As biometrics technology gradually gains ground around the world, Mastercard is using it to launch an authentication service enabling consumers to use fingerprint and facial recognition when logging in or making changes to accounts, instead of
The Mastercard Biometric Authentication Service, based on international standards developed more than a decade ago by the Fast Identity Online, or
"All of your [biometric] data stays on your personal device," said Dennis Gamiello, a Mastercard executive vice president who leads identity products and innovation, in the release. Mastercard noted that the new service supports all card brands and many other forms of payment.
In addition to replacing passwords, the move could help reduce reliance on two-factor authentication, which has become increasingly unwieldy for website developers trying to preserve security with low-tech CAPTCHA challenges and one-time codes sent to consumers, which can be intercepted or gamed by scammers.
Mastercard said banks and merchants may also use its biometric authentication service to verify potentially fraudulent purchases in real time, versus trying to verify a user's identity by sending texts and emails, which are risk-prone.
Users of the new service are prompted to enroll their device's biometric reader with a participating merchant after a successful authentication of the user by their card issuer. The merchant then identifies enrolled users and prompts them for their biometric in a fast, simple process, Mastercard said.
Biometric approaches to authenticating consumers have been in development for years — Amazon is rapidly expanding its
"A biometric authentication solution from a card company that is FIDO-compliant is interesting, said David Mattei, a strategic advisor with Datos Insights, and it could open the door to new fraud-prevention tactics.
For example, financial institutions could deploy the face and fingerprint ID methods that many consumers use to log into mobile banking apps, to authenticate suspicious transactions in real time, he suggested.
Getting consumers to participate in the onboarding process to enroll biometric data could present a potential friction point for U.S. consumers, Mattei noted.
"Geographies such as Europe would be more likely to be early adopters of biometrics [requiring consumers to directly enroll], because users there are already accustomed to some friction in the e-commerce buying process with the EU's Strong Customer Authentication mandate," he said.
Biometrics increasingly will be the answer to growing demand for more secure account access and customer authentication, but providers will likely face challenges in gaining cross-industry adoption, said Brian Riley, a director of credit advisory services and co-head of payments at Javelin Strategy & Research.
"In order to gain scale, any tech provider of biometrics will need to work with the broad payment ecosystem, reaching across consumers, issuers, card networks and platform services providers. Participating parties will certainly take an interest, but they will also continue to build their strength in the background with solutions like AI, predictive analytics and transaction scrutinization," Riley said.
