Mobile Commerce Daily is now Retail Dive: Mobile Commerce! Click here to learn more!

Biometrics, tokenization gain steam with MasterCard, Visa commitments

With security one of the biggest hurdles to driving mobile payments adoption, Visa and MasterCard are doubling down on technologies such as tokenization and biometrics to safeguard customer data on smartphones.

Visa said this week that it will expand a program introduced last year that replaces 16-digit account numbers with a unique series of numbers called a token in online and mobile payments. Also this week, MasterCard announced a pilot program with First Tech Federal Credit Union to use biometrics such as facial and voice recognition as well as fingerprint matching to authenticate transactions.

“Today, signatures and PINs identify consumers,” said Carolyn Balfany, senior vice president of product delivery and security for MasterCard, Purchase, NY. “Biometrics is tomorrow’s scale technology, it can include unique combinations of facial and voice recognition and fingerprints to identify the individual.

“The use of biometrics can further improve security from not only what the consumer knows (the PIN) but to who they are (their fingerprint or voice),” she said. “These methods protect against lost/stolen fraud.

“Using EMV, tokenization and biometrics together allows both the device and the consumer to be more surely authenticated striking at counterfeit and lost/stolen fraud. That’s powerful.”

Security layers
The MasterCard pilot program using biometrics will roll out later this year. It is designed to deliver greater security to U.S. cardholders without compromising convenience.

Biometrics have been getting a lot of attention lately following the introduction of Touch ID by Apple last year. The finger recognition technology enables users of newer iPhone models to unlock their device and complete purchases using Apple Pay, with the fingerprint information store locally.

MasterCard is taking a layering approach to security with mobile payments.

MasterCard’s introduction of EMV or chip technology is based on tokenization or a chip that sits on in a mobile telephone. The chip generates a unique code for each purchase. That unique code all but eliminates counterfeit fraud.

“For online security, including mobile payments, security lies in identifying both the device and the person making the transaction,” Ms. Balfany said.

“The role of mobile in biometrics will be important,” she said.

“It’s presumed that through mobile devices, be they phones, watches and gadgets not yet invented, consumers will transact and verify their identities.”

Mobile payments adoption
While financial services organizations and technology companies have high hopes for mobile payments, consumer adoption has been slow, in part because of perceived issues around security. Many consumers are concerned that their personal data stored on a phone could be accessed if the device were stolen. At the same time, a series of high-profile data breaches also has consumers about data being stored remotely.

A recent report from 451 Research stated that security is the largest obstacle to more rapid adoption of mobile payments services. The report also said the issue is largely one of perception, with the onus on financial services organizations, technology companies and retailers to make consumers feel more secure (see story).

Visa is betting on tokenization to make consumers feel more secure.  The company launched the Visa Token Service in September 2014, replacing account information with a token to authorize payments on select Apple devices using Visa accounts through Apple Pay.

This year, the service will be expanded to other device manufacturers and technology companies, bringing the mobile technology to tens of millions of consumers.

Account number replacement
Visa also plans to tokenize transactions initiated with Visa Checkout for online purchases. As a result, more than 110 merchants that have already deployed Visa Checkout will be able to offer their customers Visa’s token technology.

The list of retailers includes Gap, Gymboree, Neiman Marcus, Orbitz, Pizza Hut and Staples.

Visa states that a number of financial institutions in Asia Pacific, Latin America and the U.S. will also begin deploying Visa Token Service to support their mobile payment apps and services.

Visa also expects some of the largest ecommerce merchants to deploy Visa Token Service.

“To encourage broader adoption of mobile payments, it’s in the best interest of providers to hone their focus on security,” said Jordan McKee, senior analyst for mobile marketing and commerce strategies with Yankee Group, Boston. “Security is, by a long shot, the biggest impediment to mobile payment adoption. We find of those not using mobile payment applications, 47 percent cite security issues as the primary issue why.

“I wouldn’t say there’s so much a race as there is a concerted effort across the industry to leverage the inherent features of the mobile device to bolster security,” he said.

“Eighty four percent of respondents to our January 2015 US Consumer survey cited secure storage of financial account information as a critical factor in a mobile payment app. Security should be viewed as the foundational component of mobile payments; it must be in place before broad adoption becomes anything close to a reality.”

Final Take
Chantal Tode is senior editor on Mobile Commerce Daily, New York