British bank NatWest is trialling the use of a new NFC payment card with a built-in fingerprint scanner. The trial, which will include 200 customers when it begins in mid-April, will allow its participants to make NFC payments (called “contactless” in the UK) without needing to input a PIN or offer a signature. The standard £30 limit for contactless payments will not apply when the fingerprint is used.
Currently, anyone can make a contactless payment in the UK by tapping their card on the terminal to make a payment. As a result of this lack of security, a £30 limit is applied to such payments, with retailers requiring you to place your card into the card reader and enter a PIN for more expensive purchases (commonly referred to as the “Chip and PIN” method). Although mobile payments require authentication, customers often find they’re subject to the same £30 limit.
The fingerprint data is stored locally on the card, meaning there’s no security information for a hacker to be able to steal from a bank’s central database. It’s not foolproof — there’s always the risk a sufficiently determined thief could steal and imitate your fingerprint — but it’s much more secure than a PIN that someone could learn by simply looking over your shoulder as you enter it.
Biometric authentication has become a standard component of NFC mobile payments, but despite credit card trials having been conducted since 2015, they’ve failed to find a home on traditional bank cards. Gemalto, the company behind the card’s biometric tech, ran a trial in South Africa in 2017, and a pilot with Italian bank Intesa Sanpaolo last year. However, the cards typically require users to visit a bank rather than doing it themselves from home (as they can with mobile payment services like Apple Pay or Google Pay).
NatWest’s trial doesn’t overcome this problem. Participants in the trial must visit a branch of their bank. A video produced by Gemalto says that it hopes future versions of the system will allow customers to use their own phone to register their fingerprint.
This inconvenience and the need to carry a separate card raises the question of why biometric cards are necessary when mobile payment functionality is included on so many modern smartphones with fingerprint readers and face scanners. But since bank cards are provided for free with a qualifying bank account, this scheme has the potential to be made available to people who can’t afford a modern smartphone.