BBC: A payment card featuring a fingerprint sensor has been unveiled by credit card provider Mastercard.
The rollout follows two successful trials in South Africa. The technology works in the same way as it does with mobile phone payments: users must have their finger over the sensor when making a purchase.
Security experts have said that while using fingerprints is not foolproof, it is a ‘sensible’ use of biometric technology.
Mastercard’s chief of safety and security, Ajay Bhalla, said that the fingerprint technology would help “to deliver additional convenience and security. It is not something that can be taken or replicated.”
However, fingerprint sensors can be compromised.
Karsten Nohl, chief scientist at Berlin’s Security Research Labs, told the BBC: “All I need is a glass or something you have touched in the past.”
He adds that if that information is stolen, “you only have nine fingerprint changes before you run out of options”.
But Nohl is cautiously optimistic about the technology, saying it is “better than what we have at the moment”. “With the combination of chip and PIN, the PIN is the weaker element. Using a fingerprint gets rid of that.”
“Fingerprints have helped us avoid using terrible passwords, and even the most gullible person is not going to cut off their finger if [a criminal] asks nicely.”
The cards are thought to be the first to include both the digital template of the user’s fingerprint and the sensor required to read their fingerprints at the point of sale. Previous biometric payment cards only worked when used in conjunction with a separate fingerprint scanner.
That limited their usefulness, as only stores with the correct equipment could accept them. Having both the data and the scanner on the same card means that they should be accepted everywhere a normal chip and PIN payment card can be used.
But the biometric verification can only be used for in-store purchases: online and other so-called ‘card not present’ transactions will still require further security measures.