Hu Yoshida

Signatures, PINs and Finger Veins

Blog Post created by Hu Yoshida Employee on Nov 11, 2014

Oct 3, 2014


According to the Business Insider “The cost of global payment card fraud grew by 19% last year to reach $14 billion. The cost of U.S. payment card fraud grew by 29% to $7.1 billion.”


Last week I was in the Nordics meeting with customers when I had the embarrassing experience of having my credit card declined and having my guest pay for the meal. It turns out that this restaurant would not accept U.S. credit cards that are authenticated with a signature. Europe is using the chip and pin credit card where the chip generates a new transaction code every time it is used and the credit card owner enters a pin code. Many merchants in Europe have been accepting U.S. credit cards with a signature up until now. However, that is changing. In October merchants in Europe, instead of the credit card issuer, will be responsible for losses that could have been prevented by the chip and pin technology. Apparently this merchant was starting early. This technology requires the card to be inserted in a terminal so that the chip can communicate with the payment terminal. Luckily the hotel still accepted my low tech U.S. card, which still reads a mag strip and uses a signature for authentication. When I returned home, a new credit card was waiting for me from my bank that recently suffered a hack attack. This new card does have a chip on it, but it still uses the mag stripe and signature since merchants in the US do not have the new terminals that can communicate with the chip. It will take some time before we will be able to use chip and pin in the U.S.  In the mean time, U.S. credit card holders should request a chip and pin credit card from their bank if they plan to travel abroad.

Technology is still being developed for “card not present” (CNP) transactions such as online shopping. In the mean time I am sure that online vendors will continue to accept credit card numbers. However, this is the most unsecure way to use a credit card. Visa and MasterCard are supposed to have developed a solution using a handheld device that generates a one-time password for each transaction.

Recognizing the need to prevent increasing losses from hack attacks, Barclays Bank recently announced that they are committing to a biometric future with Hitachi’s finger vein scanning technology (VeinID).

The scanner identifies unique finger vein patterns to access accounts, instead of using a password or pin. Finger vein patterns are extremely difficult to spoof and must be attached to a live human body. While banks in Japan have used this technology with ATM machines for a number of years. Barclays has developed a vein ID scanner, the size of a tennis ball that can attach to a USB slot on a PC for online banking. This can be a simpler way to authenticate online shoppers without the need to use pin codes.