What Does MasterCard’s Biometric Chip Mean for Consumers?

Have you heard the news? In an ongoing attempt to fight back against those wishing to do financial harm to their customers, Mastercard is beginning a trial of a card which has a chip, along with a fingerprint reader, which would serve as a biometric authentication process.

According to Mastercard, the card has already seen trials in South Africa via Absa Bank and is expected to see additional trials in Europe and APAC soon. A spokeswoman for the company told TechCrunch that MasterCard was “targeting consumer rollout by end of 2017 through issuers that choose to offer biometric cards.”

In Europe, we see expanded contactless payment systems. Some might view this biometric systems as a step backwards from some of the offerings in the European market. Contactless payments, often, are without authentication enabled, so a biometric system will likely offer more security to consumers.

Biometrics have their own security issues though.

While a convenient way to bypass the mishigas of trying to create, remember and protect passwords (or PINs) which are not easy to hack, biometric systems are really as secure as they were created to be. For example, a biometric system should opt against storing a digital copy of the fingerprint or eye-scan and, instead, create as hash of the data. This system takes the data from the biometric, when scanned, and turns it to a verification, meaning that the actual fingerprint, for example, is not stored in the system. If the system is hacked, the hacker will not be able to generate the fingerprint from the hash which is stored. This complex variation is necessary in order to keep biometric systems most secure.

Why? Because they will be hacked. One thing is sure. Whenever there is a new way to secure personal and financial data, there are thousands of bad guys racing to find a way to beat the system. At some point, hackers will find an inexpensive workaround to take your fingerprint (off a glass, perhaps, or by hacking your computer and stealing your fingerprint from an existing security device database) and create a way to transpose that fingerprint into a workaround for biometric data. The question isn’t if. It is only how long it will take to become common practice. When a password is hacked, unpleasant as it is, you deal with the consequences and create a new, hopefully stronger, one. But, once your biometric data is stolen, it is no longer useful as a guardian of security.

Additionally, MasterCard has already said that there will be a backup pin associated with the card. That creates yet another work around and another entry point for those who wish to do consumers harm. The best place to use biometrics is as an add-on to other systems, such as a password. This will increase your security by forcing a would-be hacker to know your password and have access to your biometric data. The more walls you throw up to keep yourself guarded, the less likely you are to fall victim to data theft. The reason is simple: if there are easy targets and tough targets, wouldn’t you, as a hacker, target those which took the least amount of effort? In this way, you can think of hacking and cybersecurity as Darwinian --- a sort of new-age, survival of the fittest.