Biometrics within payment systems 

Overview

Increasingly organisations are using the internet and other information technology solutions to undertake and complete business transactions. This unprecedented growth in electronic transactions has highlighted the need for a faster, more secure, and more convenient method of user verification than passwords can provide. The existence of foolproof security mechanisms to prevent unauthorised access to systems and applications is therefore of paramount importance.

Biometrics offer an automated method of recognising an individual based on their physical or behavioural characteristics.

Examples of physical biometrics technologies include:

• Finger scanning
• Retina scanning
• Iris scanning
• Facial recognition

Examples of behavioural biometrics technologies include:

• Signature recognition
• Voice recognition
• Keystroke pattern

Benefits of biometrics

How do biometrics work?

Enrolment involves presenting a sample such as a finger (or retina) to the biometrics system in order that a template is created and stored.

After enrolment the user simply places their finger on the glowing reader window and the reader quickly and automatically scans the fingerprint. On-board electronics calibrate the reader and encrypt the scanned data before sending it over the USB interface. This verification process involves matching the stored template against the live sample to check that the person is who they claim to be.

Most biometrics systems work on the verification approach where the user first identifies themselves by providing a user name, this then allows the stored template to be selected and compared with the presented sample. Less common is where the user does not identify themselves first and the sample is simply compared against all templates in the database. This approach, known as identification, can be time consuming as the system must compare the submission against every enrolled template.

Finger scanning

The most widely used form of biometrics technology implemented in commercial environments is finger scanning. This technology can either replace the need for passwords or can be used to supplement existing systems. The technology used in commercial finger-scan verification systems is very different to the fingerprint identification system used by police forces and other government agencies. Their technology is known as Automated Fingerprint Identification System (AFIS) and involves scanning an actual copy of the finger image. Finger-scan verification systems used in commercial environments capture key features of the finger (such as unique ridges, valleys, loops and whorls) and store a reference template for the individual in question.

Biometrics and EigerPAY Gateway

EigerPAY Gateway is the most sophisticated and scaleable payments solution available.  Initially designed for any organisation submitting to BACSTEL-IP, EigerPAY Gateway incorporates extensive role and permission-based access control with rigorous user authentication, allowing only authorised users to perform defined tasks for specific applications.

To further enhance security, EigerPAY Gateway supports biometric finger scan devices which can be used in conjunction with or in place of usernames and passwords. However, biometrics become increasingly important when Hardware Security Modules (HSMs) are used to automate all or part of the BACSTEL-IP process.

The ability to automate a system increases security by limiting or removing access to sensitive information by individual users. However, at the same time it increases the reliance on and trust placed in the individual tasked with the set-up and maintenance of such a system. It is therefore vital to ensure that when logging on to the system this person is verified to be the person they claim to be. As a finger-print is unique to each authorised user, biometrics provide the stringent access controls required to secure and manage BACSTEL-IP HSM configurations.