It’s the modern era, with some people making contactless payments from their phones, while the really intrepid are getting payment implants. Surprisingly, most of us are still swiping cards and authenticating transactions using insecure means such as pins and passwords. Samsung says it has created the industry’s first, all-in-one fingerprint security integrated circuit (IC) for payment cards. The chip reads biometric information using a fingerprint sensor, stores and authenticates data with a tamper-proof secure element (SE), and analyzes it with a secure processor. “Using a fingerprint security chip doesn’t require remembering a PIN or manually covering the PIN pad when entering this number to prevent attackers from stealing it,” Therese Schachner, Cybersecurity Consultant at VPNBrains, told Lifewire over email. “[The] security chip can also allow for improved convenience compared to other authentication mechanisms.”
Card Scanner
Schachner added the chip’s SE and secure processor, which uses techniques such as encryption, also helps prevent attackers from interfering with any critical system functionality and from accessing the stored fingerprint data on the card. “The chip, which uses anti-spoofing technology, has built-in protections against attempts to use fake fingerprints for fraudulent authentication.” Samsung asserts that its all-in-one chip can help card manufacturers reduce the number of ICs they need to squeeze in a card. This would allow them to optimize the card design for biometric payment cards. According to the company, the new solution is certified as per the common certification standards for payment cards, including EMVCo and Common Criteria Evaluation Assurance Level (CC EAL) 6+. It added that the chip performs in line with Mastercard’s latest Biometric Evaluation Plan Summary (BEPS) specifications for biometric payment cards as well. In the press release, Kenny Han, Vice President of System LSI Marketing at Samsung Electronics, noted that although the chip is primarily designed for payment cards, it can also be used in cards that require highly secured authentications such as student or employee identification, membership or building access." Notably, in March 2021, Samsung announced that it was working with Mastercard to create a new biometric scanning payment card, which would feature a built-in fingerprint reader. In that announcement, Samsung specifically pointed out that the cards would feature “a new security chipset from Samsung.” Experts believe it was the newly announced all-in-one chip that Samsung referred to in its earlier announcement. However, Samsung hasn’t shared any details about current or upcoming partnerships for the new chip. But considering Samsung’s manufacturing proficiency, experts believe cards featuring the new chip could be just around the corner, paving the way for biometric cards to go mainstream.
Not a Panacea
This is in line with the Smart Payment Association (SPA) report, which stated biometric payment cards are expected to “achieve critical mass deployment” in 2022, with more than 20 biometric payment card pilots currently underway. The SPA report stated the “biometric payment card market is today at a critical tipping point,” adding that they can also improve financial inclusion where literacy levels may be low and entering PINs or passwords poses a significant break in usability. Smartphones, SPA stressed, have helped usher a significant level of familiarity with biometrics. In fact, this level of familiarity is one of the major reasons driving up demand for biometric payment cards. SPA hopes it’ll also eventually help increase their acceptance since biometrics is generally accepted as a more secure authentication mechanism. Schachner, however, cautioned that although reasonably secure, fingerprint authentication technologies, including Samsung’s new fingerprint security chip, are not as foolproof as some people believe. “In the event that attackers somehow gain access to fingerprint data, users can’t “change” their fingerprints in the same manner that they can reset their passwords following a data breach,” said Schachner. Furthermore, she added that fingerprint technologies don’t always accommodate users with disabilities or skin and medical conditions like diabetes, which impact their ability to provide a fingerprint as part of the authentication process. “If these concerns are addressed, the new chip will serve as a more secure and accessible authentication solution,” said Schachner.