Digital Transactions Authoritative, insightful and timely information for payments professionals
Privaris Inc. expects to begin pilots for a biometrically secured contactless-payment fob in both physical point-of-sale and Internet payment applications by year's end, an executive with the Charlottesville, Va.-based company says. While the device, which Privaris announced last week as the first contactless key fob secured by fingerprint ID, has apparently drawn interest from transaction processors as well as banks, the company “can't say how many we expect to ship” this year, says Stephen E. McDorman, vice president of commercial systems. “We're in discussions with several transaction providers in addition to major credit card issuers,” he says. “Our potential is not limited to the major credit card companies.” He says he can't be more specific about who these entities are, as the discussions are protected by a non-disclosure agreement. Approximately the size of an automobile key fob and weighing one ounce, the device, which Privaris calls the plusID, features a fingerprint sensor, which the users touches to initiate transactions. For online transactions, the device would plug into the USB port of a laptop or other computer. The plusID works on the commonly accepted ISO 14443 standard, which MasterCard Inc., American Express Co., and Visa USA have all adopted for contactless payments. Privaris is hoping the fob's beefed-up security will give it an edge over chip-embedded cards and other form factors that have been introduced so far for contactless payments, an application rapidly gaining in popularity. The device will transmit card-account data to a point-of-sale transceiver only if the user's fingerprint matches the one stored in the device's chip. In this way, the company hopes to answer two security concerns at once: the security of radio-frequency transactions and the protection of massive warehouses of biometric data. “All biometric processing is done on our device,” says McDorman. “The advantage for us is I'm not transmitting the fingerprint and I'm not storing the fingerprint in a database, so there's no database to protect.” In this vein, Privaris is also working to achieve certification of the device at a standard that will guarantee tamper resistance, meaning the chip will automatically erase all data stored in it if anyone tries to crack it. This so-called FIPS 140-2 Level 3 certification, McDorman says, will be a first for a contactless payment device. “What we've heard repeatedly from issuers is they would require FIPS Level 3,” says McDorman, who adds the company hopes to have the certification by the end of the year. Final pricing for the fob hasn't yet been determined, but McDorman says single-copy prices for “off-the-shelf” units will probably start at $100 each. “I would expect financial institutions would be interested in either the existing device or a derivative device whose price point could be lower,” he says. The device, which relies on a new chip from Broadcom Corp., can achieve 1,000 uses between charges, Privaris says. Battery life has been a vexing engineering challenge for devices combining biometric processors with wireless transmission capability. The plusID device represents at least the second effort by vendors to produce payment devices relying on radio-frequency identification and secured by fingerprint sensors. Digital Defense Group announced a biometrically secured card late last year and introduced it this spring (Digital Transactions News, Dec. 16, 2005).
