Biometric payment is a point of sale (POS) technology that uses biometric authentication to identify the user and authorize the deduction of funds from a bank account. Fingerprint payment, based on fingerscanning, is the most common biometric payment method. Often, the system uses two-factor authentication, in which the finger scan takes the place of the card swipe and the user types in a PIN (personal ID number) as usual.
Here's an example of how one fingerprint payment system works:
- The shopper registers for a biometric program at a store kiosk by presenting valid identification and bank account information.
- The shopper scans his index finger using the kiosk's fingerscan reader.
- The store's fingerscan reader encrypts multiple point-to-point measurements of the fingerprint and stores the customer's biometric data and banking information in a centralized database.
- The shopper now has the option of selecting biometric payment at the point of sale register. If he chooses biometric payment, he scans his finger at the checkout register with the store's electronic reader and enters his personal identification number.
- The electronic reader compares the data from the new scan to the encrypted data in the database and either approves or declines the transaction. If approved, the funds are electronically transferred from the shopper's account to the merchant.
In the United States, biometric payment has gained popularity in grocery stores, gas stations and convenience stores. In March 2006, Pay By Touch, the leading biometric payment provider, reported that more than two million customers had enrolled in their biometric services and that Pay By Touch had authenticated approximately $8 billion in transactions.
Cited advantages of biometric payment include:
- Enhanced security for the end user.
- Speedy transactions.
- No need for the end user to carry cash, checks or credit cards.
- Lower cost per transaction for the merchant, compared to standard debit or charge card fees.
Biometric payment is controversial. Traditionally, fingerprints have been associated with law enforcement. Critics of biometric payment fear that fingerprints could be made available to government agencies or law enforcement officials. Biometric payment service providers are quick to point out that they don't keep the customer's actual fingerprint in their databases -- they keep an encrypted number derived from the finger's point-to-point measurements. (It is that number which is used to verify a customer's identity, not the actual fingerprint.) In the final analysis, a biometric payment system -- like any system that accesses sensitive information -- is only as secure as the associated databases and transactions.