QR code is on the way out; bio authentication is around the corner

Plastic cards are becoming passé with QR (quick response) codes that are scanned by using smartphones becoming the ‘go-to thing’ for most people who use it to make payments on the UPI (Unified Payments Interface) platform. This digital transformation happened in just about four years. But how about moving on to fingerprints and facial identity for UPI transactions?

The idea is not far-fetched. The NPCI (National Payments Corporation of India) is reportedly in discussions with start-ups to introduce biometric authentication for UPI payments. While it is still early days, the technology that enables customers to transact using their facial identity and fingerprints is already available.

Biometric authentication

Currently, UPI transactions require a PIN or password for authentication. While these methods are effective, they are not foolproof. With the rise in cyber threats and digital fraud, there is a growing need for more robust security measures. This is where biometric authentication comes in. This will make payments highly secure reducing the scope for fraud, say top officials with payments service providers.

“This method is already widely used in smartphones for unlocking devices and authorising actions such as payments,” says Atish Shelar, chief operating officer (COO), TechFini, a UPI-based payment infrastructure provider for banks, financial institutions, and fintech companies.

Integrating this technology into UPI transactions could significantly reduce the risk of unauthorised access, as biometric data is much harder to replicate than a PIN or password. Here is how biometric authentication will look for UPI payments in the future.

A customer will have to first link her/his Aadhaar number with the bank account to initiate biometric-based UPI payments. “For this type of payment, users will not need to remember a PIN. Users must ensure that their biometric data, such as fingerprints or facial recognition, is correctly registered and updated in the system,” says Rahul Jain, chief financial officer of NTT Data Payments India, a leading payments solutions provider. “Customers can link their biometrics with their UPI IDs,” Mr Shelar says.

After registration and linking, the biometrics of customers are encrypted and stored securely in a centralised database. While making payments, the customer has to present her/his biometric characteristics, which are then scanned by the PoS (Point of Sale) machine and matched against the stored data to verify the identity.

Impossible to duplicate

Biometrics are almost impossible to duplicate, reducing the chances of fraud significantly. Since stored information is encrypted, data breaches will be quite difficult. The high accuracy ensures that only authorised individuals will be able to do the transactions. “It will vastly reduce frauds,” Shelar says.

“Biometric authentication enhances security by making it difficult to copy or steal identities, as biometric traits are unique. It is also convenient, as users don’t need to remember complex passwords, and transactions are faster,” Mr Jain says. “The government is also keen on promoting such payment methods to curb financial frauds and enhance safety and convenience for the user,” he says.

Biometric payment systems can also facilitate financial inclusion. Customers have to provide only their biometric characteristics to make digital payments. The biggest benefit will perhaps be for persons who have only feature phones as they would be able to join the digital payments ecosystem using their Aadhaar credentials.

The PoS machine will capture only the biometrics linked to the UPI account to process the transaction, bringing a vast number of customers into the digital payments ecosystem. The business correspondents (BC) model of banks is already using Aadhaar for authentication.

Is the payments landscape ready for it?

“Currently, point-of-sale (PoS) machines with biometrics-based payments are available. Most of the (existing) PoS machines can be linked with fingerprint scanners where customers can use Aadhaar-enabled Payment Services (AePS) which allows payments at PoS,” Jain says. These machines can be used for authenticating biometrics-based transactions.

“However, with technological advancements, unique features can be embedded as an alternative authentication mechanism for preventing frauds and initiating reliable, flexible, and secure payment solutions,” Mr Jain says.

Privacy is an issue

The biggest concern in any biometric-based solution is privacy. Customers will be wary of sharing personal features such as fingerprints and facial IDs that would be used repeatedly to authenticate transactions on UPI.

“Privacy concerns are paramount, as biometric data is highly sensitive. Ensuring that this data is securely stored and protected from breaches will be crucial,” Mr Shelar says. The biometric data should also be interoperable or simply put they should seamlessly operate across various payment apps and devices.“If compromised, biometric data is difficult to change, unlike passwords,” Jain says.

But these are early days and a mass rollout of biometrics-based payments will take place only when the infrastructure is in place. Only when NPCI and the payments ecosystem that includes banks, merchants, and customers are onboarded and ready, will it happen in a big way.

                                                       (By arrangement with livemint.com)