Securing Credit Cards Using Biometric Identification System
As credit cards are becoming popular by the day, so are the frauds around them. In such times, security over convenience has become an increasing concern. This article proposes a scheme for securing credit cards transactions using biometric identification systems that are dependable and have a quick verification process
With the increase in purchasing power of the population, particularly in urban India, there also has been an uptrend in the use of plastic money, i.e. credit cards. Credit cards bring a lot of convenience to our daily lives by providing cashless transaction facility, both at point of sale and online. Moreover they are seen as a push for increased consumer spending which is so essential for economic growth. Unfortunately, this facility too comes with its own set of problems and the most important of them is that of security. Credit card fraud is a real threat and is one of major causes of concern for consumers and card issuers. In wake of this, card issuers are always on the lookout for the fool-proof security feature. In this article, we look at the current systems and their inadequacies. Further, we propose a system based on biometric identification system.
Credit Card Frauds
Credit card frauds are increasing by the day. The following facts stand testimony to the widespread incidence of credit card frauds:
- UK - An incidence of card fraud occurs every 8 seconds and 1 person out of 3 people is a victim of card fraud
- USA - 10% of Americans are victims of credit card fraud; total credit card fraud accounted for losses of $3,212.7mn in 2007
- The overall cost of fraud is over double the amount of missing money or assets
In fact, a study conducted by Vanson Bourne, for LogicaCMG in May 2006 showed that 57% people prefer to switch if better security is assured. This clearly shows that card security is one of the most important feature when one opts for a credit card.
A study conducted by Vanson Bourne, for LogicaCMG in May 2006 showed that 57% people prefer to switch if better security is assured.
One can be a victim of different kinds of credit card fraud. The most common amongst them are theft of credit cards, card cloning and in-store fraud. Theft of credit cards is the most common type of fraud. Although cards are blocked immediately on intimation, it can be often too late by the time one realises that the card is missing. ATM machine manipulation, card copying and information stored on cards being read and stored electronically fall under the category of card cloning. In-store fraud is also rampant in many parts of the world. This occurs because fake key pads and card readers allow fraudsters unauthorized access to customer's bank accounts. Double swiping at merchant shops also contributes to in-store fraud.
Current Authorization Process
Most of the current authorization processes particularly in India do not require PIN code authentication. This increases the level of risk in case of loss or theft. Even the ones requiring PIN code authentication are no good since PIN information can be easily hacked and there is a fear of being watched whilst you enter the PIN.
Apart from PIN authentication, there are other newer technologies for authorization such as 3DSecure, Knowledge Based Authentication and Out of Band Authentication. Each has its own share of drawbacks such as increased transaction time, frustration of being asked too many questions and vulnerability to fly phishing2 .
Biometric Identification System
Biometrics refers to an automated system of verifying or recognizing the identity of a living person based on physiological or behavioral characteristics. Biometric identification in credit cards help in verification through recognition of patterns without having to remember any passwords or PIN numbers. Some of the physiological characteristics used commonly are fingerprint recognition, retinal recognition, hand/finger geometry and facial feature recognition while behavioral includes voice and handwriting recognition.
Use of Fingerprint Scan Technology
A credit card that incorporates a fingerprint authentication system provides enhanced security as the loss of card does not by itself put one's money at risk. Unlike the PIN, there is no risk of losing or forgetting a code. Neither can fingerprints be forged easily. Fingerprints offer tremendous invariability, changing only in size with age as they are highly resistant to modifications or injury. In terms of implementation too, this technology is superior. Next-generation scanners can easily analyze below the surface of the skin, and can add pore pattern recognition in addition to the more obvious minutiae of fingerprint. Moreover, the fingerprint sampling unit is compact, rugged and inexpensive.
The Process - Fingerprint Verification and Transaction Process4
The idea is to perform real-time fingerprint verification against the fingerprint image on the user's credit card. This would require taking initial sample of fingerprint during the time of enrollment. The process involves obtaining the fingerprint sample on fingerprint card strips, transforming the sample to a template using fingerprint scanners and storing the template on credit card chips. Verification against a stored database of fingerprints was ruled out due to the infeasibility of storing millions of fingerprints as well as the increased transaction time that would lead to.
While using the card at a store or an ATM, the fingerprint on the card is read using a simple card reader. A real-time fingerprint sample on a print reader is then taken and the two are matched to determine approval or rejection for further action. The transaction process communication that occurs among the merchant store, the acquirer (usually a bank whose card reader is being used by the store), the credit card company and the bank to transfer money from the bank to the store remains exactly the same.
Benefits over Existing Systems
The obvious benefit of the proposed system includes reduced risk of authentication against card cloning, card theft and identity theft in the form of signature duplication. This would lead to a direct saving through reduction in fraud losses to the tune of $3bn per year. As for credit card users, the proposed system reduces identity thefts, increases security of the credit card authentication system and allows for a speedy payment procedure. The merchants will also benefit by gaining increased credibility. Banks will gain from the proposed system as there will be reductions in fraud liabilities, time spent on litigation and dispute resolution. Their trustworthiness will be enhanced which will lead to an increase in the number of customers and transactions. This security will also benefit credit card companies since their transaction volumes will increase resulting in increased revenues.
Causes for Concern
The implementation of this technology on a huge scale has to contend with some issues, the biggest of them being that of user acceptability. To add to the common resistance to change, there is the universally surveyed fact that among the many biometric techniques, fingerprint is of only medium acceptability.
There is a cost to be incurred by the merchant stores, that of retrofitting fingerprint scanners at points of sale. The main cost incurred would have to be borne by banks in the form of cost of rolling out new card readers with fingerprint recognition, cost of rolling out new ATM machines or attaching the fingerprint readers to the existing machines, cost of designing new customer forms with fingerprint card strips and that of new cards. While the banks would incur huge expenses, a cost analysis by the authors has shown that the one-time costs are less when compared to the direct and indirect savings ensuing from reduced fraud. The system banks heavily on customer education on security and system usage which is the first and perhaps the most difficult hurdle to be crossed.
The incidences of credit card frauds have increased with greater card usage among urban Indian consumers. The need of the hour is a dependable secure mechanism to reduce fraud in credit card usage. The current authentication systems are found to be rather inadequate in handling this problem. A system based on fingerprint authorization is being proposed and discussed from a technical perspective to emphasize its dependability. A study of its costs and benefits revealed that the proposed system is viable in the immediate future. However there are a few issues of concern that need to be addressed before this system can be introduced commercially.
Ganesh N. Prabhu is an Associate Professor in the Corporate Strategy and Policy Area at IIM Bangalore. He holds a Fellow Program in Management (FPM) in Business Policy from IIM Ahmedabad and a PG diploma in Rural Management from Institute of Rural Management at Anand. He can be reached at firstname.lastname@example.org
Meghan Agarwal (PGP 2007-09) holds a bachelor degree in Commerce and can be reached at email@example.com
Siddhant Dugar (PGP 2007-09) holds a bachelor degree in Commerce and can be reached at firstname.lastname@example.org
Ragini Hariharan (PGP 2007-09) holds a Masters in Chemistry from IIT Kanpur and can be reached at email@example.com
Pritam Sarkar (PGP 2007-09) holds a bachelor degree in Mechanical Engineering from University Visvesvaraya College Of Engineering and can be reached at firstname.lastname@example.org
Credit Card, Fraud, Biometric Identification, Fingerprint Verification, Security
- Facts related to credit card fraud, http://www.epaynews.com/statistics/fraud.html. Last accessed on August 25, 2008.
- Fly phishing facts, technopreneur.wordpress.com/2006/11/20/how-to-transact-safely-online-while-fly-phishing-in-a-tank. Last accessed on August 25, 2008.
- Jain, A. K.; Ross, A. & Pankanti, S., 'Fingerprint as the most favoured biometric tool', June 2006, Biometrics: A Tool for Information Security, IEEE Transactions On Information Forensics And Security.
- Transaction process details, http://www.mastercard.com/us/merchant/how_works/. Last accessed on August 25, 2008.