Automated teller machines (ATMs) provide an interface that allows credit card and debit card users to receive and/or deposit funds. During typical use of ATMs, and other transaction systems like a merchant point-of-sale device (POS), a user typically provides a transaction card, such as a debit card and/or credit card having account information embedded therein. The account information can include a card number, the account holder's name, and the like. To complete the transaction, the user often has to enter in a secure passcode such as a personal identification number (PIN) to authenticate the transaction.
In an typical ATM transaction the user initiates the transaction by inserting a payment card with the account information therein into the transaction terminal. The ATM transfers a transaction request to a payment network for processing. The payment network is communicatively coupled to the ATMs and various financial institution networks to facilitate processing of the ATM transactions. The payment network can route transaction requests from the ATMs to the appropriate financial institution network based on the transaction information included in the transaction request and can route transaction responses from the financial institution network to the ATMs as would be understood by those skilled in the art. Based on the transaction response, the ATM performs the service requested by the user, such as, for example, dispensing funds, accepting funds for deposit, providing an account balance, providing an account statement, and the like.
One issue with ATMs and other such secret password authentication based systems is that they are vulnerable to fraud. For example, fraudsters often obtain bank account information by attaching scanning devices to an ATM to read a transaction card and record the embedded account information, and also obtain the user's PIN number by watching or recording video of the user entering the PIN on the ATM keypad. Once the fraudster has the account information and PIN, the fraudster has access to the user's account. Similarly, other systems in which a user enters a password, PIN, log-in or other private information are similarly susceptible to fraud. For example, a fraudster can obtain a user's secure website log-in and password by watching the user input the private information on a computer.
Accordingly, there is a need for systems and methods for facilitating secure transactions, such as financial transactions that are less susceptible to fraud from capturing a user's private account information and/or secret passcodes.
As a biometric is a biological characteristic (such as a fingerprint, the geometry of a hand, Retina pattern, iris shape, etc.) of an individual, biometric techniques can be used as an additional verification factor since biometrics are usually more difficult to obtain than other non-biometric credentials. Biometrics can be used for identification and/or authentication (also referred to as identity assertion and/or verification).
Biometric identity assertion can require a certain level of security as dictated by the application. For example, authentication in connection with a financial transaction or gaining access to a secure location requires higher security levels. As a result, preferably, the accuracy of the biometric representation of a user is sufficient to ensure that the user is accurately authenticated and security is maintained. However, to the extent iris, face, finger, and voice identity assertion systems exist and provide the requisite level of accuracy, such systems require dedicated devices and applications and are not easily implemented on conventional smartphones, which have limited camera resolution and light emitting capabilities.
The challenges surrounding traditional biometric feature capture techniques, which generally require high resolution imagery, multi-spectral lighting and significant computing power to execute the existing image analysis algorithms to achieve the requisite accuracy dictated by security have made biometric authentication not widely available or accessible to the masses. Moreover, traditional biometric authentication techniques requiring dedicated devices used in a specific way (e.g., require a cooperative subject, have a narrow field of view, biometric must be obtained in a specific way) detracts from user convenience and wide-scale implementation.
Accordingly, there is a need for systems and methods with which a user's identity can be verified conveniently, seamlessly, and with a sufficient degree of accuracy, from biometric information captured from the user using readily available smartphones. In addition, what is needed are identity assertion systems and methods that, preferably, are not reliant on multi-spectral imaging devices, multi-spectral light emitters, high resolution cameras, or multiple user inputs.