Although we know that technology develops fast, we are surprised again and again. It is not just matter of anti-counterfeit protection but rather authentication technology in general. Look, e.g. at fingerprint protected payment cards and ID cards. Less than a year ago, we mentioned it as a tremendously progressed toy used only by some French casinos. During the last few weeks, both Eurocard and Visa have announced pilots in Europe, with an outlook of massive implementations.
The new technology implementation means that a user needs to press his/her finger to a card sensor for any authentication requiring an operation, such as payment. It is a de facto replacement of PIN, at least for common everyday transactions. It is likely that large transactions will continue to be authorised with the PIN.
The details of future implementations are not known. Very likely, they are not known even by the card issuing companies. Even so, we can expect significant growth in customer comfort and authentication security. However, some limits and difficulties can emerge.
- You cannot lend your fingerprint protected card to your wife. It is just an example showing that some operations will become simply impossible.
- Users don’t need to know their PIN for most of the transactions. At first glance, it looks like a benefit, but it is not so easy. If the information is used only seldom, the users tend not to know it be heart, and there is a tendency to write it to different „absolutely safe places“ such as wallets.
- Biometric data will be stored only on the card. It is even possible that only hash will be stored. However, the issuer may tend to make fingerprint copies and store them in databases. Card issuing may be a risky process as well because it can include weak points such as insufficiently protected transfer of biometric data.
Massive introduction of fingerprint protected biometric cards is very positive news, in spite of all reservations. Finally, there is a biometric solution that doesn’t create risks beyond control. The user can always have his/her biometric storage in the card under his/her control. It implies the following:
There is no risk of compromisation of biometric data from central database, and resulting identity abuse
There is no risk of biometric data stealing „from the air“. While facial features can be read without knowledge of the user, the same cannot be done with finger-print. There are stories of reading finger-print from glasses or balustrades, but such tools are not available for mass application. For the time being.
The most important benefit is that two-factor authentication is still applied. The right finger-print is not sufficient evidence of user identity; the user still needs also the ID card. Even if the fingerprint information was compromised, identity theft could be prevented through online blacklisting of the card.
In this case, implementation of biometric authentication brings enhancement of comfort and security. However, a lot of work still needs to be done. ID cards need to be well protected against counterfeiting, and processes need to be well-though.
Optaglio can help through:
- The overall design of authentication infrastructure,
- Delivery of optical protection of ID cards,
- Delivery of hidden and forensic protection elements,
- Special technologies for polycarbonate ID cards protection
Continuously developed innovations to keep the advantage over attackers.