How biometric security is making the PIN drop
Retailers are constantly seeking better ways to ensure the security of transactions. Biometric solutions are demonstrably better than earlier options, like signatures and personal identity numbers.
When it comes to making financial transactions, any kind of payment that is made in a format other than cash simply has to be secured in some manner. Originally, such security was provided by the user's signature, as was the case when signing a cheque, for example. Over time, signatures have given way to personal identity numbers (PINs), and these, in turn, are now being overtaken by biometric solutions.
Mark Badenhorst, GM for payment terminals at ACS, indicates that while PINs are an improvement on signatures, which can quite easily be faked well enough to pass for the real thing, plenty of internal fraud still occurs in the retail space, due to too many people having access to the supervisor's PIN or card.
"The usual approach in retail, should a reversal or refund be needed, is for the supervisor to override the system using their card and PIN. However, owing to the vast number of security cameras, and possibly also a lax approach to protecting their PIN, it is not at all difficult for someone with criminal intent to get hold of this and use it for nefarious purposes," he says.
"On the other hand, with a biometric security approach that uses a fingerprint for access, it becomes much easier to ensure that the person using the system is exactly who they are supposed to be. Not only does it significantly improve the security aspect, but it also ties individual transactions to specific people."
It is for reasons such as this, he continues, that biometric solutions are becoming increasingly popular as an identifier, and more and more organisations are considering their implementation. Uptake has, however, still been relatively slow, due to the added cost associated with this new technology, which is expensive.
"Nonetheless, organisations are beginning to invest in transaction points that have fingerprint readers built in, as this enables them to more closely manage internal fraud, by closing the loop with regard to clearly understanding who the person is who is utilising the system.
"Perhaps the biggest challenge faced with regard to biometric technology adoption is the simple fact that there are so many different options available. Apart from fingerprints, retina scans and facial recognition solutions are among the more popular ones. The difficulty here is that because it is expensive technology, companies are wary of investing in something that may prove to be the wrong solution in the long run."
The other challenge that he notes, particularly in the retail space, is that the high volume nature of the industry means that while security is paramount, it also needs to be quick and easy for a customer or staff member to use. If it takes too long to make a payment or to obtain a refund from the supervisor, then the customer will simply shop somewhere else next time.
Moreover, because the largest percentage of fraud in retail today is internal in nature, in order for biometrics to be successful, continues Badenhorst, a two-pronged biometric approach is necessary: one that secures the customers' payments and one that provides authorisation for those employees who need to undertake refunds and cancellations.
"Ultimately, it becomes a balance between security and cost, but as with all technology, one must remember that, over time, costs do come down. Therefore, it will become less expensive to use this type of solution as we move forward.
"What make biometrics so crucial today is that it adds a new and very effective layer of security to any and all transactions. This is vital because in the security industry, success is all about staying two steps ahead of the bad guys. One of the best ways to do this is to make it more costly for them to beat the system, which is exactly what complex modern biometric solutions do," concludes Badenhorst.