The Card Verification of the Future (But it Still Won’t Work for Ecommerce)

Sydney VaccaroEcommerceLeave a Comment

The Card Verification of the Future (But it Still Won't Work For Ecommerce) (1)

Biometrics are becoming a part of our day-to-day lives. Most of us use biometrics verification multiple times a day. You may be using your fingerprint, face, iris, voice or other verifications just to unlock your phone. These biometric verifications have become so advanced that even when a person is wearing a hat or sunglasses, the phone will still be able to recognize the right face. With that kind of security guarding your smartphone, it only makes sense that it would be utilized to protect credit cards (and merchants) from fraud. There has been talk about using this form of verification in the past, but Mastercard is truly implementing it into the credit card itself. We will give you a break down of the biometric card, how it affects merchants, and what kind of transactions it is currently not protecting.

The True Biometric Card

The card has an embedded fingerprint sensor that quickly captures and matches the cardholder’s fingerprint to a digital fingerprint image stored on the card. The cardholder’s biometric data does not leave the card at any point, as the biometric capture and match is done entirely on the card. If the match is successful, the transaction is authenticated and there is no need for the cardholder to provide a signature or PIN.

You can see the image below where the sensor for the fingerprint will be located on the card.


Image via Mastercard

What Merchant Needs to Know

Will Merchants Need to Update Hardware or Software?

Because all the information processing and verification of the fingerprint takes place within the card itself, merchants do not need to provide any additional support. This means that merchants can benefit from the certainty of true cardholder identity. And in turn, merchants will see less false declines or forgotten PIN transactions without having to upgrade their POS terminals. The terminals do need to be:

  • EMV-enabled  
  • Customer-facing  
  • Accessible to cardholders  
  • Designed so that the card sensor is not blocked from use

Essentially, the terminal just needs to allow the customer to have their finger on the card for the fingerprint verification.


Image via Mastercard

What are the Benefits for Merchants?

The goal of the card is to prevent in-store (or card-present) fraud from happening. An additional benefit is lowering decline rates for the good cardholders. This added protection from fraud and customer disputes comes at no cost to the merchant or cardholder.

Where Does the Chargeback Liability Lie?

“The chargeback liability remains with the issuer if the biometric match is successful. If the biometric match is not successful, then the transaction will be processed using the highest priority CVM commonly supported by both the card and terminal, which may be PIN or signature. In that situation, standard chargeback rules will apply, which means the issuer retains liability for PIN-based transactions as well as for signature-based transaction if neither the card nor the terminal supports PIN.” – Mastercard Documentation

Where are the Biometric Cards?

The cards were piloted starting 2017 in Africa, Europe and the Middle East with additional countries being added this year. In July 2018, Mastercard began negotiations with the UK to bring the biometric card there next. Merchants can anticipate an eventual expansion of these cards, along with the other card networks creating their own biometric cards.

What Mastercard Wants Merchants to Know

Merchants should be aware that with the Mastercard Biometric Card:  

  • No changes are needed to the software or hardware of a merchant’s POS terminal in order to process Mastercard Biometric Card transactions.  
  • The biometric authentication process is as fast as PIN but saves the cardholder the effort of entering the PIN digits into the terminal’s keypad.
  • Accepting the Mastercard Biometric Card enables merchants to know with greater certainty that the person using the card is the genuine cardholder.  
  • Merchants should experience fewer declines due to forgotten PINs, incorrect PINs, and PIN bypass, as well as reduced checkout delays caused when a cardholder must switch to another form of payment.  
  • Merchants may see a positive impact to transaction approval rates due to greater issuer confidence in the transaction.  
  • As affluent customers are most interested in biometric cards, providing the best possible cardholder experience can lead to increased transaction volume.

The Lack of Ecommerce Protection (But Maybe a Sign of Things to Come?)

The biometric cards give great verification for card-present purchases, but the downside is that it is not being used for ecommerce (card-not-present) transactions. With a combination of EMV chips, PINs and signatures in-store transactions are better equipped for preventing fraud than ecommerce transactions. Although this biometric card is not created to protect card-not-present transactions yet, it is a step in that direction. Allowing the card itself to be the source of verification could be the beginnings of bring biometrics verification to the card-not-present world. By creating high level verification from wherever the customers is typing in their card number.