Biometrics for Payments Authentication and Authorization

Challenge

Create a more convenient, safer way to pay that offers maximum value to customers across all their payment types

Considerations

1. Where to store the biometric identifiers? State-operated “vaults”, a global registry or bank scheme?

2. How to manage changes or anomalies in those biometrics? Identical twins, those whose appearance changes cosmetically or available biometrics change as a result of injury

3. Who owns the data? How to put the customer in control of their digital DNA and educate them on the management of the portfolio

Solution

1. The ideal “vault” for the biometric data is debatable, but the protection and anonymization of that data can be achieved by combining biometric identifiers into a single cryptokey, which no one party holds. The creation of that cryptokey can be achieved with existing high number encryption processes or new applications of distributed ledger technology, such as blockchain.

2.The biometric identifiers themselves should be varied to allow for two-step secure customer authentication in scenarios where the customer needs or wants to add fraud prevention controls into their personalized payments experience. Multiple identifiers also make it possible to “update” your personal biometrics portfolio, if some of those should change.

Digital DNA would need to be composed of multiple strands to allow you to identify yourself via two options to the “vault” operator in order to update a third identifier within your profile.Iris profile changes after surgery or transplant Fingerprints no longer viable from injury or faded with age Facial surgery, cosmetic or medical post-accident

3. The ownership of the biometric identifiers and associated data would always reside with the customer. Associated data could include payment preferences, such as maximizing usage of payment instruments that deliver loyalty points, or choosing the lowest cost payment type, or requiring two-step strong customer authentication (SCA) for transactions above a specific limit or at a certain merchant category. Customers could also choose to opt in to apply artificial intelligence (AI) to their payments transaction and behavior history to recommend the best preference settings for their personal needs.

The management of the identifiers and preferences data would be in a mobile or web app that allows real-time updates and notifications to put the consumer in control of their digital DNA. The app should also include educational information presented in bite-sized formats to support customers in making the best possible decisions for their desired outcomes.

CX optimization

Leverage next-gen technologies to ensure that biometric readers meet customer needs and keep ahead of fraudsters. For example, POS fingerprint scanners now can recognize a pulse in the finger presented, this kind of reader would need to be standard.

Offer personalization in the link between the presentation of the identifier and the preferred payment type or rules by adding movement patterns (similar to sign language) and leveraging perceptual computing that “overrides” usual set preferences associated with a fingerprint-authenticated payment.