SlideShare uma empresa Scribd logo

The time is now for biometrics in financial services

Transferir como PPTX, PDF
Smart Payment Association
Smart Payment Association

To date, biometrics technologies have largely driven by the needs of governments to identity its citizens and protect its borders. But as the technologies mature and focus increases on payment security and anti-fraud measures, biometrics are finding a logical home in the financial services sector. Recent cross-industry ISO standards, and work addressing interoperability, scalability, privacy and security issues mean an industry-specific EMVCo biometrics profile is now an achievable reality. But challenges remain – in the definition and agreement of the best approach, in integrating biometrics into payment systems, and in encouraging adoption by both financial institutions and consumers. The presentation will focus on: • The use cases and biometric applications within the financial markets • International standards harmonization and the key role of SPA in promoting interoperability • The applications integration challenges facing payment systems • The vital importance of ensuring biometric data protection and privacy

TecnologiaEconomia e finanças
1 de 21
The Time is now for Biometrics in Financial Services Lorenzo Gaston, Technical Director, SPA Thursday 21st November 2013 shaping the future of payment technology
1. SPA: a short presentation shaping the future of payment technology
Who we are The Smart Payment Association addresses the challenges of today‟s evolving payment ecosystem. We offer leadership and expert guidance to help members and their financial institution customers realize the opportunities of smart, secure and personalized payment systems and services - both now and in the future. Since 2004 Members: shaping the future of payment technology
What we do  The SPA works in partnership with global standards bodies, its own vendor community, and an expanding ecosystem of established and emerging brands to offer an ever-growing portfolio of advisory and support services. NonTraditional Ecosystem Expert Advisor Services Help shape the future of payments Customers Members Customers Services Bring Value to Financial Institutions Members Services T rade Organization Traditional / Smart Card 4 Technologies Advanced/ New Fig 1 Extending advisory and support across the evolving community, the SPA is addressing today’s challenges and shaping the future direction of payment technologies, standards and business models. shaping the future of payment technology
How we do it  By delivering the market‟s most accurate barometer of payment trends  An annual analysis of payment trends based on actual manufacturer sales data  SPA members = 85% of the total smart payments card market  By supporting the creation and adoption of standards and best practices  EPC-CSG/SEPA: Card Representative and Vendor Sector Spokeperson, Chair of the EPC-CSG Task Force to specify the SEPA functional and security requirements for emergent & remote payments (Internet + Mobile), Convenor of the new EPC-CSG Expert Team on Card Innovative Payments, Member of the Preparatory Committee of the SEPA Security Certification Management Body  EMVCo: Technical Associate and Board Advisor for Card Sector  EMVCo Next GenerationTaskforce: Contributor  By extending expert advice and support across the payments ecosystem  An eye-catching library of expert technical resources and thought leadership collaterals to shape the future of payment 5 shaping the future of payment technology
SPA latest publications NEW!  Biometrics for EMV Payment Cards NEW!  UICC Application Lifecycle Management  Security Certification for Mobile Platforms  Security for Mobile Payments  PIN by SMS  Private Label Payment Solutions  Business Continuity in the Payment Card Issuance Industry Download at: www.smartpaymentassociation.com 6 shaping the future of payment technology
2. The Time is now for Biometrics in Financial Services shaping the future of payment technology
Three-Factor Authentication in eightsteps 1. The cardholder presents their EMV card to the acceptance device equiped with a fingerprint biometric sensor 2. A next generation secure channel is established with the card 3. The Cardholder presents the PIN code for verification 4. The Terminal Manager instructs the CVM to require the cardholder to present the finger to the biometric sensor 5. The Biometric sensor extracts the minutiae, generates the ISO 19794-2 template and sends it to the CVM 6. The CVM transmits to the card the captured template through the secure channel via contact or contactless 7. The card verifies and decrypts the captured template and matches it with the enrolled template , calculating a score of similarity 8. Depending on score and the pre-fixed threshold the card returns signed result (i.e., Yes/No) to the CVM of the acceptance device 8 Cartes 2013 shaping the future of payment technology
This looks easy & forward but … Introduction of biometric payment cards requires the careful consideration of a number of issues, including:  Decide the most suitable biometric modality to use  ‘on card’ or ‘off card’ or ‘both’ biometrics verification  Trade-off performance vs transaction times  Design of the cardholder enrolment process  Lifecycle management of the biometrics data  Storage, retrieval and data protection of a cardholder’s personal biometric attributes. 9 Cartes 2013 shaping the future of payment technology
Use Cases for biometrics in payment cards  Opening Payment Accounts  Implement „Know your Customer‟ (KYC) processes,  use of existing biometric documents to enroll a bank biometrics  Authorization of Payment  AML/CFT monitoring process  Stronger proof of consent  Simplifying the use of payment cards in developing countries  facilitate access to financial services for individuals unused to PINs or passwords  cash withdrawal and other transaction services at an ATM or self-service bank kiosk 10 Cartes 2013 shaping the future of payment technology
Use Cases for biometrics in payment cards  Contactless & Mobile Payments  As CVM “hands free”  Ability of the mobile to integrate many capture devices  Generation of non-repudiable electronic signatures Activation of private signature key subscribing a contract for access to a new financial service confirming a remittance generating an e-Invoice proceeding to a mobile commerce transaction downloading and transferring electronic money. 11 Cartes 2013 shaping the future of payment technology
Behavioral Traits Physiological Traits + Iris/Retina Fingerprint Hand Voice Signature Vein Face Gait Keystroke + User friendliness - - Behavioral User friendliness + Physiological Comparison of physiological and behavioral biometric modalities 12 12 shaping the future of payment technology
Setting Performances (I)  The profile proposes performance targets for biometric matchers configured and used in EMV Biometric authentication subsystems  The key criteria is security, meaning minimizing False-MatchRate  False Match Rate criteria can be met by simply setting an arbitrary high score of similarity  But that involves high False Rejection Rate and negative commercial impact  The final tradeoff will of course be set by the card issuer  Lower further FMR or prefer lower FNMR to facilitate acceptance of the technology  Set the number of consecutive tries  Set the level of performance depending on the risk of the transaction A high transaction risk requires a higher score of similarity to proceed 13 Cartes 2013 shaping the future of payment technology
On Error-Condition Performances Different approaches for setting the comparison threshold for the application 14 shaping the future of payment technology
Setting Performances (II)  The Profile proposes a trade-off minimum level of accuracy for EMV Match-on-Card fingerprint minutiae authentication  « The False Match Rate of FMR= 0.0001 should be achieved with a maximum False Non Match Rate FNMR = 0.02 on one finger » FMR≤0.0001 with FNMR ≤0.02  This FMR applies to zero-effort authentication This represents the case where a lost/stolen card is presented by a random person who tries to impersonate but ignoring who‟s the cardholder 15 Cartes 2013 shaping the future of payment technology
Rationale for this level of Performance (I)  The proposed FMR/FNMR is a good level of performance for the current state of the art , similar to what is going to be required eg, in US PIV card program  Lowering the FMR further means increasing the FNMR that in addition becomes random and highly dependent on the individual characteristics  This FMR=0,0001 offers the same level of security than a PIN comparison  Cardholders not eligible for minutiae enrollment will continue to use the PIN and the risk is to be the same  In addition … it‟s the level of performance announced by Apple Iphone 5S  A lower False Match Rate can be achieved by comparing more than one fingerprint or with biometrics multi-modality 16 Cartes 2013 shaping the future of payment technology
Rationale on Accuracy Performance (II)  A Card can enroll up to 10 fingerprint minutiae Effective to lower dramatically FMR without impacting FNMR but 10 finger biometric capture devices are expensive 10 fingerprint matching requires 3 presentations ( 4+4+ 2 thumbs simultaneously) or 4 presentations ( 4+4+ left thumb + right thumb) + 10 consecutives match-on-card  At least one fingerprint from right hand and another from left hand should be enrolled – More than 4 fingerprints don‟t bring significant benefit  Multi-modality could work but Expensive biometric capture device Transaction Time Minutiae is the only standard template format for card 17 Cartes 2013 shaping the future of payment technology
On timing performances  PIN Verification is deterministic – Biometric Verification time is random  This time depends in the number of minutiae to compare, the capture device , the matcher algorithm and the cardholder  Commercial matchers are able to process 64 minutiae ( average 41 minutiae)  Rule of thumb: 30 minutiae is a « big » fingerprint to treat  Level of performance for a Fingerprint Matcher qualified by MINEX  Average comparison match time : around 500 msec ( but variable)  With encrypted templates , add 10%  Typical transaction time < 1 sec Fingerprint matcher performances from Vendors measured in MINEX submission available in NIST site 18 Cartes 2013 shaping the future of payment technology
Testing & Certification procedures  The profile will propose high-level guidelines for Testing & Certification procedures  These tests are used to certify implementations that generate and/or match the mandatory minutia –based biometrics specified in the profile  They include generators ( minuitiae extraction + biometric template) and biometric template matchers  A combination of generator and matcher is interoperable if both are able to work effectively together to achieve a required level of performance  NIST recommends to certify independently Generators of Biometric Templates and Matchers  SPA willing to work ewith EMVCo to specify testing & certification procedures 19 SPA 2013 shaping the future of payment technology
SPA initiatives  Submit to EMVCo a first document on the standardization context for Biometrics  Promote Biometrics as a CVM for EMVCo next generation  Propose to EMVCo to develop a Biometrics Profile  Prepare a White paper on Use Cases  Present at last EMVCo F2F meeting a proposal for performances and main design decisions  End : Proposal for a EMVCo Profile for integration in EMV Specifications 20 SPA 2013 shaping the future of payment technology
Thank You for Your attention! Download from www.smartpaymentassociation.com #SmartPayment shaping the future of payment technology

Recomendados

Contactless payment and US chip-and-PIN adoption drives smart card growth in ...
Contactless payment and US chip-and-PIN adoption drives smart card growth in ...Contactless payment and US chip-and-PIN adoption drives smart card growth in ...
Contactless payment and US chip-and-PIN adoption drives smart card growth in ...
Smart Payment Association
 
How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...
How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...
How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...
Smart Payment Association
 
Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...
Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...
Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...
Smart Payment Association
 
The Multichannel Issues and Opportunities of EMV 2.0
The Multichannel Issues and Opportunities of EMV 2.0The Multichannel Issues and Opportunities of EMV 2.0
The Multichannel Issues and Opportunities of EMV 2.0
Smart Payment Association
 
Unleashing The Power of Smart Payment - Contactless
Unleashing The Power of Smart Payment - ContactlessUnleashing The Power of Smart Payment - Contactless
Unleashing The Power of Smart Payment - Contactless
Smart Payment Association
 
SPA Futureproofing your payments at RBTE 2013 in London this week
SPA Futureproofing your payments at RBTE 2013 in London this weekSPA Futureproofing your payments at RBTE 2013 in London this week
SPA Futureproofing your payments at RBTE 2013 in London this week
Smart Payment Association
 
SPA Explains EMV2.0 Vision at Cartes 12
SPA Explains EMV2.0 Vision at Cartes 12SPA Explains EMV2.0 Vision at Cartes 12
SPA Explains EMV2.0 Vision at Cartes 12
Smart Payment Association
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 

Recomendados

Contactless payment and US chip-and-PIN adoption drives smart card growth in ...
Contactless payment and US chip-and-PIN adoption drives smart card growth in ...Contactless payment and US chip-and-PIN adoption drives smart card growth in ...
Contactless payment and US chip-and-PIN adoption drives smart card growth in ...
Smart Payment Association
 
How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...
How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...
How we will be paying in 2020 - SPA Technical Director, Lorenzo Gaston at EPC...
Smart Payment Association
 
Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...
Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...
Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...
Smart Payment Association
 
The Multichannel Issues and Opportunities of EMV 2.0
The Multichannel Issues and Opportunities of EMV 2.0The Multichannel Issues and Opportunities of EMV 2.0
The Multichannel Issues and Opportunities of EMV 2.0
Smart Payment Association
 
Unleashing The Power of Smart Payment - Contactless
Unleashing The Power of Smart Payment - ContactlessUnleashing The Power of Smart Payment - Contactless
Unleashing The Power of Smart Payment - Contactless
Smart Payment Association
 
SPA Futureproofing your payments at RBTE 2013 in London this week
SPA Futureproofing your payments at RBTE 2013 in London this weekSPA Futureproofing your payments at RBTE 2013 in London this week
SPA Futureproofing your payments at RBTE 2013 in London this week
Smart Payment Association
 
SPA Explains EMV2.0 Vision at Cartes 12
SPA Explains EMV2.0 Vision at Cartes 12SPA Explains EMV2.0 Vision at Cartes 12
SPA Explains EMV2.0 Vision at Cartes 12
Smart Payment Association
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 

Mais conteúdo relacionado

Último

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 

Destaque

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 

Destaque (20)

Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 

The time is now for biometrics in financial services

  • 1. The Time is now for Biometrics in Financial Services Lorenzo Gaston, Technical Director, SPA Thursday 21st November 2013 shaping the future of payment technology
  • 2. 1. SPA: a short presentation shaping the future of payment technology
  • 3. Who we are The Smart Payment Association addresses the challenges of today‟s evolving payment ecosystem. We offer leadership and expert guidance to help members and their financial institution customers realize the opportunities of smart, secure and personalized payment systems and services - both now and in the future. Since 2004 Members: shaping the future of payment technology
  • 4. What we do  The SPA works in partnership with global standards bodies, its own vendor community, and an expanding ecosystem of established and emerging brands to offer an ever-growing portfolio of advisory and support services. NonTraditional Ecosystem Expert Advisor Services Help shape the future of payments Customers Members Customers Services Bring Value to Financial Institutions Members Services T rade Organization Traditional / Smart Card 4 Technologies Advanced/ New Fig 1 Extending advisory and support across the evolving community, the SPA is addressing today’s challenges and shaping the future direction of payment technologies, standards and business models. shaping the future of payment technology
  • 5. How we do it  By delivering the market‟s most accurate barometer of payment trends  An annual analysis of payment trends based on actual manufacturer sales data  SPA members = 85% of the total smart payments card market  By supporting the creation and adoption of standards and best practices  EPC-CSG/SEPA: Card Representative and Vendor Sector Spokeperson, Chair of the EPC-CSG Task Force to specify the SEPA functional and security requirements for emergent & remote payments (Internet + Mobile), Convenor of the new EPC-CSG Expert Team on Card Innovative Payments, Member of the Preparatory Committee of the SEPA Security Certification Management Body  EMVCo: Technical Associate and Board Advisor for Card Sector  EMVCo Next GenerationTaskforce: Contributor  By extending expert advice and support across the payments ecosystem  An eye-catching library of expert technical resources and thought leadership collaterals to shape the future of payment 5 shaping the future of payment technology
  • 6. SPA latest publications NEW!  Biometrics for EMV Payment Cards NEW!  UICC Application Lifecycle Management  Security Certification for Mobile Platforms  Security for Mobile Payments  PIN by SMS  Private Label Payment Solutions  Business Continuity in the Payment Card Issuance Industry Download at: www.smartpaymentassociation.com 6 shaping the future of payment technology
  • 7. 2. The Time is now for Biometrics in Financial Services shaping the future of payment technology
  • 8. Three-Factor Authentication in eightsteps 1. The cardholder presents their EMV card to the acceptance device equiped with a fingerprint biometric sensor 2. A next generation secure channel is established with the card 3. The Cardholder presents the PIN code for verification 4. The Terminal Manager instructs the CVM to require the cardholder to present the finger to the biometric sensor 5. The Biometric sensor extracts the minutiae, generates the ISO 19794-2 template and sends it to the CVM 6. The CVM transmits to the card the captured template through the secure channel via contact or contactless 7. The card verifies and decrypts the captured template and matches it with the enrolled template , calculating a score of similarity 8. Depending on score and the pre-fixed threshold the card returns signed result (i.e., Yes/No) to the CVM of the acceptance device 8 Cartes 2013 shaping the future of payment technology
  • 9. This looks easy & forward but … Introduction of biometric payment cards requires the careful consideration of a number of issues, including:  Decide the most suitable biometric modality to use  ‘on card’ or ‘off card’ or ‘both’ biometrics verification  Trade-off performance vs transaction times  Design of the cardholder enrolment process  Lifecycle management of the biometrics data  Storage, retrieval and data protection of a cardholder’s personal biometric attributes. 9 Cartes 2013 shaping the future of payment technology
  • 10. Use Cases for biometrics in payment cards  Opening Payment Accounts  Implement „Know your Customer‟ (KYC) processes,  use of existing biometric documents to enroll a bank biometrics  Authorization of Payment  AML/CFT monitoring process  Stronger proof of consent  Simplifying the use of payment cards in developing countries  facilitate access to financial services for individuals unused to PINs or passwords  cash withdrawal and other transaction services at an ATM or self-service bank kiosk 10 Cartes 2013 shaping the future of payment technology
  • 11. Use Cases for biometrics in payment cards  Contactless & Mobile Payments  As CVM “hands free”  Ability of the mobile to integrate many capture devices  Generation of non-repudiable electronic signatures Activation of private signature key subscribing a contract for access to a new financial service confirming a remittance generating an e-Invoice proceeding to a mobile commerce transaction downloading and transferring electronic money. 11 Cartes 2013 shaping the future of payment technology
  • 13. Setting Performances (I)  The profile proposes performance targets for biometric matchers configured and used in EMV Biometric authentication subsystems  The key criteria is security, meaning minimizing False-MatchRate  False Match Rate criteria can be met by simply setting an arbitrary high score of similarity  But that involves high False Rejection Rate and negative commercial impact  The final tradeoff will of course be set by the card issuer  Lower further FMR or prefer lower FNMR to facilitate acceptance of the technology  Set the number of consecutive tries  Set the level of performance depending on the risk of the transaction A high transaction risk requires a higher score of similarity to proceed 13 Cartes 2013 shaping the future of payment technology
  • 14. On Error-Condition Performances Different approaches for setting the comparison threshold for the application 14 shaping the future of payment technology
  • 15. Setting Performances (II)  The Profile proposes a trade-off minimum level of accuracy for EMV Match-on-Card fingerprint minutiae authentication  « The False Match Rate of FMR= 0.0001 should be achieved with a maximum False Non Match Rate FNMR = 0.02 on one finger » FMR≤0.0001 with FNMR ≤0.02  This FMR applies to zero-effort authentication This represents the case where a lost/stolen card is presented by a random person who tries to impersonate but ignoring who‟s the cardholder 15 Cartes 2013 shaping the future of payment technology
  • 16. Rationale for this level of Performance (I)  The proposed FMR/FNMR is a good level of performance for the current state of the art , similar to what is going to be required eg, in US PIV card program  Lowering the FMR further means increasing the FNMR that in addition becomes random and highly dependent on the individual characteristics  This FMR=0,0001 offers the same level of security than a PIN comparison  Cardholders not eligible for minutiae enrollment will continue to use the PIN and the risk is to be the same  In addition … it‟s the level of performance announced by Apple Iphone 5S  A lower False Match Rate can be achieved by comparing more than one fingerprint or with biometrics multi-modality 16 Cartes 2013 shaping the future of payment technology
  • 17. Rationale on Accuracy Performance (II)  A Card can enroll up to 10 fingerprint minutiae Effective to lower dramatically FMR without impacting FNMR but 10 finger biometric capture devices are expensive 10 fingerprint matching requires 3 presentations ( 4+4+ 2 thumbs simultaneously) or 4 presentations ( 4+4+ left thumb + right thumb) + 10 consecutives match-on-card  At least one fingerprint from right hand and another from left hand should be enrolled – More than 4 fingerprints don‟t bring significant benefit  Multi-modality could work but Expensive biometric capture device Transaction Time Minutiae is the only standard template format for card 17 Cartes 2013 shaping the future of payment technology
  • 18. On timing performances  PIN Verification is deterministic – Biometric Verification time is random  This time depends in the number of minutiae to compare, the capture device , the matcher algorithm and the cardholder  Commercial matchers are able to process 64 minutiae ( average 41 minutiae)  Rule of thumb: 30 minutiae is a « big » fingerprint to treat  Level of performance for a Fingerprint Matcher qualified by MINEX  Average comparison match time : around 500 msec ( but variable)  With encrypted templates , add 10%  Typical transaction time < 1 sec Fingerprint matcher performances from Vendors measured in MINEX submission available in NIST site 18 Cartes 2013 shaping the future of payment technology
  • 19. Testing & Certification procedures  The profile will propose high-level guidelines for Testing & Certification procedures  These tests are used to certify implementations that generate and/or match the mandatory minutia –based biometrics specified in the profile  They include generators ( minuitiae extraction + biometric template) and biometric template matchers  A combination of generator and matcher is interoperable if both are able to work effectively together to achieve a required level of performance  NIST recommends to certify independently Generators of Biometric Templates and Matchers  SPA willing to work ewith EMVCo to specify testing & certification procedures 19 SPA 2013 shaping the future of payment technology
  • 20. SPA initiatives  Submit to EMVCo a first document on the standardization context for Biometrics  Promote Biometrics as a CVM for EMVCo next generation  Propose to EMVCo to develop a Biometrics Profile  Prepare a White paper on Use Cases  Present at last EMVCo F2F meeting a proposal for performances and main design decisions  End : Proposal for a EMVCo Profile for integration in EMV Specifications 20 SPA 2013 shaping the future of payment technology
  • 21. Thank You for Your attention! Download from www.smartpaymentassociation.com #SmartPayment shaping the future of payment technology