Swipe-to-pay, then chip-and-PIN. What next, credit cards with fingerprint sensors?
Turns out that’s Mastercard’s latest invention, a new credit card with an integrated fingerprint sensor, which aims to fight in-store fraud.
The card, currently under trial in South Africa, includes sensor is embedded in plastic of the credit card, allowing customers to authorize a payment with a fingerprint, rather than a PIN code or a signature.
The payments giant said Thursday that the new biometric credit card will work on existing chip-and-PIN readers and won’t require store owners and businesses to buy any new hardware; though older magnetic stripe-only terminals will not be compatible.
Ajay Bhalla, Mastercard’s security chief, said the fingerprint sensor will “deliver additional convenience and security,” and that a fingerprint is “not something that can be taken or replicated.”
But that isn’t true.
Fingerprint sensors have historically been easily bypassed in recent years. Apple’s iPhone 5s, the company’s first fingerprint-enabled phone and the first of its kind in recent years, was bypassed in a matter of days after the phone’s debut. Not long after, Samsung’s Galaxy S5 also had its fingerprint sensor tricked by security researchers.
And more recently, the same iPhone fingerprint sensor hacker was able to reverse engineer and recreate the German defense minister’s fingerprints from a high resolution phone.
It’s also not clear how the fingerprint-reading credit card will help prevent online fraud — if at all.
We covered a few months ago a new and inventive credit card which also aims to tackle the problem with technology by including a small display with a rotating three-digit security code on the back that changes every hour. This would make it almost impossible for anyone to guess the right code at the right time.
Mastercard said that its trial will expand to Europe and the Asia-Pacific region in the coming months, and a global rollout is expected by the end of the year.