Amex to biometrically secure online transactions
While the secure transactions industry has found efficient solutions to secure physical transactions, card-not-present payments still remain the soft spot of payment security.
American Express just announced the launch of a pilot program including biometric controls in their "SafeKey," their implementation of Strong Customer Authentication (SCA) or 3D-Secure. Fingerprint and facial recognition checks will be added to SafeKey using web authentication technologies from the Fido Alliance and World Wide Web Consortium, which are supported on all major web browsers.
Under this new system, when a shopper uses a device that supports facial or fingerprint recognition, typically, most smartphones available nowadays, the system will use these features to authenticate the cardholder. This step will replace the usual SCA check, based on handset data or the sending of a code via SMS or email. Fingerprint and facial recognition for SafeKey were developed by using Web Authentication technologies from the FIDO Alliance and World Wide Web Consortium (W3C), Amex says. These new features will be introduced as a pilot to US Amex cardholders early 2024, with the objective of a US rollout later in the year. They don't announce plans for a global rollout.
American Express, is at the same time a card issuer, a payment scheme and in many cases an acquirer, unlike other entities in the payment industry. As such they embody the so-called three corners payment model, while more traditional financial institutions that are either issuers or acquirers and not payment schemes are bound to the four-corners payment model. This situation puts American Express in an easier situation than others when it comes to implementing such features that involve several roles in the payment value chain.
Payment is always a balance between ease of transaction and security features. Consequently, ergonomics is paramount in the success of any payment system. The addition of biometrics on the user's handset, or even computer, creates an additional step in completing a payment. Online shoppers have already been through several iterations of security procedures: from the sending of an SMS to app authentication, as is the case now for most transactions under SCA. Adding an extra biometric verification step can only succeed if it does not create an obstacle in completing most transactions.