Near Field Communication is working to make contactless transactions more convenient, and with solutions flooding the market the technology holds a great deal of promise.

However, there’s some reluctance to wander from the standard NFC formula – tapping a mobile device to a point of sale terminal or NFC tag to conduct a transaction.

France-based Natural Security is focusing on user authentication through the marriage of contactless personal devices and biometrics. It is looking to offer a different take on that formula with its mobile banking solution.

Pick a hand

Dominique Pierre, business development manager at Natural Security, says the company has developed a contactless and NFC-based solution that uses fingerprint and finger-vein biometrics with a smart payment token and accompanying secure element.

The Natural Security smart card contains biometric data, applications, a comparison algorithm and personal data, explains Pierre. “Acting as a mid-range contactless device – operating from approximately five feet – the card can communication with a biometric reader without physically removing it from a purse, bag or pocket,” he says. In other words, the consumer device no longer needs to be manipulated in order to execute a transaction.

Pierre explains that the card must be on the customer’s person at the time of transaction, but by simply placing a finger to a fingerprint scanner – attached to any point-of-sale terminal – the customer can complete the transaction.

Multiple cardholders can be within range of a single scanner but only the user who supplies a fingerprint will be charged for the transaction.

For example, a customer is at a bar with some friends and it comes time to settle the tab. If the bar has a Natural Security merchant device and everyone in the group has a Natural Security smart card, each could choose to pay the tab.

But the transaction is only completed when a fingerprint – that of the generous friend – is applied to the scanner. The tab gets paid quickly and no payment card is removed or swiped.

The pilot

Along with some of France’s top financial institutions, Natural Security is piloting its biometric NFC solution. The pilot is being deployed in the north and south of France in the Lille and Bordeaux regions.

To facilitate the pilot initiative, Natural Security has worked to make it easy for interested customers to obtain a card. “The customer can use any available distribution bank channel to apply for a Natural Security payment token,” says Pierre.

Pilot institutions include Banque Accord, BNP Paribas, Crédit Agricole, Crédit Mutuel Arkéa, Groupe Auchan, Ingenico and Leroy Merlin.

Pilot participants must enroll their biometric data to receive the Natural Security-issued token. “Enrollment can be securely performed at a local bank branch or other locations where customer credentials can be verified,” explains Pierre.

“The device can take multiple form factors; a fob, a standard debit/credit card with a sleeve, a card all-in-one or a microSD,” says Pierre.

On the retailer side the aim was to try and make deployment as easy as possible. “A retailer only needs to make a slight modification on their point of sale terminals to connect the Natural Security merchant device,” explains Pierre.

More than just payments

Natural Security’s solution joins a mobile payments marketplace that is bursting with ideas and new technologies. So how does Natural Security differentiate itself from the likes of Google Wallet and the newly piloted ISIS mobile wallet?

“Natural Security’s solution enables a consumer to make a payment very fast – less than 6 seconds – because they no longer need to manipulate their consumer device or provide a PIN or signature,” says Pierre.

Speed and efficiency seem to be the gold standards to which every mobile banking and payments solution is held, but Pierre feels that there is more to Natural security’s offering. “It can be used as a wallet to store different payment applications from different schemes,” says Pierre. “The solution provides a unique user experience regardless of the amount or type of transaction.”

Natural Security’s technology will enable cash withdrawal, electronic signature and further down the road, could support payments on a TV.

“The technology can be used for a wide range of services such as face-to-face payment, payment via Internet, cash withdrawal on ATM, logical and physical access control and secure access to a Web server,” says Pierre.

Standards-based

It is paramount for any emerging technology, especially those in the mobile payments sector, to adhere to trusted and proven standards. “Natural Security is based on open standard ISO/IEEE 802.15.4 and ZigBee,” explains Pierre.

ZigBee is a wireless networking standard that enables communication using low-cost, low-power digital sensors. It utilizes the IEEE 802.15.4 physical radio standard and operates at the 2.4 GHz frequency.

ZigBee transmits data over long distances without the need for centralized, high-power transmitters and receivers. Instead, each Zigbee device acts as a node in a communication daisy chain.

It has frequently been used in commercial building and energy management solutions as well as home automation and telecommunications initiatives.

In the Natural Security solution, it offers longer distance communication between the consumer token and the reader.

Across the pond

Natural Security’s not only piloting in France but also has a U.S. project. Credit giant Discover Financial sees merit in the solution, and has started its own pilot with the French company at its Riverwoods, Ill. campus.

“We will invite 300 to 350 Discover employees to participate in the pilot utilizing the fob form factor,” says Troy Bernard, global head of Emerging Payments at Discover.

Discover sees the value in the marriage of biometrics and NFC, and with more mobile wallet apps flooding the marketplace Bernard feels that now is a good time to test the waters. “Google and Isis are gaining momentum, and now it is time to test what may be next,” says Bernard. “That is our role in emerging payments, to find the next payment technology that makes payments easier and safer.”  

Biometrics: private and secure

Natural Security adds biometric security to NFC, storing the biometric data on the payment device rather than in a central database.

This gives Bernard confidence in the security of the solution because it makes use of a time-tested architecture. “Biometrics are secured on the card using proven smart card technology, leveraged by chip and PIN and government IDs for the past decade or longer,” says Bernard.

Part and parcel to security is privacy. Privacy is always a major consideration, namely with regards to who controls the sensitive biometric data. Natural Security has taken this into consideration. “The biometric data is exclusively owned by the consumer and is always under their control,” explains Pierre.

To further ensure the privacy and security of sensitive customer biometric data, Natural Security has developed a number of measures to guarantee that sensitive customer data is protected.

First is the mutual authentication of the payment device to the merchant terminal, explains Pierre. Next a secure channel is established to provide confidentiality in the data exchange. Then the biometric data is sent from the terminal to the payment device to be authenticated on the device using match-on-card technology.

Once stored, biometric data cannot be extracted from the consumer device, so a lost or stolen device will not result in compromised data. “No consumer data will be provided by the consumer’s device to the merchant unless all previous security conditions are met and the consumer biometrics data has been verified successfully,” explains Pierre.

The final privacy measure, according to Pierre, prevents consumer device tracking by generating a random device address every time a merchant scans the consumer devices within range.

What’s next?

Though Natural Security is knee-deep in pilots on two continents, it is keeping an eye on the horizon.

“We are discussing with universities, health care organizations and large retailers to use our technology to enable fast, convenient, secure authentication of consumers while guaranteeing their privacy,” says Pierre.

“We see university campus environments as a logical first step,” says Bernard. “A college campus can leverage many of the features of Natural Security including payment, building access, logical access and more.”