MasterCard Reveals Credit Card With Built-In Fingerprint Sensor

Discussion in 'iOS Blog Discussion' started by MacRumors, Apr 20, 2017 at 3:01 AM.

  1. MacRumors macrumors bot


    Apr 12, 2001

    MasterCard today unveiled a biometric chip-and-pin credit card featuring a built-in fingerprint sensor that takes cues from mobile payment systems such as apple pay.

    The card can be used to make purchases like any other, except rather than keying in a PIN number, card holders can choose to place their finger over the square sensor to approve the transaction.

    Alternatively, users can take a two-tier authentication approach and use both their PIN and fingerprint to approve the purchase. However, users of the card won't have the convenience or security that comes with registering their print with their smartphone.


    With Apple Pay, fingerprint data is encrypted and protected with a key available only to the Secure Enclave on the user's iPhone. The Secure Enclave is walled off from the rest of the hardware and the OS, meaning iOS and other apps never have access to user fingerprint data, it's never stored on Apple servers, and never backed up to iCloud or anywhere else.

    The biometric credit card has no such protections. Instead, the user must register their print with the bank or financial institution that issued the card, and while the fingerprint is encrypted on the card itself, it's still unclear what security and privacy measures are in place to deal with the registration process.


    Despite those concerns, Mastercard's chief of safety and security, Ajay Bhalla, said that the fingerprint technology was "not something that can be taken or replicated", and that the biometric card would help "to deliver additional convenience and security".

    MasterCard plans to roll out the cards in Europe and the Asia Pacific region soon, following successful tests in South Africa through Barclays subsidiary Absa and supermarket Pick n Pay.

    Article Link: MasterCard Reveals Credit Card With Built-In Fingerprint Sensor
  2. Nimrad macrumors 6502

    Jul 28, 2010
    So how does this work? I'm guessing some sort of power would be needed? Does it get the power from the terminal when inserted maybe? And is my fingerprint stored on the card or in the cloud?
  3. Jyby macrumors regular

    May 31, 2011
  4. timmyh Contributing Editor


    Mar 18, 2016
    Liverpool, UK
    MasterCard only offered this explanation:

    "A cardholder enrolls their card by simply registering with their financial institution. Upon registration, their fingerprint is converted into an encrypted digital template that is stored on the card. The card is now ready to be used at any EMV card terminal globally.

    When shopping and paying in-store, the biometric card works like any other chip card. The cardholder simply dips the card into a retailer’s terminal while placing their finger on the embedded sensor. The fingerprint is verified against the template and – if the biometrics match – the cardholder is successfully authenticated and the transaction can then be approved with the card never leaving the consumer’s hand."
  5. telegix macrumors member

    Jul 26, 2005
    Here in Switzerland, the cards are sucked into the machine at the POS point, so this is going to be an issue for this tech.. But good effort none the less.
  6. arkitect macrumors 601


    Sep 5, 2005
    Bath, United Kingdom
    If this helps me use a contactless card to pay for sums higher than £30 I'd be happy. (UK transaction limit)
  7. maflynn Moderator


    Staff Member

    May 3, 2009
    On paper it seems like a good idea, but in practice, I'm not so sure.

    What about readers that pull a card in and don't give you the option to hold the sensor? My credit cards are scratched and marked up from being in my wallet, I can see the sensor being just as scuffed up. I'd rather not be fumbling at a register trying to buy something and because I have scratches on the my credit card I cannot use that card.

    Also I'm not about to give my bank my fingerprint.
  8. JohnApples, Apr 20, 2017 at 3:49 AM
    Last edited: Apr 20, 2017 at 11:16 AM

    JohnApples macrumors 65816

    Mar 7, 2014
    I find it a bit funny that people are willing to trust banks with extremely personal information such as home address, social security number, and those very specific "recovery questions". Oh and let's not forget entire life savings. Yet when it comes to a fingerprint, that's where we draw the line.

    I mean, I get it. I probably wouldn't use this either. But if you're uncomfortable sharing your fingerprint with your financial institution, maybe you shouldn't be sharing every other detail about your life with them, too.

    EDIT: alright folks I get it! You can change the other stuff but you can't change your fingerprint! Please stop quoting me!
  9. allenvanhellen macrumors member

    Dec 8, 2015
    Not that I lose credit cards very often, but unless their chip is as secure as the Secure Enclave in an iPhone chip, I don't want to walk around with a hackable piece of plastic that has my print on it.
  10. H2SO4 macrumors 68040

    Nov 4, 2008
    Yep, and an increasing number of workplaces are requiring biometrics also but this is very rarely questioned. A difficult balance to strike though.
  11. Shaun, UK macrumors 68030

    Mar 23, 2006
    My dad had dementia and could never remember his PIN number so this would have been ideal.
  12. BrettArchibald, Apr 20, 2017 at 4:37 AM
    Last edited: Apr 20, 2017 at 6:39 AM

    BrettArchibald macrumors member


    Jul 31, 2007
    Oh, so you still have to put the card INTO the card reader...?
    Meh. Pass.
    It's just more convenient to wave my phone in the general vicinity of the card reader instead.
    It's also a lot more convenient to pull my phone out of my pocket and then stick it back afterwards (2 steps) than take my wallet out my pocket, take my card out of my wallet, put the card in the reader, take the card out the reader, put my card back into my wallet and then put my wallet back in my pocket (6 steps).
  13. NT1440 macrumors G4


    May 18, 2008
    Hartford, CT
    Yea...not going to trust MasterCard with my fingerprint. I understand the security built into TouchID.

    I don't even trust MasterCard to begin with.
  14. H2SO4 macrumors 68040

    Nov 4, 2008
    It won't go away anytime soon. Spend over £30 and you’r still putting card into reader.
  15. doelcm82 macrumors 68040


    Feb 11, 2012
    Florida, USA
    I don't see how it would. These don't appear to be contactless cards.
  16. ratbastard macrumors newbie


    Sep 5, 2015
    The difference, in my opinion, is that you can change your password, you can generally recover lost funds & you can even legally change your name, but your fingerprint is forever. A powerful acid wash may be able to remove it but it remains unchanged - it is always your fingerprint.

  17. JohnApples macrumors 65816

    Mar 7, 2014
    That is a good point, and I do understand why someone would be hesitant about registering it. Though, if someone really wanted a fingerprint, I'm sure there are a million easier ways of obtaining it rather than hacking into wherever my bank stores the encrypted information.
  18. Robert.Walter macrumors 65816

    Jul 10, 2012
    What major retailer are you thinking of? I haven't seen this since Coop Pronto upgraded to new POS terminals a year ago. ATMs still do it but merchants not so much. (I'm mostly using Apple Pay and would never change to MC's new scheme.)
    --- Post Merged, Apr 20, 2017 at 5:24 AM ---

    Unlike the rest, you can't sue the bank to return it and can't change your fingerprint once lost.
    --- Post Merged, Apr 20, 2017 at 5:27 AM ---
    That's probably not the case. But the risk is that the more institutions that have your print on file, the greater your exposure footprint and chance for loss of a non replaceable item.

    Local storage in secure enclave eliminates that greater risk.
    --- Post Merged, Apr 20, 2017 at 5:29 AM ---
    This also leads me to believe that the limit on Apple Pay transactions is artificially low not for safety but for cartel competition reasons (make cards like this viable.)
    --- Post Merged, Apr 20, 2017 at 5:33 AM ---
    Wrong way of looking at it. You are thinking in terms of somebody directly targeting you as opposed to bulk gathering of fingerprint data.

    Direct is unlikely for most, but bulk is a risk for all and either way, you are equally hosed.
  19. maflynn Moderator


    Staff Member

    May 3, 2009
    Because those items can be removed, or changed. Yet a fingerprint is a physical attribute that you cannot change, and if compromised offers a world of hurt for the victims of identity theft.

    Banks have our money, but its protected and guaranteed by the federal government. The banks can be compelled to remove our personal information but if leaked our finger prints cannot be changed.

    Just because I trust the bank to hold my money, doesn't mean that trust extends to them having and protecting my fingerprints.
  20. Sasparilla macrumors 6502a

    Jul 6, 2012
    Interesting technology. However your fingerprint (which is for life) is now with the bank - where it can be stolen (or shared with the government if you care about that - law passed in the U.S. last year authorizes that).

    You just do not want to be giving companies biometric data if you can help it, cause it will get stolen and then you'll get to deal with those consequences for the rest of your life cause you can't change them.
  21. Fall Under Cerulean Kites macrumors regular

    Fall Under Cerulean Kites

    May 12, 2016
    I already have a fingerprint sensor for my credit card. It’s called Apple Pay.
  22. chr1s60 macrumors 68000


    Jul 24, 2007
    So it sounds like the card turns your fingerprint into a unique PIN and that is essentially what is transmitted when the correct print is read. Seems like a decent idea, the big issue comes when the regular wear and tear starts hitting the card from being pulled in and out of a wallet/purse throughout daily life. The other issue is the protection of the actual fingerprint. If they made it work where somehow only the card itself memorized the print and sent out the unique PIN to the card reader and no other data was transferred it could work. Think of it kind of similar to how the iPhone or any cell phone recognizes a print. No clue if that could be done through a credit card, but it would seem safe if executed that way.
  23. Bart Kela macrumors 6502

    Bart Kela

    Oct 12, 2016
    No Service
    Some of the POS and ATM machines here in the USA do the same thing (swallow your card whole).
  24. Kaibelf macrumors 68000


    Apr 29, 2009
    Chicago, IL
    How does this deliver additional convenience above Apple Pay or Google Wallet?
  25. Bart Kela macrumors 6502

    Bart Kela

    Oct 12, 2016
    No Service
    And how well does it work when you are at a POS terminal that does not support Apple Pay? I believe there are more than a few still left on this planet.

    And how well do you think that works for people who own non-Apple handsets?
    --- Post Merged, Apr 20, 2017 at 6:33 AM ---
    It works when the POS terminal does not support those two protocols. It also works when the payor does not own a supported device or chooses not to use one. There are more than a handful of people on this planet who fit these categories.

    Not everyone is blessed with your same hardware nor do they exclusively patronize shops that support Apple Pay/Google Pay/Samsung Pay, etc.

    The world is a larger place than stores with Apple Pay.

    Sounds like you don't get out much beyond your little bubble world. Do some international traveling and see how often you can use Apple Pay.

Share This Page