The Payments Association of South Africa (PASA) recently announced that the country is the first in the world to develop a national biometric standard for card payments.
Developed in partnership with MasterCard and Visa, the standard aims to give banks and merchants an interoperable biometric authentication framework.
While the standard enables a variety of biometrics such as fingerprint, palm, voice, iris, and facial verification, PASA’s focus for the launch was fingerprint identification.
Fingerprint replaces PIN
PASA said the system is designed to replace PIN codes, as it believes biometrics represent a more secure form of authentication.
Because biometrics are secure, it said, it decided not to require both fingerprint and PIN authentication for card payments.
This is to keep the payment process quick and user-friendly.
You will probably need a new card
If your bank adopts fingerprint ID, PASA said you will probably need a new card with a new chip.
PASA said it will be possible to use new chips in old PIN-only card readers, but it may not be possible to use old chips to store biometric data.
Users’ biometric data will be encoded, encrypted, and stored on the new chip.
To guard against criminals stealing your fingerprint, or cutting off your finger, PASA said it will require liveness detection on readers used in South Africa.
PASA said that although its standard does not specify minimum requirements for readers, minimum terminal specifications for every market will cover this.
These minimum terminal specifications still have to be defined for South Africa, but PASA said they will not impact the interoperability of the standard.
Fallback to PIN and signature
Should your fingerprint not work, your bank or other issuer will be able to allow your card to fall back to PIN.
As with chip-and-PIN cards, if the chip or reader is damaged and your PIN can’t be verified, the bank may allow you to fall back to signature authentication.
PASA said its aspiration is for the standard it developed for South Africa to go global.
If banks, financial institutions, and those who process payments wish to adopt a fingerprint standard, they can do so on a PASA-approved platform.