Continuous innovation in payment security is necessary to counteract fraud and to support smooth customer journeys across new payment channels and biometrics is being increasingly adopted to support these aims.
Payment fraud levels have been rising significantly. In the first quarter of 2024, the UK’s Financial Ombudsman Service reported a record high of 8,734 fraud and scam complaints, with over half related to authorised push payment (APP) scams. In Europe, the European Banking Authority (EBA) and the European Central Bank (ECB) reported that payment fraud in the European Economic Area amounted to €4.3 billion in 2022 and €2.0 billion in the first half of 2023. Payment fraud levels in the USA have also been notably high. In 2023, 80 percent of organisations experienced payment fraud attacks or attempts, a significant increase from the previous year. Additionally, consumers reported losing over $10 billion to various fraud schemes, with investment scams leading the losses at more than $4.6 billion. Credit card fraud remains a major issue, affecting 60% of U.S. credit card holders[1]. In 2023, 52 million Americans experienced fraudulent charges on their credit or debit cards, totalling over $5 billion.
Innovation in payment security has a positive impact in reducing fraud. This is proven. The introduction of Strong Customer Authentication (SCA) under the revised EU Payment Services Directive (PSD2) in January 2021 has had a significant impact on reducing payment fraud. According to a joint report by the European Banking Authority (EBA) and the European Central Bank (ECB), the total value of fraudulent transactions in the European Economic Area (EEA) was €4.3 billion in 2022, but it decreased to €2.0 billion in the first half of 2023 after SCA was deployed.
Similarly, the introduction of Chip and PIN technology to payment cards has significantly reduced payment card fraud, particularly counterfeit fraud. According to reports[i], the implementation of EMV chip cards has led to a 54% reduction in counterfeit fraud costs for retailers who have completed or are close to completing the transition to EMV technology. Additionally, some card issuers have reported an average reduction of 50% in counterfeit losses since the deployment of EMV chip cards[ii].
My own experience of working in payment security for companies such as HSBC, Citibank, and BACS (UK payment system) mirrors this. My work in developing PKI-based security solutions for these financial services providers has enabled me to see how well-designed and deployed security solutions can reduce fraud and improve usability.
I use my own industry and technology experience when researching and evaluating security technology at Goode Intelligence. In my latest report covering the market for biometric technology for payments[iii], I have used my industry experience to evaluate the market for biometric technology in the payments sector. Fundamental to this work was an exercise to determine a typical end-to-end payment process and then map where biometrics is being used to support modern methods of payment delivery and to counteract fraud attacks, increasingly AI-driven.
In the report, I segmented a typical consumer payment process into three main parts (end-to-end lifecycle), from onboarding payment customers (Identity Verification), payment transacting, and fraud management.
The report discovers that biometrics are ubiquitous in all parts of the payment process and are being used to support all three main parts of the payment process:
- To prove a new payment customer’s identity when onboarding (Identity Verification);
- To authenticate a payment user for both digital and physical payments, to approve higher-risk / higher-value payments (step-up or re-verification); and
- To detect and prevent fraud.
To support this model, payment service providers are turning to the most appropriate biometric modality to match the specific requirements of the payment process and payment channel. For instance, face liveness and matching for onboarding, on-device fingerprint authentication for eCommerce payment authentication and palm authentication for physical (POS) payment authentication, server-side face biometrics to support higher-risk / higher-value payments, and behavioral biometrics to support risk-based orchestration models and fraud management platforms.
Outside of these core payment processes are other applications that are emerging and leverage biometric technology. This includes age assurance, where as part of the payment process for age-restricted goods and services (adult content, alcohol, medicines, and knives), biometric technology is used to prove age.
The report also delves into the impact of emerging digital identity technology. There are scenarios where emerging digital identity solutions, including Digital Identity Wallets and Verifiable Credentials (VCs), are used to support the payment processes. Verified credentials, including PII such as data-of-birth, contained in a digital identity wallet can be used prove identity and to authorise restricted goods / service payments. Access to the wallet can be controlled through liveness checks and biometric authentication. I explored the symbiosis between digital identity and payment In the 2024 Goode Intelligence market analyst and forecast report, “Travel Digital Identity – Seamless Travel Powered by Digital Identity”[i] where a digital identity issued by an Identity Services Provider or an Airline, in partnership with airports, can be used at the airport to facilitate payments.
The same model can be applied to sports stadia. For the sports market, there are also examples where branded biometric cards can be used to support ticketing, loyalty, and payment.
An important question that the report attempts to answer is whether biometric technology has the ability to turbocharge future payment services that forego the use of a payment token (card or smart mobile device) – tokenless or naked payments, where a biometric sensor is embedded into a payment (POS) terminal. This is enabling new channels to open up, including automotive (in-car payments) where the ability to make a payment whilst driving is supported by, largely, touch-free biometric payments including face and voice.
The report predicts that there is a bright future for tokenless biometric payments. With ever increasing improvements in the performance of biometric systems they could become good enough to be used on their own without a token to authenticate customers and approve payment transactions – the pay by me revolution. When this will become dominant and replace token-based payments is currently difficult to answer but we are forecasting that by 2030, 337 million people globally will use tokenless payment solutions. The emergence of Amazon One, J.P. Morgan’s partnership with PopID, and Chinese examples of WeChat Pay and AliPay offers a peak into the future of physical retail stores that could be replicated for mass transit travel (ticketing), events, car rental and car ride-sharing and sports stadia (Hybrid ticketing/loyalty/payments).
In the meantime, biometrics for payments is increasingly a vital part of a payment service providers’ toolkit in the never-ending task of reducing financial fraud and ensuring that their customers can conveniently prove their identity and authorise transactions when paying for trillions of dollars’ worth goods and services in a variety of payment channels. Supporting customers for the entire payment journey in both physical and digital scenarios from onboarding to new payment services, authentication, transaction authorisation and fraud detection.
[i] https://www.goodeintelligence.com/report/travel-digital-identity-seamless-powered-by-digital-identity/
[1] https://www.security.org/digital-safety/credit-card-fraud-report/
[i] https://www.pymnts.com/news/emv/2016/mastercard-fraud-costs-emv-impact/
[ii] Counterfeit Losses Drop 47% As Retailers Bring Up EMV – Frank on Fraud
[iii] https://www.goodeintelligence.com/report/biometric-payments-market-technology-analysis-adoption-strategies-and-forecasts-2025-2030/