Contactless Payments: Addressing the Security IssuesPCI Council's Jeremy King on Authenticating Mobile Payments with Biometrics
In a contactless environment, on mobile devices in particular, biometrics authentication can replace the need to use PIN entry as an additional authentication layer, King says in this interview conducted at Information Security Media Group's recent Fraud & Breach Prevention Summit in London.
"The challenge there is, 'How do you ensure the security and the authenticity of the biometrics?'" he says. "Biometrics have been around for a while, in terms of authentication. ... They are static information. My fingerprints don't change. Now, if I lose my PIN, I can go into the bank and say, 'Can I have a new PIN?' If I lose my fingerprint, if that is compromised, then there's not much I can do."
As contactless mobile payments become more commonplace in Europe and elsewhere, card networks and issuers are rethinking how they secure payments, turning to biometrics and, in some cases, transaction and behavioral analytics, he adds.
During this interview (see audio link below photo), King also discusses:
- Challenges ecommerce merchants face when it comes to authenticating online purchases;
- Why PCI compliance is so difficult to maintain, especially during the holiday shopping season; and
- Steps the PCI Council is taking to ensure merchants understand why regularly patching systems is so critical.
King leads the PCI Security Standards Council's efforts to increase global adoption and awareness of PCI security standards. His responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI-managed standards in European markets and driving educational efforts and council membership through involvement in local and regional events. He also serves as a resource for approved scanning vendors and qualified security assessors. Before joining the council, King was the vice president of the payment system integrity group at MasterCard Worldwide.