A few days ago, “Future of payments Gateway” interviewed Pierre Antonio, the Head of Marketing Advisory Committee, about biometric payment security. Discover the interview…

 

  1. Biometrics already exists on some smartphones, indeed Apple uses it in iPhones. How do you see this as the next logical step in universal mobile transactions?
  • Biometrics, specifically fingerprint, as it is currently implemented in smartphones is mainly used for convenience (always better than QR Codes + code) and not security. Security is managed through risk management (e.g. Tokenization: risk on few transactions).
  • So, I see the universal mobile transactions (payments) with tokens (+ HCE or Secure Element) managed by a “generic” mobile wallet and a convenient authentication for user acceptance.
  • However, biometrics adoption by Apple and Samsung opens the door for the biometric capture at the Point of Sales, introducing new opportunities and new constraints.
  1. How can companies address the need for open architecture with a desire to maintain market share through protecting proprietary tech?
    • It is possible to address open architecture and protection of proprietary tech as far as the proprietary tech is not a sensitive component (e.g. bio for convenience): Apple Pay and Samsung Pay are proprietary techs (fingerprint + NFC and/or MST) but both use tokenization specs defined by card schemes.
    • Open architecture is required by services providers (banks, retailers…) for KYC process ensuring that the client is the one enrolled in the smartphone before the provisioning of his credit card in a mobile wallet. Enrollment and capture of the biometrics outside the smartphone .
    • Ideal situation would be an open architecture of and open access to security components of the handsets, specifically the Secure Element. But handsets manufacturers prefer to lock these components in order to provide their own business application (e.g. Apple Pay with the Wallet app).
  1. How do you balance a frictionless, personalised KYC experience without compromising sensitive user data?
    • That question requires further precisions. KYC is the phase where a service provider verifies the ID of a client to grant access to a service. I do not link the complexity of that phase and the security of sensitive user data.
    • If by KYC you mean authentication, it is possible to provide a frictionless and convenient authentication w/o compromising sensitive user data. This is what Natural Security is all about.
  1. What are your current, as well as future views on biometric payment security and how do you think events like Payments Security & Authentication help shape its future?
    • As mentioned above, introduction of biometrics on smartphones facilitated the development of tokenization. Biometrics technology on smartphones is not yet able to provide the security level required by banks for instance. But is this an issue?
    • Future may be in a burst of the biometric main functions where the capture, the matching and the storage of biometric data is no longer only in the smartphone but distributed between point of services (POS, laptops), the cloud and the smartphone.
    • After several years of attempts of mobile payment solutions, I feel that we are at the beginning of something that can be universal and massively adopted: the tokenization. So event like Payments Security & Authentication is a perfect place to meet and to share views with various stakeholders, decision-makers and influencers of that area and, specifically for our alliance, try to initiate common initiatives to spread standards and open architectures in the industry.

Pierre will be speaking at Payments Security & Authentication Global on Dec 3, 2015.