NatWest trials fingerprint debit cards to remove £30 limit


(Caspar) #1

Bank customers will be able to spend more than £30 using contactless cards and could never again have to remember their four-digit pin if a fingerprint technology trial starting in April proves a success.

Users of Google Pay or Apply Pay on smartphones are likely to be suspicious of how widely the so-called biometric payment systems will be accepted by retailers. In theory, mobile users can already authenticate contactless payments above £30 on their smartphones using fingerprint technology, but in practice many have found the process frustrating.

The Monzo community gets a mention :slight_smile:

Customers of the digital-only Monzo Bank, popular with millennials, share lists of retailers that allow them to use their smartphones to exceed the £30 contactless limit. They say Sainsbury’s and Morrisons permit the payments but Tesco and Asda do not.


Natwest's fingerprint debit card
Fingerprint Sensors on Contactless Cards to remove the £30 limit
Natwest's fingerprint debit card
Natwest Trialling Card With Fingerprint Scanner
Natwest Trialling Card With Fingerprint Scanner
(Jolin) #2

But they refer to ‘millennials’ :face_with_symbols_over_mouth:

And could they not do there own research to figure out which of the four biggest supermarkets support Apple Pay over £30 instead of “they say”?


#3

Curious how this works - assume the card gets a current when against a terminal to allow the check against the fingerprint (or something like that)?


(Brexit Day Is Gonna Be Shamayzing.) #4

I like the look of that card


(Raushan) #5

I believe there is a rather tedious process of binding the fingerprint to the card (so it works without a data connection) where you have to go to a branch which is why most banks who have tried this have not been able to scale it further than a pilot.


(Stephen Early) #6

Having to visit a bank to set or reset the fingerprint on the card would be tedious! I use a fingerprint to unlock my phone, but it usually stops working after a while (depending on how much gardening and/or climbing I’ve been doing recently) and I have to delete it and set it again for it to continue working.


(Dan Baker) #7

The Guardian posted the article this morning, wanted to see people’s thoughts on the concept as a whole.

Personally, I like the idea. Would be great to see FinTechs support this tech for high limit transactions. Be do have concerns with costs and durability.

Interested to see the community’s thoughts on this.


#8

Two years ago Mastercard and Barclays Africa did a trial using fingerprint debit cards, not much came from that trial. So I am unsure this will be much different. I know different continents but the trial was pushed in a major supermarket where lots spent over the contactless limit so it was an ideal trial as people would have to ensure they touched the fingerprint part to pay.

Of course it may be different here, but most that use contactless are so used to using Android pay of Apple pay, I can’t see how this is that appealing, many don’t even carry cards anymore.


(Dan Baker) #9

I agree, I wouldn’t be surprised if nothing comes from this. But it’s interesting they’re trialling it.

I think it would be a bit better uptake here because people have gotten used to spending large amounts with Apple/Google Pay or by inserting their card.

I used to work at Waitrose on tills and so many people would try using contactless over the original £20, and new £30 limit and then say how they always forget about the limits. And this would allow them to spend more using Biometric security.


(If there's the wrong end of a stick, you'll find me holding it.) #10

I assume that they will power up from the terminal, in the same way contactless cards currently work. Because I don’t fancy having to remember to charge my credit cards overnight.

Isn’t this a solution looking for a problem though? There are already two methods of making purchases of over £30 contactless. There’s device verification (Apple Pay etc), and contactless with PIN, which seems to work well In Spain, in my experience.


#11

Contactless with PIN does sound like the more obvious answer to be honest…

Tap and if it’s over £30, enter PIN. I guess this is good for people who are incapable of remembering 4 digits though.

Unless it doesn’t require being put in the reader to work? Which the article makes it sound like that’s how it works, sorta? 🤷


(Kolok) #12

I think durability is a key point, already people’s cards are gone way before the 3 years are up,

But if the terminal is accepting contactless over £30 then I’m just using my phone, not pulling my wallet out.


(Jack) #14

Hey,
I’ve moved your post here to join an ongoing discussion,
Hope that’s ok.


#15

Thanks Jack! Sorry i didn’t see this thread. I deleted my post :slight_smile:


(NM) #16

I don’t really understand the need for Biometrics, they are just as insecure as Pin fact I would potentially argue there are more security implications from having your fingerprint cloned over having you Pin stolen


#17

I personally think it is not something that is worth doing.

Very costly to implement especially if you then need to manually input your fingerprints.

Most phones now adays let you instantly freeze your card

Be easier to up the limit to £100 or see how many of the total transactions are above an amount x) (With maybe some added protection similar to section 75)

Then anything above 100 needs authorisation in the app via a fingerprint or via a pin


(Jolin) #18

Do you have any references for this? Or is it just ‘a feeling’?


(NM) #19

Primarily this:


Webiste summary of the paper:

And assuming it gets iterated on multiple times and improves.
Plus you don’t even need to target the fingerprint the fingerprint scanner is the other vulnerability that would need to be unhackable/have low vulnerability.
Plus you don’t even need to attack that device. You would probably attack the person’s phone and try and get that, as I assume it has to be a similar finger to your fingerprint on your phone.
In summary people(researchers) have already beaten the system. It would be better to stick to a pin.