Sberbank customers will be able to pay in retail stores without their credit cards. Instead, they will use fingerprint authentication.
The new payment method will be available in the stores with special biometric terminals. First, a customer will need to register his fingerprints and attach them to his credit card. To confirm the payment, he will also need to enter a five-character password.
The service has not been launched yet but, according to TASS, it is already possible to participate in trials. Other physical features that can be used to confirm the transaction include facial image (also requires scanning in a bank’s office). Customers will need to sign consent to biometric data processing in order to be able to use the new technology.
Conceptually, biometric authentication is supposed to increase information security compared to using PINs, commented Avanpost Commercial Director Alexander Sanin. Simply because a fingerprint is an additional authentication factor. However, he thinks that transactions will not be as convenient.
“You need to press your finger and then say a password (instead of the good old PIN). Therefore, two-factor authentication (producing your card and entering the PIN) will be replaced with three-factor verification (producing your card, confirming your fingerprint, password),” Alexander Sanin explains.
Most importantly, the expert stressed that it is not clear how fingerprint and password databases will be protected.
“If malefactors get their hands on this database they will be able to create the fingerprint and will also know the password. All they need is to create a card replica.”