Even after partnering with MasterCard, Zwipe has a long journey ahead before its contactless cards with fingerprint authentication see mass adoption. But the high-tech cards have the potential to suppress fraud and deter security breaches beyond what traditional EMV-chip cards can do.
EMV cards are designed to deter counterfeiting, but they leave open certain loopholes for fraudsters to exploit. Notably, EMV cards don't add security for card-not-present payments, but they are also vulnerable to other exploits. In many cases, EMV cards are also used with a PIN to prevent the misuse of stolen cards.
After the U.K. migrated to EMV chip-and-PIN, lost/stolen fraud decreased, but between 2011 and 2013 those rates rose as fraudsters found ways to skim and capture PIN numbers, said Julie Conroy, an analyst with the Aite Group.
"Other countries as they've gone to EMV, if they use chip-and-PIN, it initially addressed lost/stolen fraud but then those numbers went right back up," she said.
The addition of a biometric sensor could reduce this type of skimming fraud, Conroy said. "It's a bit more effective than a PIN that is a static four-digit data element."
MasterCard plans to launch a card with Zwipe in the U.K. in early 2015. Consumers won't have to input their PIN at the point of sale when using a card that has a fingerprint sensor authentication.
"The merchant will have quicker transactions so smaller cues and higher turnover," said Kim Humbortad, CEO and founder of Zwipe. The biometric card stands to benefit the whole value chain because "it combines a security level that's higher than traditional PIN codes with a simpler process than PIN codes."
And because Zwipe isn't disrupting the existing value chain, the company might have an easier time partnering with legacy players.
Zwipe has run successful pilots with two banks, SparebankenDIN in Norway and Getin Bank in Poland. SparebankenDIN will use Zwipe's technology for its credit cards and Getin Bank will use it for its debit card portfolio.
"Zwipe has worked with financial institutions in pilots; a lot of people are working on [biometrics] tech but getting the consumer feedback for us is critical," said Bob Reany, head of authentication services at MasterCard. "Around security you can create a lot of cool stuff that no one will use ."
Both MasterCard and Zwipe gave a nod to Apple for being the wedge in the biometrics market. Apple's mobile payment system, Apple Pay, uses Apple's TouchID fingerprint scanner for authentication.
Five years ago, consumers associated fingerprint scanning with criminal activity and thought the process was a bit Orwellian, said Reany.
The biometric cards could also provide enough security to eliminate the limits placed on contactless payments, Hombortad said. "That's the goal for MasterCard to use contactless for all amounts," he said.
The security of the cards also rides on the fact that consumer biometric data and information are stored on the chip in the card itself.
Data breaches have dominated the payments industry's attention for the past year. Most of those breaches had to do with fraudsters breaking into big central databases so they could get massive amounts of credentials. "Putting the information on individual cards and phones, you destroy that model for fraudsters," Reany said.
But the main hurdle biometric cards face is cost. High-tech cards are much more expensive than traditional cards.
Zwipe, which has offices in Oslo, Norway and Colorado, would not disclose the price of the cards. MasterCard would not disclose a range of card prices. MasterCard works with a number of biometric technology providers, including voice and facial recognition providers.
Previously MasterCard had partnered with NagraID to develop a card with a digital one-time code generator for card not present transactions. NagraID was acquired by Oberthur Technologies in August.
"I haven't seen that solution get much traction other than with high net worth individuals where there's more risk," and so the users don't mind spending more money on the card, Conroy said.
In the U.S., where contactless card payments haven't taken off, issuers would have trouble justifying the expense, Conroy said. While U.S. merchants are upgrading their point of sale terminals to support both EMV and NFC, most large card issuers are issuing contact-only cards because of the lack of contactless card payment adoption, she said. In the U.S., contactless payments will see an increase in adoption through mobile wallets.
While there is no silver bullet for next-generation payments, Reany said integrating biometrics onto a phone constitutes about 80% of MasterCard's efforts, while the other 20% is on integrating biometrics on cards.
Biometric-embedded cards have more potential in regions that have already migrated to EMV, where the rollout will be quicker, Reany said. And because fingerprint readers are looking to become massively adopted on smartphones, Reany thinks that could push the price point down for the sensors on cards as well.