SlideShare a Scribd company logo

Developing secured-biometric-payment-model-using-tokenization

R Systems International
R Systems International
1 of 8
Download to read offline
Biometric payment is slated to be the next big innovation in the payments industry. Though, several solutions enabling cardholder authentication using biometrics already exist, a full- fledged biometric payment system, where user may pay at merchant point of sale (POS) terminal using impression of a finger-would soon be in place. Ram Garg | NK Garg Developing a Secured Biometric Payments Model Using Tokenization WHITEPAPER
2 | P a g e CONTENTS  Introduction……………………………………………………………………………………………2  Current State of Technology in the Market…………...………..……..………………3  Future Trends…………………..….…………………………………………………………………3  Proposed Biometric Payment Model Using Tokenization……….……………....4  Issuer BIN Enrollment………………………………………………………………………….4  Cardholder Enrollment…………….……….….................................................4  Biometric Payment Authorization……………………………………………………….5  Benefits of Proposed Biometric Payment Model.……….………………………….. 5  Implementation Challenges……………..……………………………………………………..6  Conclusion…………….....................................................................................7 INTRODUCTION Biometric payments will be the norm for security, convenience, and efficiency in the years to come. Organizations will capitalize on the combined effect of biometrics and tokenization to strengthen security, cut payment fraud costs, while eliminating the inconvenience and anxiety of using and protecting payment cards and card data during biometric payments. Leading players have foreseen the potential benefits of integrating biometrics with payment platform and are thus focusing on devising a solution that offers benefits such as cardholder convenience & payments security. However, the extent to which biometrics is used in available solutions is currently restricted to either doing cardholder authentication or facilitating Mobile App Login. This whitepaper proposes a secured biometric payment model using tokenization, which will enable users to pay at Merchants point of sale (POS) with the impression of their finger. Apart from this, this paper will also provide a roadmap on how to address the challenges while implementing this model.
3 | P a g e CURRENT STATE OF TECHNOLOGY IN THE MARKET Much has been discussed about the usage of biometrics on Mobile platforms. Leading industry players such as Apple, Samsung and PayPal have already built payment solutions using biometrics for their respective mobile platforms where users can perform financial transactions using touch ID or fingerprint scans. Additionally, lot of work on biometric authentication has been done in the payment industry. For example, users can authenticate their identity on a bank ATM or a POS terminal using biometrics. As per a press release by Gartner, 30 Percent of organizations will use biometric authentication for mobile devices by 2016. Statistics reveal that the global biometrics technology market is emerging at a compounded annual growth rate of about 21.6 percent. Talking about biometric payments at Merchant point of sale, though, some work has already been done by many companies in a closed-loop environment, a full-fledged open-loop biometric payment platform is yet to be realized. FUTURE TRENDS With increasing complexity and availability of myriad technology, biometric system is poised to make our lives more convenient, in unexpected ways. Biometric payments through fingerprint technology will provide consumers with a convenient, safe, and seamless payment experience. It will enable each finger to uniquely identify a customer and represent a payment card. For example, the little finger may represent both ‘Bank of China CUP credit card’ and ‘Bank of America Visa Credit Card’. While making a payment through their little finger, users will need to select the corresponding payment scheme from the terminal. Figure 1: Futuristic View of Payment Cards in a User Wallet
4 | P a g e PROPOSED BIOMETRIC PAYMENTS MODEL USING TOKENIZATION Biometric Payments Model using Tokenization comprises of the following 3 stages:  Stage 1 - Issuer BIN Enrollment Issuer bank enrolls BIN number with corresponding payment scheme’s biometric server (Visa/MC etc.) for participating in biometric payments.  Stage 2 - Cardholder Enrollment To enable biometric payment on a payment card, the user will have to first enroll it with the card issuer. The following diagram depicts the process flow of the cardholder enrollment stage: Figure 2: Cardholder Enrollment Process Flow Diagram  Cardholder enrolls for biometric payment with the issuer bank. On the biometric terminal installed by the bank, the user has to first swipe the payment card and then scan his/ her fingerprints. This sends an enrollment request containing fingerprints (Biometric Value) and the swiped card data.  When the Payment Scheme (PS) server receives the enrolment request, it searches its directory server to validate whether or not the BIN is enrolled for biometric payments. If yes, it sends the card data for tokenization.
5 | P a g e  The enrolment data (Biometric Value, Card Token & BIN) gets stored in the enrollment database. This completes the user enrolment process and enables users to use their payment fingers to make biometric payment at merchant point of sale terminal.  The token provider generates a secured token associated with the card number and sends it back to the payment scheme biometric server.  Stage 3 - Biometric Payment Authorization The following diagram depicts the process flow of a Biometric Payment authorization, initiated by a user by scanning a payment finger on a biometric POS: Figure 3: Biometric Payment Authorization Process Flow Diagram Merchants will require specially designed biometric POS to accept biometric payments. An enrolled user chooses the payment scheme (of his/her payment card) from the POS terminal. The user then scans his/her fingerprints and submits the transaction. Authorization message including fingerprint scan (Biometric Value) is sent to the acquirer switching system. Switch routes the message to user selected payment scheme’s biometric server. Payment scheme server looks up enrollment database and fetches card Token + BIN associated to the Biometric Value (BV) of the user. Server routes the authorization message to
6 | P a g e the corresponding card issuer authorization system (based upon BIN). Issuer authorization system receives authorization request and decrypts the card token to get the real card number. Authorization system performs required financial validations as well as PIN validations (If PIN was entered). Based upon the validation results, the authorization is approved or declined and sent back to the POS terminal. BENEFITS OF PROPOSED PAYMENT MODEL Following are the benefits of the proposed Biometric Payment model:  With the use of tokenization, real card number is never exposed during transaction processing which makes it a highly secure process for implementing biometric payments.  Consumers need not carry physical cards or buy expensive mobile phones for the sole purpose of participating in NFC-enabled payments.  Because of enhanced security involved in biometric transactions, banks may charge lower interchange and thereby may allow Merchants to pay lower interchange fees.  Banks will benefit significantly due to lesser frauds and chargeback rates.  Since, adoption of biometric payment model will need significant change in infrastructure, it will open gates of big opportunities for device manufacturers & card token software providers. IMPLEMENTATION CHALLENGES  Infrastructure: Implementing Biometric Payments will create a need to change merchant infrastructure considerably. So, adoption and implementation of the aforesaid model might be an expensive proposition.  Accuracy: Each finger scan is converted into a value termed as Biometric Value (BV). A sophisticated software that is capable of calculating Biometric Value uniquely and accurately is required to be developed.  Merchant/Cardholder Education: Implementation of biometric payments will require complete re- structuring of the Merchant infrastructure. Both cardholders, as well as, merchants should be educated regarding the new system or new compliances, if any.  Security: Storing biometric data securely is indeed a big challenge as finger print pattern of a person can be stolen by fraudsters to make fraudulent payments. Another layer of authentication might be required to minimize frauds and enhance security. This can be achieved by issuing a PIN, sending an OTP or by using additional biometric pattern matching of the user, such as palm impression or multiple finger prints, during transaction authorization.  Adoption: To ensure global acceptance of this model, it is very important to ensure that implemented biometric payment system works as an open-loop system. Biometric Service providers, payment schemes in this case, should have a robust built in infrastructure in place.  Payment Cards management: It might be difficult for users to remember which finger represents which card, and this might get a bit difficult to manage.
7 | P a g e CONCLUSION Biometric payments is the next big thing in the payment industry. Payment cards will be represented through user’s distinguishing features such as Finger Prints, Retina Scan, Face Scan, Palm/thumb impression etc. Since, security could be a concern, integrating tokenization with the biometric payments could eliminate the risk and make it a highly secure payment instrument. Though, adoption of biometric payments might pose several challenges, it is definitely a much needed step to achieve advancement in the consumer payments. Deploying biometric payments will eliminate the need of carrying physical cards and buying expensive mobile phones, bought for the sole purpose of making convenient payments. This will also eliminate the risk of losing your card or a mobile phone as your biometric fingerprints (or Payment Fingers) will always be with you and that is all you need to make a payment. In a nutshell, though there are several challenges in implementing a biometric payment system, it certainly provides a future roadmap for a seamless, safe and convenient payments experience.
8 | P a g e ABOUT THE AUTHOR Ram Garg has 9+ years of experience in the Cards and Payments domain and is heading the Cards & Payments Practice at R Systems International Ltd. as Practice Manager. Ram holds a Master’s in Business Administration from IMT Ghaziabad and a Bachelor’s in Computer science from Netaji Subhas Institute of Technology, Delhi, India. NK Garg has a rich experience of 25+ years in the IT industry. He is the Vice President - IT & Head Quality at R Systems International Ltd. He holds a Master Degree in (Automation & Computer Vision) from IIT Kharagpur and a Bachelor’s degree in Computer Science from IIT Roorkee. ABOUT R SYSTEMS R Systems is a leading OPD and IT Services company, which caters to Fortune 1000, Government, and Mid-sized organizations, worldwide. The company is hailed as an industry leader with some of the world’s highest quality standards, including SEI CMMI Level 5, PCMM Level 5, ISO 9001:2008, and ISO 27001:2013 certifications. With a rich legacy spread over two decades, we generate value that helps organizations transcend to higher levels of efficiency and growth. Quite like the Oyster delivering the Pearl. For more information, visit www.rsystems.com © 2015 R Systems International Limited. All Rights Reserved. All content/information present here is the exclusive property of R Systems International Ltd. The content/information contained here is correct at the time of publishing. No material from here may be copied, modified, reproduced, republished, uploaded, transmitted, posted or distributed in any form without prior written permission from R Systems International Ltd. Unauthorized use of the content/information appearing here may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties. Email: rsi.marketing@rsystems.com | Phone (India): (+91) 120-4303500 | Phone (US): (800) 355-5159

Recommended

OSGeo와 Open Data
OSGeo와 Open DataOSGeo와 Open Data
OSGeo와 Open Data
r-kor
 
황성수 공공데이터 개방과 공공이슈 해결
황성수 공공데이터 개방과 공공이슈 해결황성수 공공데이터 개방과 공공이슈 해결
황성수 공공데이터 개방과 공공이슈 해결
r-kor
 
Distributed R: The Next Generation Platform for Predictive Analytics
Distributed R: The Next Generation Platform for Predictive AnalyticsDistributed R: The Next Generation Platform for Predictive Analytics
Distributed R: The Next Generation Platform for Predictive Analytics
Jorge Martinez de Salinas
 
Deciphering voice of customer through speech analytics
Deciphering voice of customer through speech analyticsDeciphering voice of customer through speech analytics
Deciphering voice of customer through speech analytics
R Systems International
 
Optimizing Facebook Campaigns with R
Optimizing Facebook Campaigns with ROptimizing Facebook Campaigns with R
Optimizing Facebook Campaigns with R
Domino Data Lab
 
Cloud Conf 2015 - Develop and Deploy IOT Applications
Cloud Conf 2015 - Develop and Deploy IOT ApplicationsCloud Conf 2015 - Develop and Deploy IOT Applications
Cloud Conf 2015 - Develop and Deploy IOT Applications
Corley S.r.l.
 
R lecture oga
R lecture ogaR lecture oga
R lecture oga
Osamu Ogasawara
 
Implementing a highly scalable stock prediction system with R, Geode, SpringX...
Implementing a highly scalable stock prediction system with R, Geode, SpringX...Implementing a highly scalable stock prediction system with R, Geode, SpringX...
Implementing a highly scalable stock prediction system with R, Geode, SpringX...
William Markito Oliveira
 

Recommended

OSGeo와 Open Data
OSGeo와 Open DataOSGeo와 Open Data
OSGeo와 Open Data
r-kor
 
황성수 공공데이터 개방과 공공이슈 해결
황성수 공공데이터 개방과 공공이슈 해결황성수 공공데이터 개방과 공공이슈 해결
황성수 공공데이터 개방과 공공이슈 해결
r-kor
 
Distributed R: The Next Generation Platform for Predictive Analytics
Distributed R: The Next Generation Platform for Predictive AnalyticsDistributed R: The Next Generation Platform for Predictive Analytics
Distributed R: The Next Generation Platform for Predictive Analytics
Jorge Martinez de Salinas
 
Deciphering voice of customer through speech analytics
Deciphering voice of customer through speech analyticsDeciphering voice of customer through speech analytics
Deciphering voice of customer through speech analytics
R Systems International
 
Optimizing Facebook Campaigns with R
Optimizing Facebook Campaigns with ROptimizing Facebook Campaigns with R
Optimizing Facebook Campaigns with R
Domino Data Lab
 
Cloud Conf 2015 - Develop and Deploy IOT Applications
Cloud Conf 2015 - Develop and Deploy IOT ApplicationsCloud Conf 2015 - Develop and Deploy IOT Applications
Cloud Conf 2015 - Develop and Deploy IOT Applications
Corley S.r.l.
 
R lecture oga
R lecture ogaR lecture oga
R lecture oga
Osamu Ogasawara
 
Implementing a highly scalable stock prediction system with R, Geode, SpringX...
Implementing a highly scalable stock prediction system with R, Geode, SpringX...Implementing a highly scalable stock prediction system with R, Geode, SpringX...
Implementing a highly scalable stock prediction system with R, Geode, SpringX...
William Markito Oliveira
 
The Next List: R&D Breakthroughs that are Changing the World
The Next List: R&D Breakthroughs that are Changing the WorldThe Next List: R&D Breakthroughs that are Changing the World
The Next List: R&D Breakthroughs that are Changing the World
GE
 
IMCSummit 2015 - Day 2 Developer Track - Implementing a Highly Scalable In-Me...
IMCSummit 2015 - Day 2 Developer Track - Implementing a Highly Scalable In-Me...IMCSummit 2015 - Day 2 Developer Track - Implementing a Highly Scalable In-Me...
IMCSummit 2015 - Day 2 Developer Track - Implementing a Highly Scalable In-Me...
In-Memory Computing Summit
 
오픈데이터와 오픈소스 소프트웨어를 이용한 의료이용정보의 시각화
오픈데이터와 오픈소스 소프트웨어를 이용한 의료이용정보의 시각화오픈데이터와 오픈소스 소프트웨어를 이용한 의료이용정보의 시각화
오픈데이터와 오픈소스 소프트웨어를 이용한 의료이용정보의 시각화
r-kor
 
구조화된 데이터: Schema.org와 Microdata, RDFa, JSON-LD
구조화된 데이터: Schema.org와 Microdata, RDFa, JSON-LD구조화된 데이터: Schema.org와 Microdata, RDFa, JSON-LD
구조화된 데이터: Schema.org와 Microdata, RDFa, JSON-LD
r-kor
 
Trading System Design
Trading System DesignTrading System Design
Trading System Design
Marketcalls
 
Trading sentimental analysis
Trading sentimental analysisTrading sentimental analysis
Trading sentimental analysis
Marketcalls
 
II-SDV 2016 Patrick Beaucamp - Data Science with R and Vanilla Air
II-SDV 2016 Patrick Beaucamp - Data Science with R and Vanilla AirII-SDV 2016 Patrick Beaucamp - Data Science with R and Vanilla Air
II-SDV 2016 Patrick Beaucamp - Data Science with R and Vanilla Air
Dr. Haxel Consult
 
Language R
Language RLanguage R
Language R
Girish Khanzode
 
Taking R Analytics to SQL and the Cloud
Taking R Analytics to SQL and the CloudTaking R Analytics to SQL and the Cloud
Taking R Analytics to SQL and the Cloud
Revolution Analytics
 
H2O World - Intro to R, Python, and Flow - Amy Wang
H2O World - Intro to R, Python, and Flow - Amy WangH2O World - Intro to R, Python, and Flow - Amy Wang
H2O World - Intro to R, Python, and Flow - Amy Wang
Sri Ambati
 
Big data analysis with R and Apache Tajo (in Korean)
Big data analysis with R and Apache Tajo (in Korean)Big data analysis with R and Apache Tajo (in Korean)
Big data analysis with R and Apache Tajo (in Korean)
Gruter
 
Introduction to R for Data Science :: Session 4
Introduction to R for Data Science :: Session 4Introduction to R for Data Science :: Session 4
Introduction to R for Data Science :: Session 4
Goran S. Milovanovic
 
3. 마이크로 서비스 아키텍쳐
3. 마이크로 서비스 아키텍쳐3. 마이크로 서비스 아키텍쳐
3. 마이크로 서비스 아키텍쳐
Terry Cho
 
Introduction to R for Data Science :: Session 3
Introduction to R for Data Science :: Session 3Introduction to R for Data Science :: Session 3
Introduction to R for Data Science :: Session 3
Goran S. Milovanovic
 
A short tutorial on r
A short tutorial on rA short tutorial on r
A short tutorial on r
Ashraf Uddin
 
Introduction to R for Data Science :: Session 2
Introduction to R for Data Science :: Session 2Introduction to R for Data Science :: Session 2
Introduction to R for Data Science :: Session 2
Goran S. Milovanovic
 
IoT 구현을 위한 오픈 데이터 이슈
IoT 구현을 위한 오픈 데이터 이슈IoT 구현을 위한 오픈 데이터 이슈
IoT 구현을 위한 오픈 데이터 이슈
r-kor
 
데이터 분석의 길 1. “고수는 생선 잡는 법을 알고있다” (검색과 영어)
데이터 분석의 길 1. “고수는 생선 잡는 법을 알고있다” (검색과 영어)데이터 분석의 길 1. “고수는 생선 잡는 법을 알고있다” (검색과 영어)
데이터 분석의 길 1. “고수는 생선 잡는 법을 알고있다” (검색과 영어)
Jaimie Kwon (권재명)
 
선박식별정보를 이용한 어업활동 공간밀도 가시화
선박식별정보를 이용한 어업활동 공간밀도 가시화선박식별정보를 이용한 어업활동 공간밀도 가시화
선박식별정보를 이용한 어업활동 공간밀도 가시화
r-kor
 
Introduction to R for Data Science :: Session 1
Introduction to R for Data Science :: Session 1Introduction to R for Data Science :: Session 1
Introduction to R for Data Science :: Session 1
Goran S. Milovanovic
 
R Systems International Limited Annual Report 2015
R Systems International Limited Annual Report 2015R Systems International Limited Annual Report 2015
R Systems International Limited Annual Report 2015
R Systems International
 
A paradigmatic shift in it-offshoring industry from cost-centric to caring-ce...
A paradigmatic shift in it-offshoring industry from cost-centric to caring-ce...A paradigmatic shift in it-offshoring industry from cost-centric to caring-ce...
A paradigmatic shift in it-offshoring industry from cost-centric to caring-ce...
R Systems International
 

More Related Content

Viewers also liked

IMCSummit 2015 - Day 2 Developer Track - Implementing a Highly Scalable In-Me...
IMCSummit 2015 - Day 2 Developer Track - Implementing a Highly Scalable In-Me...IMCSummit 2015 - Day 2 Developer Track - Implementing a Highly Scalable In-Me...
IMCSummit 2015 - Day 2 Developer Track - Implementing a Highly Scalable In-Me...
In-Memory Computing Summit
 
II-SDV 2016 Patrick Beaucamp - Data Science with R and Vanilla Air
II-SDV 2016 Patrick Beaucamp - Data Science with R and Vanilla AirII-SDV 2016 Patrick Beaucamp - Data Science with R and Vanilla Air
II-SDV 2016 Patrick Beaucamp - Data Science with R and Vanilla Air
Dr. Haxel Consult
 

Viewers also liked (20)

The Next List: R&D Breakthroughs that are Changing the World
The Next List: R&D Breakthroughs that are Changing the WorldThe Next List: R&D Breakthroughs that are Changing the World
The Next List: R&D Breakthroughs that are Changing the World
 
IMCSummit 2015 - Day 2 Developer Track - Implementing a Highly Scalable In-Me...
IMCSummit 2015 - Day 2 Developer Track - Implementing a Highly Scalable In-Me...IMCSummit 2015 - Day 2 Developer Track - Implementing a Highly Scalable In-Me...
IMCSummit 2015 - Day 2 Developer Track - Implementing a Highly Scalable In-Me...
 
오픈데이터와 오픈소스 소프트웨어를 이용한 의료이용정보의 시각화
오픈데이터와 오픈소스 소프트웨어를 이용한 의료이용정보의 시각화오픈데이터와 오픈소스 소프트웨어를 이용한 의료이용정보의 시각화
오픈데이터와 오픈소스 소프트웨어를 이용한 의료이용정보의 시각화
 
구조화된 데이터: Schema.org와 Microdata, RDFa, JSON-LD
구조화된 데이터: Schema.org와 Microdata, RDFa, JSON-LD구조화된 데이터: Schema.org와 Microdata, RDFa, JSON-LD
구조화된 데이터: Schema.org와 Microdata, RDFa, JSON-LD
 
Trading System Design
Trading System DesignTrading System Design
Trading System Design
 
Trading sentimental analysis
Trading sentimental analysisTrading sentimental analysis
Trading sentimental analysis
 
II-SDV 2016 Patrick Beaucamp - Data Science with R and Vanilla Air
II-SDV 2016 Patrick Beaucamp - Data Science with R and Vanilla AirII-SDV 2016 Patrick Beaucamp - Data Science with R and Vanilla Air
II-SDV 2016 Patrick Beaucamp - Data Science with R and Vanilla Air
 
Language R
Language RLanguage R
Language R
 
Taking R Analytics to SQL and the Cloud
Taking R Analytics to SQL and the CloudTaking R Analytics to SQL and the Cloud
Taking R Analytics to SQL and the Cloud
 
H2O World - Intro to R, Python, and Flow - Amy Wang
H2O World - Intro to R, Python, and Flow - Amy WangH2O World - Intro to R, Python, and Flow - Amy Wang
H2O World - Intro to R, Python, and Flow - Amy Wang
 
Big data analysis with R and Apache Tajo (in Korean)
Big data analysis with R and Apache Tajo (in Korean)Big data analysis with R and Apache Tajo (in Korean)
Big data analysis with R and Apache Tajo (in Korean)
 
Introduction to R for Data Science :: Session 4
Introduction to R for Data Science :: Session 4Introduction to R for Data Science :: Session 4
Introduction to R for Data Science :: Session 4
 
3. 마이크로 서비스 아키텍쳐
3. 마이크로 서비스 아키텍쳐3. 마이크로 서비스 아키텍쳐
3. 마이크로 서비스 아키텍쳐
 
Introduction to R for Data Science :: Session 3
Introduction to R for Data Science :: Session 3Introduction to R for Data Science :: Session 3
Introduction to R for Data Science :: Session 3
 
A short tutorial on r
A short tutorial on rA short tutorial on r
A short tutorial on r
 
Introduction to R for Data Science :: Session 2
Introduction to R for Data Science :: Session 2Introduction to R for Data Science :: Session 2
Introduction to R for Data Science :: Session 2
 
IoT 구현을 위한 오픈 데이터 이슈
IoT 구현을 위한 오픈 데이터 이슈IoT 구현을 위한 오픈 데이터 이슈
IoT 구현을 위한 오픈 데이터 이슈
 
데이터 분석의 길 1. “고수는 생선 잡는 법을 알고있다” (검색과 영어)
데이터 분석의 길 1. “고수는 생선 잡는 법을 알고있다” (검색과 영어)데이터 분석의 길 1. “고수는 생선 잡는 법을 알고있다” (검색과 영어)
데이터 분석의 길 1. “고수는 생선 잡는 법을 알고있다” (검색과 영어)
 
선박식별정보를 이용한 어업활동 공간밀도 가시화
선박식별정보를 이용한 어업활동 공간밀도 가시화선박식별정보를 이용한 어업활동 공간밀도 가시화
선박식별정보를 이용한 어업활동 공간밀도 가시화
 
Introduction to R for Data Science :: Session 1
Introduction to R for Data Science :: Session 1Introduction to R for Data Science :: Session 1
Introduction to R for Data Science :: Session 1
 

More from R Systems International

A secured-&-effective-system-for-remote-monitoring-of-large-network-of-hetero...
A secured-&-effective-system-for-remote-monitoring-of-large-network-of-hetero...A secured-&-effective-system-for-remote-monitoring-of-large-network-of-hetero...
A secured-&-effective-system-for-remote-monitoring-of-large-network-of-hetero...
R Systems International
 

More from R Systems International (16)

R Systems International Limited Annual Report 2015
R Systems International Limited Annual Report 2015R Systems International Limited Annual Report 2015
R Systems International Limited Annual Report 2015
 
A paradigmatic shift in it-offshoring industry from cost-centric to caring-ce...
A paradigmatic shift in it-offshoring industry from cost-centric to caring-ce...A paradigmatic shift in it-offshoring industry from cost-centric to caring-ce...
A paradigmatic shift in it-offshoring industry from cost-centric to caring-ce...
 
R Systems Announces its Results for the Quarter & Financial Year ended Decemb...
R Systems Announces its Results for the Quarter & Financial Year ended Decemb...R Systems Announces its Results for the Quarter & Financial Year ended Decemb...
R Systems Announces its Results for the Quarter & Financial Year ended Decemb...
 
Understanding network-visibility
Understanding network-visibilityUnderstanding network-visibility
Understanding network-visibility
 
A secured-&-effective-system-for-remote-monitoring-of-large-network-of-hetero...
A secured-&-effective-system-for-remote-monitoring-of-large-network-of-hetero...A secured-&-effective-system-for-remote-monitoring-of-large-network-of-hetero...
A secured-&-effective-system-for-remote-monitoring-of-large-network-of-hetero...
 
SMAC – An Emerging Accelerator for Businesses
SMAC – An Emerging Accelerator for BusinessesSMAC – An Emerging Accelerator for Businesses
SMAC – An Emerging Accelerator for Businesses
 
R systems-international-limited-annual-report-2014
R systems-international-limited-annual-report-2014R systems-international-limited-annual-report-2014
R systems-international-limited-annual-report-2014
 
R Systems’ Profile available on Microsoft Public Sector Global Outlook Direct...
R Systems’ Profile available on Microsoft Public Sector Global Outlook Direct...R Systems’ Profile available on Microsoft Public Sector Global Outlook Direct...
R Systems’ Profile available on Microsoft Public Sector Global Outlook Direct...
 
R Systems International - Company Overview Infographic
R Systems International - Company Overview InfographicR Systems International - Company Overview Infographic
R Systems International - Company Overview Infographic
 
R Systems iPLM and Software Development Lifecycle Management Services Infogra...
R Systems iPLM and Software Development Lifecycle Management Services Infogra...R Systems iPLM and Software Development Lifecycle Management Services Infogra...
R Systems iPLM and Software Development Lifecycle Management Services Infogra...
 
R Systems Wish you all a Happy new year
R Systems Wish you all a Happy new yearR Systems Wish you all a Happy new year
R Systems Wish you all a Happy new year
 
Model of Innovation for Organizations in the IT Software Services Industry
Model of Innovation for Organizations in the IT Software Services IndustryModel of Innovation for Organizations in the IT Software Services Industry
Model of Innovation for Organizations in the IT Software Services Industry
 
R Systems iPLM Infographic
R Systems iPLM InfographicR Systems iPLM Infographic
R Systems iPLM Infographic
 
R Systems Info graphic
R Systems Info graphic R Systems Info graphic
R Systems Info graphic
 
3600 Evaluation Matrix for Selecting the Right Outsourcing Partner
3600 Evaluation Matrix for Selecting the Right Outsourcing Partner3600 Evaluation Matrix for Selecting the Right Outsourcing Partner
3600 Evaluation Matrix for Selecting the Right Outsourcing Partner
 
Protect Intellectual Property While Offshore Outsourcing
Protect Intellectual Property While Offshore OutsourcingProtect Intellectual Property While Offshore Outsourcing
Protect Intellectual Property While Offshore Outsourcing
 

Developing secured-biometric-payment-model-using-tokenization

  • 1. Biometric payment is slated to be the next big innovation in the payments industry. Though, several solutions enabling cardholder authentication using biometrics already exist, a full- fledged biometric payment system, where user may pay at merchant point of sale (POS) terminal using impression of a finger-would soon be in place. Ram Garg | NK Garg Developing a Secured Biometric Payments Model Using Tokenization WHITEPAPER
  • 2. 2 | P a g e CONTENTS  Introduction……………………………………………………………………………………………2  Current State of Technology in the Market…………...………..……..………………3  Future Trends…………………..….…………………………………………………………………3  Proposed Biometric Payment Model Using Tokenization……….……………....4  Issuer BIN Enrollment………………………………………………………………………….4  Cardholder Enrollment…………….……….….................................................4  Biometric Payment Authorization……………………………………………………….5  Benefits of Proposed Biometric Payment Model.……….………………………….. 5  Implementation Challenges……………..……………………………………………………..6  Conclusion…………….....................................................................................7 INTRODUCTION Biometric payments will be the norm for security, convenience, and efficiency in the years to come. Organizations will capitalize on the combined effect of biometrics and tokenization to strengthen security, cut payment fraud costs, while eliminating the inconvenience and anxiety of using and protecting payment cards and card data during biometric payments. Leading players have foreseen the potential benefits of integrating biometrics with payment platform and are thus focusing on devising a solution that offers benefits such as cardholder convenience & payments security. However, the extent to which biometrics is used in available solutions is currently restricted to either doing cardholder authentication or facilitating Mobile App Login. This whitepaper proposes a secured biometric payment model using tokenization, which will enable users to pay at Merchants point of sale (POS) with the impression of their finger. Apart from this, this paper will also provide a roadmap on how to address the challenges while implementing this model.
  • 3. 3 | P a g e CURRENT STATE OF TECHNOLOGY IN THE MARKET Much has been discussed about the usage of biometrics on Mobile platforms. Leading industry players such as Apple, Samsung and PayPal have already built payment solutions using biometrics for their respective mobile platforms where users can perform financial transactions using touch ID or fingerprint scans. Additionally, lot of work on biometric authentication has been done in the payment industry. For example, users can authenticate their identity on a bank ATM or a POS terminal using biometrics. As per a press release by Gartner, 30 Percent of organizations will use biometric authentication for mobile devices by 2016. Statistics reveal that the global biometrics technology market is emerging at a compounded annual growth rate of about 21.6 percent. Talking about biometric payments at Merchant point of sale, though, some work has already been done by many companies in a closed-loop environment, a full-fledged open-loop biometric payment platform is yet to be realized. FUTURE TRENDS With increasing complexity and availability of myriad technology, biometric system is poised to make our lives more convenient, in unexpected ways. Biometric payments through fingerprint technology will provide consumers with a convenient, safe, and seamless payment experience. It will enable each finger to uniquely identify a customer and represent a payment card. For example, the little finger may represent both ‘Bank of China CUP credit card’ and ‘Bank of America Visa Credit Card’. While making a payment through their little finger, users will need to select the corresponding payment scheme from the terminal. Figure 1: Futuristic View of Payment Cards in a User Wallet
  • 4. 4 | P a g e PROPOSED BIOMETRIC PAYMENTS MODEL USING TOKENIZATION Biometric Payments Model using Tokenization comprises of the following 3 stages:  Stage 1 - Issuer BIN Enrollment Issuer bank enrolls BIN number with corresponding payment scheme’s biometric server (Visa/MC etc.) for participating in biometric payments.  Stage 2 - Cardholder Enrollment To enable biometric payment on a payment card, the user will have to first enroll it with the card issuer. The following diagram depicts the process flow of the cardholder enrollment stage: Figure 2: Cardholder Enrollment Process Flow Diagram  Cardholder enrolls for biometric payment with the issuer bank. On the biometric terminal installed by the bank, the user has to first swipe the payment card and then scan his/ her fingerprints. This sends an enrollment request containing fingerprints (Biometric Value) and the swiped card data.  When the Payment Scheme (PS) server receives the enrolment request, it searches its directory server to validate whether or not the BIN is enrolled for biometric payments. If yes, it sends the card data for tokenization.
  • 5. 5 | P a g e  The enrolment data (Biometric Value, Card Token & BIN) gets stored in the enrollment database. This completes the user enrolment process and enables users to use their payment fingers to make biometric payment at merchant point of sale terminal.  The token provider generates a secured token associated with the card number and sends it back to the payment scheme biometric server.  Stage 3 - Biometric Payment Authorization The following diagram depicts the process flow of a Biometric Payment authorization, initiated by a user by scanning a payment finger on a biometric POS: Figure 3: Biometric Payment Authorization Process Flow Diagram Merchants will require specially designed biometric POS to accept biometric payments. An enrolled user chooses the payment scheme (of his/her payment card) from the POS terminal. The user then scans his/her fingerprints and submits the transaction. Authorization message including fingerprint scan (Biometric Value) is sent to the acquirer switching system. Switch routes the message to user selected payment scheme’s biometric server. Payment scheme server looks up enrollment database and fetches card Token + BIN associated to the Biometric Value (BV) of the user. Server routes the authorization message to
  • 6. 6 | P a g e the corresponding card issuer authorization system (based upon BIN). Issuer authorization system receives authorization request and decrypts the card token to get the real card number. Authorization system performs required financial validations as well as PIN validations (If PIN was entered). Based upon the validation results, the authorization is approved or declined and sent back to the POS terminal. BENEFITS OF PROPOSED PAYMENT MODEL Following are the benefits of the proposed Biometric Payment model:  With the use of tokenization, real card number is never exposed during transaction processing which makes it a highly secure process for implementing biometric payments.  Consumers need not carry physical cards or buy expensive mobile phones for the sole purpose of participating in NFC-enabled payments.  Because of enhanced security involved in biometric transactions, banks may charge lower interchange and thereby may allow Merchants to pay lower interchange fees.  Banks will benefit significantly due to lesser frauds and chargeback rates.  Since, adoption of biometric payment model will need significant change in infrastructure, it will open gates of big opportunities for device manufacturers & card token software providers. IMPLEMENTATION CHALLENGES  Infrastructure: Implementing Biometric Payments will create a need to change merchant infrastructure considerably. So, adoption and implementation of the aforesaid model might be an expensive proposition.  Accuracy: Each finger scan is converted into a value termed as Biometric Value (BV). A sophisticated software that is capable of calculating Biometric Value uniquely and accurately is required to be developed.  Merchant/Cardholder Education: Implementation of biometric payments will require complete re- structuring of the Merchant infrastructure. Both cardholders, as well as, merchants should be educated regarding the new system or new compliances, if any.  Security: Storing biometric data securely is indeed a big challenge as finger print pattern of a person can be stolen by fraudsters to make fraudulent payments. Another layer of authentication might be required to minimize frauds and enhance security. This can be achieved by issuing a PIN, sending an OTP or by using additional biometric pattern matching of the user, such as palm impression or multiple finger prints, during transaction authorization.  Adoption: To ensure global acceptance of this model, it is very important to ensure that implemented biometric payment system works as an open-loop system. Biometric Service providers, payment schemes in this case, should have a robust built in infrastructure in place.  Payment Cards management: It might be difficult for users to remember which finger represents which card, and this might get a bit difficult to manage.
  • 7. 7 | P a g e CONCLUSION Biometric payments is the next big thing in the payment industry. Payment cards will be represented through user’s distinguishing features such as Finger Prints, Retina Scan, Face Scan, Palm/thumb impression etc. Since, security could be a concern, integrating tokenization with the biometric payments could eliminate the risk and make it a highly secure payment instrument. Though, adoption of biometric payments might pose several challenges, it is definitely a much needed step to achieve advancement in the consumer payments. Deploying biometric payments will eliminate the need of carrying physical cards and buying expensive mobile phones, bought for the sole purpose of making convenient payments. This will also eliminate the risk of losing your card or a mobile phone as your biometric fingerprints (or Payment Fingers) will always be with you and that is all you need to make a payment. In a nutshell, though there are several challenges in implementing a biometric payment system, it certainly provides a future roadmap for a seamless, safe and convenient payments experience.
  • 8. 8 | P a g e ABOUT THE AUTHOR Ram Garg has 9+ years of experience in the Cards and Payments domain and is heading the Cards & Payments Practice at R Systems International Ltd. as Practice Manager. Ram holds a Master’s in Business Administration from IMT Ghaziabad and a Bachelor’s in Computer science from Netaji Subhas Institute of Technology, Delhi, India. NK Garg has a rich experience of 25+ years in the IT industry. He is the Vice President - IT & Head Quality at R Systems International Ltd. He holds a Master Degree in (Automation & Computer Vision) from IIT Kharagpur and a Bachelor’s degree in Computer Science from IIT Roorkee. ABOUT R SYSTEMS R Systems is a leading OPD and IT Services company, which caters to Fortune 1000, Government, and Mid-sized organizations, worldwide. The company is hailed as an industry leader with some of the world’s highest quality standards, including SEI CMMI Level 5, PCMM Level 5, ISO 9001:2008, and ISO 27001:2013 certifications. With a rich legacy spread over two decades, we generate value that helps organizations transcend to higher levels of efficiency and growth. Quite like the Oyster delivering the Pearl. For more information, visit www.rsystems.com © 2015 R Systems International Limited. All Rights Reserved. All content/information present here is the exclusive property of R Systems International Ltd. The content/information contained here is correct at the time of publishing. No material from here may be copied, modified, reproduced, republished, uploaded, transmitted, posted or distributed in any form without prior written permission from R Systems International Ltd. Unauthorized use of the content/information appearing here may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties. Email: rsi.marketing@rsystems.com | Phone (India): (+91) 120-4303500 | Phone (US): (800) 355-5159