Visa Takes Biometrics On-the-Go Without Privacy Issues

The patent could add another form of frictionless payment to the landscape, and present competitors to Apple Pay and Amazon’s Just Walk Out.

Photo of a Visa patent
Photo via U.S. Patent and Trademark Office

Sign up to uncover the latest in emerging technology.

If you forget your PIN at the ATM, Visa may be working on another way to give you access. 

The company filed a patent application for verification of “biometric templates for privacy preserving authentication.” Visa’s system aims to allow customers to use biometric authentication in physical spaces, such as stores or ATMs, without putting user information at risk. 

“If our personal devices could participate in external-facing authentication too, where biometric measurement is captured by a nearby external sensor, then we could also enjoy a frictionless authentication experience in a variety of physical spaces,” Visa said in the filing.  

The first step of Visa’s system starts with when a user is enrolled in biometric authentication, when it creates a biometric template that’s stored on a user’s device, which is then encrypted and digitally signed to attest to its authenticity. When a user wants to access a certain gated service, the user device verifies that digital signature to the service’s so-called “access device.” 

Visa noted a host of different use cases for this, including quick and seamless payment at checkout, ATM withdrawals, and non-payment related activities such as allowing access to an apartment or matching biometrics to entrance tickets at amusement parks, convention centers or theaters. 

With this system, the biometrics themselves don’t need to be verified by the access device, just the digital signature. Visa noted that this feature is an important benefit, as sensitive user data isn’t stored and collected “in some giant database, whose breach would be disastrous. Instead, the templates stay on the devices of the users to which they belong.” 

One of the biggest concerns with biometrics is privacy. While a facial scan or fingerprint can be more secure than a typical password or PIN, if biometric information is stolen, it gives hackers access to a trove of your personal data. Plus, unlike a password, biometric data can’t necessarily be replaced or changed. 

Some companies are working on ways to solve for the issue of stolen physical data or deep fakes: Google has sought to patent a way to track “liveness characteristics” in biometric authentication, Microsoft wants to patent “sequence-based” authentication that relies on movements and poses, and credit card competitor Mastercard for normalizing biometric image samples for higher accuracy.

However, one issue is not the validity of the biometrics when a user logs in, but the way in which they’re stored. One potential problem with biometrics for physical spaces is that a device actually accepting a facial scan or a fingerprint would mean that a user’s physical data is stored within the company’s storage systems, rather than on the device. Visa’s system overcomes that issue by storing and encrypting the data locally, and performing the actual authentication with digital signatures.

Plus, while this could be useful to verify cardholders at banks and ATMs, its potential use cases outside of financial services could make this valuable tech to license to other firms, from high-security spaces like research labs to lower-security, high-volume situations like concert arenas. 

That said, Visa isn’t the only company working on seamless payment experiences, giving the firm some competition in getting people to sign up. Services like Apple Pay, Google Pay and Samsung Pay have long offered payment options that don’t require users to pull out their card. Meanwhile, Amazon’s “Just Walk Out” and palm payment technology offer an experience similar to what Visa is pitching.