Fraud in the consumer transaction service industry is a problem. For instance, lately, many consumer transactions may be completed using a consumer device (e.g., mobile phone) without the use of a physical payment card. A user may initiate a payment transaction from a consumer device at a point-of-sale terminal or in a remote payment environment. Some consumer device initiated transactions without a physical payment card may require biometric authentication to verify the identity of the payment user. However, in some cases a forger can duplicate the user biometric and complete a fraudulent transaction using the payment card details of the payment user.
Some systems attempt to decrease fraud in transactions where biometric authenticated is used by performing matching of the biometric data in the encrypted domain. For example, a biometric template (e.g., based on fingerprint) can be encrypted and the matching of that template to received biometric data can be done without decrypting the template, making it harder for fraudsters to comprise the biometric data. However, one major issue with this approach is that usual methods of encryption map plaintexts to ciphertexts that appear completely random. Even if the content of two plaintexts are very close together, their corresponding ciphertexts can be arbitrary strings and their content far apart. Thus, these systems would interpret that this biometric data originated from two different users, when in fact they could have originated from the same user.
Embodiments of the invention address these and other problems.