eid Meets Credit Cards and Biometrics: The Next Stage of Convergence Adam Ross Sales Manager eid Solutions EMEA, cv cryptovision GmbH cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1
Evolution of eid Documents eid Documents Identity documents are no longer simply printed on paper but now incorporate modern electronics Contactless eid Card Contact chip eid Card Plastic ID Card Paper ID Card 2
EMV and Payment Cards Are Similar EMV and Payment cards also evolved in similar fashion Payment cards no longer simple plastic cards and also incorporate modern IC chips Contactless EMV Card Contact chip EMV Card Magnetic Stripe Payment Card 3
EMV Vendors are moving to biometrics VISA introduced biometrics in the Visa Integrated Circuit Card Specification (VIS) 1.6 in January 2016 (based on an early version from September 2016) This specifies usage of biometric identification, e.g. for ATM transactions Modalities include fingerprint, palm, voice, iris, or facial biometrics For security reasons identification is verified by match-on-card only There are some first pilot projects testing biometric-enabled VISA cards Mastercard also worked on including biometrics into their chip specification Recently Mastercard even introduced a card with on-card fingerprint sensor and started a pilot in South Africa (Pick n Pay supermarket stores and Absa Bank) 4
Examples of Integration of Biometrics into eid and Payment Cards 5
Know Your Customer (KYC) When applying for a payment card a secure identification is required. Strengthening this ID vetting with eid & biometrics is beneficial. 6
Know Your Customer (KYC) 7
Know Your Customer (KYC) 8
Financial Inclusion $ 9
Nigeria: Financial Inclusion $ * http://www.efina.org.ng 10
Nigeria: Financial Inclusion $ 11
Nigeria: Banking Nigerian eid Card payment and banking 12
Nigeria: Fiancial Inclusion only every third adult Nigerian has a bank account new eid cards feature payment function ICAO MRTD, custom eid, biometrics and EMV on 1 chip Þ approx. 80 million people over age 16 will gain access to banking system 13
Banking Gelsenkirchen, July 3, 2014 For the first time in history money is withdrawn with an eid card from a German ATM. The eid card is Nigerian.
Nigeria: Financial Inclusion Using biometrics with the eid will improve the card holder experience by reducing importance of knowledge of a PIN and introduce the card holder to institutional banking, worldwide ATM access, and online transactions Enable a new degree of electronic benefit transfer which will allow for benefit remuneration only after proof-of-life verified by Match-On-Card which results in a dramatic reduction in ghost and duplicate beneficiaries Dramatically reduce fraud at the point of sale as the portrait image on the eid can be easily verified by cashier - not all biometrics need to rely on fancy automated systems. Face recognition is the very first biometric. 15
Tokenization Mobile devices with biometric sensors systems facilitate general authentication and verification of risk based connected transactions Virtual/derived credentials can be used in some cases (if no private key is involved) EMVCo and FIDO alliance are working on a technical specification into its FIDO authentication suite to fulfill use cases provided by EMVCo EMVCo also added biometrics to 3-D Secure for card-not-present transactions to EMV 3DS 2.0 specification Mobile POS systems Smartphone 16
Biometric Payment Observations More than 80,000 biometric ATMs are in use across Japan identifying accountholders via palm or finger vein scanning In 2013, Citibank introduced biometric ATMs in Singapore, Malaysia and the Philippines, and they re also live in Brazil and Poland More than 400,000 USAA customers have opted in to use fingerprint, face or voice recognition with the company s mobile app Barclays is using finger vein readers to authenticate key corporate banking customers provide ATM access and online transactions No projects have completely eliminated the payment card too many legacy systems still rely on physical element 17
Some observations 18
Some observations eid document based identification and signatures can be offered as commercial service to (re-)finance project costs Access to these services can be restricted by law (easily bypassed) by technical means, e.g. access certificates (infrastructure required) 19