consumers’ financial details, including PAN, cardholder name, expiration date and the CVV code. In response, Gemalto has introduced security software called Dynamic Code Verification. This is a verification code that is visible on an e-ink display on the card’s body or in the bank’s mobile app and is a direct replacement for the traditional CVV numbers. For added security, it changes every hour, removing all possibility for fraudsters to swipe the card’s information. It’s the ultimate defence against online fraudsters.
But this isn’t Gemalto’s only development in payment card security. Last year, Gemalto launched the world’s first biometric contactless payments card, allowing users to enjoy both the security and convenience of paying with their fingerprint, as opposed to remembering a PIN code. As these fingerprint readers are difficult to scam, the biometric payment card is very secure and so the user is entrusted with more payments benefits, such as the removal of contactless transaction limits.
ZM: What is Gemalto’s investment into card security in 2019? What will be the roll out?
XL: is heavily invested in banking card security and is committed to its success through 2019. The Dynamic Code Verification cards are already on the market but will continue to be rolled out to as many consumers as possible, while our biometric payments card is currently in the pilot stage in banks across Europe.
ZM: What can you tell us about new developments in biometric payment cards? How will these create greater security for users? How does the technology work?
FM: The biometric payment card has been designed with security at its heart. From the initial enrolment process to each transaction, steps have been taken to ensure that customer data is always protected. The cards contain a secure chip which stores the fingerprint reference. When it’s used, the fingerprint sensor measures the data against that already stored on the card. It’s so secure because all the checks take place on the card itself; there is no central database that it needs to connect to, in order to verify the identity.
Currently, if users would like to enrol at a participating bank, they would either need to visit their local branch or request a small card sleeve to be sent to their home. If customers choose the bank, they simply insert their new card on a dedicated reader and place their fingerprint onto a card’s scanner. The information is directly captured by the card, securely encrypted and only remains inside the card. If they choose to enrol at home, they are sent a small reader where they can insert their card and do the enrolment themselves with very simple instructions.
ZM: How soon will biometric cards be rolled out in the UK? What more needs to be done to create confidence in them?
FM: As the technology is still being refined and improved, the cards need as many pilot programmes as possible to ensure their success. Having said that, we expect mass market roll-out to be as early as the second half of 2019, with volume increasing sharply in 2020 and beyond.
For the UK market, a trial will be launched in the coming weeks with a key issuer. We are also in discussions with some major UK banks about pilot programmes and hope to confirm more on this shortly.
ZM: How does Gemalto partner with fintechs for R&D and product roll out, especially with biometric digital security? Please give some examples.
XL: Gemalto has an extensive R&D process to ensure that products match the standards expected by customers. For the biometric payment card, Gemalto has partnered with a leading fingerprint sensor vendor to deliver products of the best quality.
Gemalto is also partnering with leading fintech firms to develop innovative use cases for the payment card. Beyond the convenience of enabling contactless payments for any purchase amount, biometrics is a sure-fire way to verify the identity of the card user. This drastically opens up the use-case potential for the technology. For example, we could see biometric cards at the centre of social benefit distribution in years to come.
ZM: In terms of payments, what is Gemalto offering the payments ecosystem (stakeholders) in terms of card security for online use?
XL: Gemalto has developed Dynamic Code Verification cards (DCV) to replace the static CVV alternative and protect the cardholder from skimming fraud. This type of fraud is carried out by malicious eMerchants whose website collects the cardholder’s data (card number, name-on-card, expiry date, CVV) to complete fraudulent online purchases.
DCV has its code changed every hour, leaving no possibility for a fraudster to skim and use the data on the card. Importantly, it does not change the user experience either, as most people are familiar with using CVV when making online purchases. The changing DCV can be found either on the individual’s online banking app or through a small eInk display on the card itself. It’s secure, easy-to-use and most importantly, is impossible to locate for a fraudster.
“As the technology is still being refined and improved, the cards need as many pilot programmes as possible to ensure their success.” – Fred Martinez
ZM: What are vulnerable points in payments processing for fraudsters?
XL: Payments cards that are used at the point-of-purchase are now so secure that fraudsters focus almost exclusively on eCommerce attacks. This is why solutions such as DCV are so important in protecting cardholders for online purchases too. There are a variety of secure solutions that online sellers can purchase from Gemalto. 3D secure version 2, card tokenisation, DCV are just a few that can be deployed quickly and scaled to individual customers’ needs.
ZM: How will biometric cards work for online buyers / retail platforms?
FM: The biometric card provides a very simple and secure way to authorise online payments. The solution requires two factors of authentication in order to verify the purchase; what ‘I’ have (the card) and what ‘I’ am (biometric authentication). In the future, retail platforms will have a variety of ways to integrate this payment option into their service, choosing what works best for them. This is currently in development, so stay tuned.