Debit Card With Built-In Fingerprint Reader Begins Trial In the UK

British bank Natwest is trialing the use of a new NFC payment card with a built-in fingerprint scanner. "The trial, which will include 200 customers when it begins in mid-April, will allow its participants to make NFC payments (called 'contactless' in the UK) without needing to input a PIN or offer a signature," reports The Verge. "The standard [30 British pound] limit for contactless payments will not apply when the fingerprint is used." From the report: Currently, anyone can make a contactless payment in the UK by tapping their card on the terminal to make a payment. As a result of this lack of security, a [30 British pound] limit is applied to such payments, with retailers requiring you to place your card into the card reader and enter a PIN for more expensive purchases (commonly referred to as the "Chip and PIN" method). Although mobile payments require authentication, customers often find they're subject to the same [30 British pound] limit. The fingerprint data is stored locally on the card, meaning there's no security information for a hacker to be able to steal from a bank's central database. It's not foolproof -- there's always the risk a sufficiently determined thief could steal and imitate your fingerprint -- but it's much more secure than a PIN that someone could learn by simply looking over your shoulder as you enter it.

Re:Not foolproof if they use hacked POS teminals

[quenda]

re the "hacked terminal" MITM,
they could put an LCD display on the card so you can check the amount before authorising, but lets face it, nobody will bother reading.

Weakens security

[Solandri]

without needing to input a PIN

This type of 2FA relies on the two factors being (1) something you have, and (2) something you know. In the case of Chip and PIN, the chip (embedded in the card) is something you have, and the PIN is something you know. The orthogonality of these two factors means scenarios which result in the loss of one are unlikely to result in the loss of the other, and vice versa. Even if someone steals the card, they cannot use it because you have not revealed our PIN. Even if you tell someone your PIN, they cannot use it without physical possession of the card.

This new card they're trying changes the two factors to two things that you have. That makes fraud far more likely, because things which result in the loss of one are likely to result in the loss of the other. If you lose the card, a thief may be able to lift your fingerprint off the card itself. If someone dies and a person runs across the body, they have access to both the finger and the card.

That's really the whole point of 2FA. It's not "throw a couple roadblocks in the way of thieves and hope one of the works." It's designing the two roadblocks so there's minimal intersection of their weaknesses. Switching it to two physical factors results in a system that's not much more secure than having just a single factor.

Re:Not foolproof if they use hacked POS teminals

[arglebargle_xiv]

It's not foolproof -- there's always the risk a sufficiently determined thief could steal and imitate your fingerprint

Why would you do that? The chip, or hacked/cloned/fake chip, is the one that's telling the terminal that all is OK. "Uh yeah, this is the chip in the card, I've, uhh, verified the owner's fingerprint, all good here, nothing to see, move along". They're doing the checking in the wrong place.

Re:Computer hacker steal my fingerprint....

[JaredOfEuropa]

Contactless is a hell of a lot faster. In some places, this matters a lot: it has seriously shortened the lines in office cafeterias, and in places like the London Underground where you can travel with a contactless debit card, adding a PIN terminal to the turnstiles would have resulted in nightmare congestion.