MasterCard Reveals Credit Card With Built-In Fingerprint Sensor

MasterCard today unveiled a biometric chip-and-pin credit card featuring a built-in fingerprint sensor that takes cues from mobile payment systems such as Apple Pay.

The card can be used to make purchases like any other, except rather than keying in a PIN number, card holders can choose to place their finger over the square sensor to approve the transaction.

Alternatively, users can take a two-tier authentication approach and use both their PIN and fingerprint to approve the purchase. However, users of the card won't have the convenience or security that comes with registering their print with their smartphone.


With Apple Pay, fingerprint data is encrypted and protected with a key available only to the Secure Enclave on the user's iPhone. The Secure Enclave is walled off from the rest of the hardware and the OS, meaning iOS and other apps never have access to user fingerprint data, it's never stored on Apple servers, and never backed up to iCloud or anywhere else.

The biometric credit card has no such protections. Instead, the user must register their print with the bank or financial institution that issued the card, and while the fingerprint is encrypted on the card itself, it's still unclear what security and privacy measures are in place to deal with the registration process.


Despite those concerns, Mastercard's chief of safety and security, Ajay Bhalla, said that the fingerprint technology was "not something that can be taken or replicated", and that the biometric card would help "to deliver additional convenience and security".

MasterCard plans to roll out the cards in Europe and the Asia Pacific region soon, following successful tests in South Africa through Barclays subsidiary Absa and supermarket Pick n Pay.



Top Rated Comments

(View all)
Avatar
1 week ago
I find it a bit funny that people are willing to trust banks with extremely personal information such as home address, social security number, and those very specific "recovery questions". Oh and let's not forget entire life savings. Yet when it comes to a fingerprint, that's where we draw the line.

I mean, I get it. I probably wouldn't use this either. But if you're uncomfortable sharing your fingerprint with your financial institution, maybe you shouldn't be sharing every other detail about your life with them, too.

EDIT: alright folks I get it! You can change the other stuff but you can't change your fingerprint! Please stop quoting me!
Rating: 8 Votes
Avatar
1 week ago
I dont want this.
Rating: 6 Votes
Avatar
1 week ago
On paper it seems like a good idea, but in practice, I'm not so sure.

What about readers that pull a card in and don't give you the option to hold the sensor? My credit cards are scratched and marked up from being in my wallet, I can see the sensor being just as scuffed up. I'd rather not be fumbling at a register trying to buy something and because I have scratches on the my credit card I cannot use that card.

Also I'm not about to give my bank my fingerprint.
Rating: 5 Votes
Avatar
1 week ago

However, users of the card won't have the convenience or security that comes with registering their print with their smartphone.


Users of the card have less convenience getting the card registered, but more security afterwards since their fingerprint identity is validated by their bank.

With Apple Pay, fingerprint data is encrypted and protected with a key available only to the Secure Enclave on the user's iPhone. The Secure Enclave is walled off from the rest of the hardware and the OS, meaning iOS and other apps never have access to user fingerprint data, it's never stored on Apple servers, and never backed up to iCloud or anywhere else.


TouchID is never validated by a third party as being the fingerprint of the actual phone owner. Anyone with knowledge of the passcode (say, a thief who shoulder-surfed the owner) can change the prints registered with TouchID.

The biometric credit card has no such protections. Instead, the user must register their print with the bank or financial institution that issued the card, and while the fingerprint is encrypted on the card itself, it's still unclear what security and privacy measures are in place to deal with the registration process.


In other words, the fingerprint registered on the card is GUARANTEED to be that of the actual card owner, unlike with TouchID where there is no such guarantee, but simply a "good enough" likelihood of it being so.

That is a good point, and I do understand why someone would be hesitant about registering it. Though, if someone really wanted a fingerprint, I'm sure there are a million easier ways of obtaining it rather than hacking into wherever my bank stores the encrypted information.


That's assuming the bank even stores any fingerprint info. They have no need to, since the necessary info is put in the card's secure element (just like putting TouchID info in the secure enclave), not authenticated over the network.
Rating: 2 Votes
Avatar
1 week ago

I find it a bit funny that people are willing to trust banks with extremely personal information such as home address, social security number, and those very specific "recovery questions". Oh and let's not forget entire life savings. Yet when it comes to a fingerprint, that's where we draw the line.

Because those items can be removed, or changed. Yet a fingerprint is a physical attribute that you cannot change, and if compromised offers a world of hurt for the victims of identity theft.

Banks have our money, but its protected and guaranteed by the federal government. The banks can be compelled to remove our personal information but if leaked our finger prints cannot be changed.

Just because I trust the bank to hold my money, doesn't mean that trust extends to them having and protecting my fingerprints.
Rating: 2 Votes
Avatar
1 week ago

And how well does it work when you are at a POS terminal that does not support Apple Pay? I believe there are more than a few still left on this planet.

And how well do you think that works for people who own non-Apple handsets?
[doublepost=1492695204][/doublepost]
It works when the POS terminal does not support those two protocols. It also works when the payor does not own a supported device or chooses not to use one. There are more than a handful of people on this planet who fit these categories.

Not everyone is blessed with your same hardware nor do they exclusively patronize shops that support Apple Pay/Google Pay/Samsung Pay, etc.

The world is a larger place than stores with Apple Pay.

Sounds like you don't get out much beyond your little bubble world. Do some international traveling and see how often you can use Apple Pay.


Any why do you have to be so darn snarky? “bubble world” and playing Captain Obvious?

How about I play Captain Obvious for you and ask WTF I should care if someone snags my credit card and cannot use it at a POS terminal? It can be used at a POS terminal that doesn’t support this fingerprint technology or can be used online. Regardless of any of the above, I’m still not liable for any fraudulent transactions.

Try being a decent human being and not just look for every chance you have to be a jerk to people. You might enjoy it. (Note, this is about your response to ‘Kaibelf’, who seemingly asked a simple question, to which you decided to go off on your bubble world rant.)
Rating: 2 Votes
Avatar
1 week ago

How does this deliver additional convenience above Apple Pay or Google Wallet?

Because there is a significant amount of the population that doesn't use a smart phone capable of using Apple Pay or Google wallet.
And especially elderly people who may have difficulty recalling PIN numbers etc.

So yes, while I personally use Apple Pay daily and acknowledge that it has been a game changer for me, I do think there is potential for MasterCard's new tech.
Rating: 2 Votes
Avatar
1 week ago
Oh, so you still have to put the card INTO the card reader...?
Meh. Pass.
It's just more convenient to wave my phone in the general vicinity of the card reader instead.
It's also a lot more convenient to pull my phone out of my pocket and then stick it back afterwards (2 steps) than take my wallet out my pocket, take my card out of my wallet, put the card in the reader, take the card out the reader, put my card back into my wallet and then put my wallet back in my pocket (6 steps).
Rating: 2 Votes
Avatar
1 week ago
So how does this work? I'm guessing some sort of power would be needed? Does it get the power from the terminal when inserted maybe? And is my fingerprint stored on the card or in the cloud?
Rating: 2 Votes
Avatar
1 week ago

How does this deliver additional convenience above Apple Pay or Google Wallet?

It's very convenient not having to buy an almost one thousand $/€ phone before using.
Rating: 2 Votes
[ Read All Comments ]