Bank customers will be able to spend more than £30 using contactless cards and could never again have to remember their four-digit pin if a fingerprint technology trial starting in April proves a success.
…
Users of Google Pay or Apply Pay on smartphones are likely to be suspicious of how widely the so-called biometric payment systems will be accepted by retailers. In theory, mobile users can already authenticate contactless payments above £30 on their smartphones using fingerprint technology, but in practice many have found the process frustrating.
The Monzo community gets a mention
Customers of the digital-only Monzo Bank, popular with millennials, share lists of retailers that allow them to use their smartphones to exceed the £30 contactless limit. They say Sainsbury’s and Morrisons permit the payments but Tesco and Asda do not.
I believe there is a rather tedious process of binding the fingerprint to the card (so it works without a data connection) where you have to go to a branch which is why most banks who have tried this have not been able to scale it further than a pilot.
Having to visit a bank to set or reset the fingerprint on the card would be tedious! I use a fingerprint to unlock my phone, but it usually stops working after a while (depending on how much gardening and/or climbing I’ve been doing recently) and I have to delete it and set it again for it to continue working.
The Guardian posted the article this morning, wanted to see people’s thoughts on the concept as a whole.
Personally, I like the idea. Would be great to see FinTechs support this tech for high limit transactions. Be do have concerns with costs and durability.
Interested to see the community’s thoughts on this.
Two years ago Mastercard and Barclays Africa did a trial using fingerprint debit cards, not much came from that trial. So I am unsure this will be much different. I know different continents but the trial was pushed in a major supermarket where lots spent over the contactless limit so it was an ideal trial as people would have to ensure they touched the fingerprint part to pay.
Of course it may be different here, but most that use contactless are so used to using Android pay of Apple pay, I can’t see how this is that appealing, many don’t even carry cards anymore.
I agree, I wouldn’t be surprised if nothing comes from this. But it’s interesting they’re trialling it.
I think it would be a bit better uptake here because people have gotten used to spending large amounts with Apple/Google Pay or by inserting their card.
I used to work at Waitrose on tills and so many people would try using contactless over the original £20, and new £30 limit and then say how they always forget about the limits. And this would allow them to spend more using Biometric security.
Anarchist
(Press ‘Help’ search ‘Contact us’ or email help@monzo.com or call 0800 802 1281)
10
I assume that they will power up from the terminal, in the same way contactless cards currently work. Because I don’t fancy having to remember to charge my credit cards overnight.
Isn’t this a solution looking for a problem though? There are already two methods of making purchases of over £30 contactless. There’s device verification (Apple Pay etc), and contactless with PIN, which seems to work well In Spain, in my experience.
I don’t really understand the need for Biometrics, they are just as insecure as Pin fact I would potentially argue there are more security implications from having your fingerprint cloned over having you Pin stolen
I personally think it is not something that is worth doing.
Very costly to implement especially if you then need to manually input your fingerprints.
Most phones now adays let you instantly freeze your card
Be easier to up the limit to £100 or see how many of the total transactions are above an amount x) (With maybe some added protection similar to section 75)
Then anything above 100 needs authorisation in the app via a fingerprint or via a pin
And assuming it gets iterated on multiple times and improves.
Plus you don’t even need to target the fingerprint the fingerprint scanner is the other vulnerability that would need to be unhackable/have low vulnerability.
Plus you don’t even need to attack that device. You would probably attack the person’s phone and try and get that, as I assume it has to be a similar finger to your fingerprint on your phone.
In summary people(researchers) have already beaten the system. It would be better to stick to a pin.
