Google Pay/Apple Pay… That is all…
(Well I guess the battery on the card won’t run outlike the phone but that’s it.)
I think the card is powered by the terminal, not sure how it’s contactless anymore.
The card is powered through the card terminal and when a customer presents a card, a green light on the card indicates that the fingerprint has been matched successfully.
I saw this on BBC click a while ago. I guess it’s one way to get around SCA if you verify each time but I’m not sure I see the need… is entering a PIN that much hassle for a purchase over £30. Seems easier than trying to line up the card and your fingerprint to get power from a terminal.
Biometric cards are the future, this implementation isn’t.
They have been trialing biometric cards for a while now. April was when they first started. Only when a transaction is over £30 does it require your fingerprint at the moment.
This is just expanding that trial to credit cards as well.
What’s wrong with it?
It works on the same principal as contactless, it’s not changing anything, you still need to know your pin it’s not speeding up anything especially how the card needs to be placed on the terminal to verify.
Future versions will be easier, more wide ranging in its limits and work on the basis only you can use the card, so will be more secure.
They can still be skimmed so card fraud isn’t cut.
There are numerous trials taking place around the world, the gemalto one is just one of them.
You seem to describe problems inherent in cards themselves in which case isn’t the future not having cards at all?
Not the near future no.
I’m sure we will see different banks trialing different cards in the near future, that solve some of the skimming issues, that will be a step in the right direction. Natwest have just gone for the quickest and cheapest option, to be the first in the UK, which is great, as it will push others forward.
I though this implementation was so that “only you can use the card” from at least a contactless point of view? That’s step forward even if it doesn’t stop the other methods of using the card that you point out?
Presumably then when you say “only you” you mean chip + PIN won’t be possible unless it is “you” using the card?
It’s a quick step to launching a biometric card, I haven’t knocked it, I think its a great step.
There are at least 4 other bigger trials happening around the world using slightly different methods, so its going to adapt and change over time.
I may well be misunderstanding here, but it feels like a flawed interpretation of the principles of MFA (2 or 3 of something you know, something you have, something you are) in that information about the something you are (fingerprint) is stored on something you have (card) rather than being separate (not saying I know how to make it work separately, mind).
These cards were being designed a long time before the rule changes came into place, and in most countries where other trials are happening, there is no requirements like in the EU.
It’s the same principal of Apple Pay, Barclays Pay and Google Pay though, the something you have is the phone, the something you know is your fingerprint or unlock code.
I know its not exactly the same, but they will read the regulations like that, and no one is going to stop them. Providing they can prove its secure, it will be permitted, and currently you have to go into a Natwest branch to register your new biometric card and fingerprint.
Obviously we have no idea at this point whether fingerprint data can be more easily cracked on a card or a phone.