Evaluation of a template protection approach to integrate fingerprint biometrics in a PIN-based payment infrastructure

Biometric authentication has a great potential to improve the security, reduce cost, and enhance the customer convenience of payment systems. Despite these benefits, biometric authentication has not yet been adopted by large-scale point-of-sale and automated teller machine systems. This paper aims at providing a better understanding of the benefits and limitations associated with the integration of biometrics in a PIN-based payment authentication system. Based on a review of the market drivers and deployment hurdles, a method is proposed in which biometrics can be seamlessly integrated in a PIN-based authentication infrastructure. By binding a fixed binary, renewable string to a noisy biometric sample, the data privacy and interoperability between issuing and acquiring banks can improve considerably compared to conventional biometric approaches. The biometric system security, cost aspects, and customer convenience are subsequently compared to PIN by means of simulations using fingerprints. The results indicate that the biometric authentication performance is not negatively influenced by the incorporation of key binding and release processes, and that the security expressed as guessing entropy of the biometric key is virtually identical to the current PIN. The data also suggest that for the fingerprint database under test, the claimed benefits for cost reduction, improved security and customer convenience do not convincingly materialize when compared to PIN. This result can in part explain why large-scale biometric payment systems are virtually non-existent in Europe and the United States, and suggests that other biometric modalities than fingerprints may be more appropriate for payment systems. (C) 2011 Elsevier B. V. All rights reserved.