Payment authentication based on fingerprints is not fool proof

On the news that NatWest is trialling fingerprint debit cards to remove the £30 contactless payment limit, Toni Vitale, head of regulation, data & information at law firm Winckworth Sherwood, says: “Any technology which increases consumer protection is to be welcomed but like all biometric based identification techniques, authentication based on fingerprints alone is not fool proof.

“A 2017 American Association for the Advancement of Science (AAAS) working group report on the quality of latent fingerprint analysis says that courtroom testimony and reports stating or even implying that fingerprints collected from a crime scene belong to a single person are indefensible and lack scientific foundation and in many US states fingerprint evidence is not used on its own to identify criminals. As a second form of identification or authentication fingerprints on bank cards might work, but they would need to be combined with additional measures such as PIN numbers.

“In addition, many consumers may not be able to use fingerprints because of a disability or injury. We can also put to bed one common myth – identical twins do not always have identical or similar fingerprints. Environmental factors along with DNA determine fingerprints. We should welcome this innovation and it may be helpful when Strong Customer Authentication is rolled out in September this year which will require many online payments to be authenticated with a second authentication step after a customer has entered a PIN.”