The increasing use of electronic cards, such as credit or debit cards, to make payments and cash withdrawals brings with it also an increased risk of fraud. For example, where the user's card is stolen, an unauthorised person may be able to make unauthorised electronic payments or cash withdrawals from the user's bank account or credit provider.
The use of chip-and-PIN protection has decreased the risk of this type of fraud through the use of two-factor authentication, i.e. the possession of the physical card as well as the knowledge of the user's PIN. However, this type of authentication can be inconvenient at times. Furthermore, contactless payment technology is becoming increasing prevalent and often does not require entry of a PIN, meaning that an unauthorised user may still be able to make fraudulent transactions using a stolen card via contactless payment.
One solution that has been proposed is the use of a smartcard that includes a biometric sensor, such as a fingerprint sensor, which is embedded into the card. The authorised user initially enrolls their fingerprint onto the actual card, and is then required to place their finger or thumb on the fingerprint sensor in order to authorise any payment or withdrawal. If the fingerprint matching algorithm in the card detects a match then the card allows the smartcard secure element to communicate with the POS or ATM terminal and allow a financial transaction to take place. If there is no match then there is no transaction.