If Diebold has its way, you can forget using a PIN at an ATM – meaning there would be no card reader and therefore nothing thieves could use to install skimmers – as you would present your iris for scanning before the ATM spits out your cash.
At the Money20/20 payments conference, the largest global conference for financial and payment innovation, Diebold announced a screen-less, self-service ATM dubbed the “Irving concept.” It’s much smaller than traditional ATMs – up to 35% smaller – and does not even have a screen for transaction information to be displayed. Irving requires no PIN and no card since transactions are scheduled via a screen on a person’s smartphone.
A person can be authenticated via iris-scan biometric technology, by near field communication (NFC) as they walk up to Irving, or by QR codes. Diebold claims Irving (pdf) offers increased speed and security. “Cash withdrawals can be completed in less than ten seconds, and since this method authenticates the transaction by connecting to the consumer's smartphone, security is increased and card fraud is mitigated.”
Besides Diebold’s Irving iris-scanning ATM, seen above on the left, the company also unveiled its dual-sided self-service Janus concept; the latter is capable of serving two customers at the same time, also enables transactions via NFC or QR codes to do away with card readers, includes video conferencing with a teller, and ID scanning for new accounts and document signing.
Irving isn’t being rolled out just yet; it’s only being tested at the Citi innovation lab in New York. If it, or the ATM introduced by Diebold last year – one that accomplished biometric authentication via finger vein scanning – were to be deployed, then banks will need to be sure biometric credentials are protected.
If you collect it, you better protect it
As Windsor Holden, the author of Juniper Research’s new report “Mobile Identity, Authentication & Tokenization 2015-2020,” warned, “When a password or PIN is hacked, the consumer can simply get a replacement. When biometric data–fingerprint, iris [scans], facial [telemetry]–is stolen, the consumer’s online identity could be irretrievably compromised.” Juniper Research also said “that the increased rollout of contactless payment services using fingerprint scanners will push the number of biometrically authenticated transactions to nearly five billion by 2019.
Tokenization
Naturally talk turned to spoofing at Money20/20. When discussing the problem of spoofing on consumer biometric devices such as fingerprint spoofing on the iPhone, Rick Swenson of AVP Enterprise Fraud Prevention & Detection USAA, said, “I can spoof my own fingerprint or face – I’ve done it on my own phone.” Although he can record his face on one phone, then bypass the biometric capture by presenting that recording to another phone’s facial recognition program, Swenson explained that tokenization is the key to stop such spoofing. Thanks to tokenization making his phone a trusted device, he said, “If you steal my fingerprint and try to get into a USAA account on your device, you aren’t going anywhere real fast.”
During Money20/20, Visa announced integrating tokenization into its online service Visa Checkout. “Visa Token Service is a technology that replaces sensitive payment account information found on payment cards, such as the 16-digit account number, expiration date and security code, with a unique digital identifier that can be used to process payments without exposing actual card account details.” Visa is also working with merchants to tokenize ‘cards-on-file,’ which are “customer card account numbers that merchants store in their systems to facilitate repeat payments such as monthly subscriptions or billing services.”
Trippy new MasterCard payment program
MasterCard also unveiled a new program aimed at turning any consumer product into a secure payment device; it will bring MasterCard payments to automotive, fashion, technology, wearables and a wide array of consumer products yet to be imagined. “The program gives consumers the freedom to shop using the device or thing that is most convenient to them, with the highest level of security available.”
“As more and more ‘things’ become connected, consumers will have endless possibilities when it comes to how they pay, and will need all of their devices to work seamlessly together,” explained Ed McLaughlin, Chief Emerging Payments Officer at MasterCard. “This program eliminates the boundaries of how we pay by delivering a secure digital payment experience to virtually anything – rings, fitness and smart bands, car key fobs, apparel, and whatever comes along next.”
The company included a trippy video showing off new ways to make secure payments, showing off prototypes like a Ringly smart ring, a Nymi smart wristband and a TrackR Bluetooth-enabled locator device.