The document discusses how biometric payment systems can overcome consumer fears around privacy and contactless payment. It notes that many current biometric systems rely on central databases, which pose privacy and security risks if compromised. The document then evaluates different aspects of biometric systems based on GDPR guidelines, concluding that personal device-based systems that store only templates instead of images, perform matching locally in a secure element, and do not retrieve any data over contactless payment without authentication can address privacy concerns.
4. How will biometric payment overcome consumer fears over privacy and contactless?
Ingredients for Fears Over Biometrics
CIR
5. How will biometric payment overcome consumer fears over privacy and contactless?
Ingredients for Fears Over Biometrics
CIR
Scarce resource
6. How will biometric payment overcome consumer fears over privacy and contactless?
Ingredients for Fears Over Biometrics
CIR
No concerns!?
7. How will biometric payment overcome consumer fears over privacy and contactless?
Sniffing
Relay attacks
Stolen / lost cards
Source: The Independent
Contactless Payment Penetration Increases, some fears remain…
8. General Biometric System Overview
How will biometric payment overcome consumer fears over privacy and contactless?
PRE-
PROCESSING
FEATURE
EXTRACTOR
TEMPLATE
GENERATOR
MATCHER1
REFERENCE
TEMPLATE
2 3 4
MATCH
STATUS
TEST
TEST
SENSOR
ENROLMENT
9. Privacy Intrusiveness Assessment
Key questions included in EU’s
General Data Protection Regulation (GDPR)
Source: https://eugdpr.org/)
Is biometric data stored?
What data is stored?
Where is data stored?
Is the storage permanent or temporary?
How is biometric data processed?
10. Privacy intrusiveness assessment
Is biometric data stored?
Many EU passports
include JPEG file of
holder’s fingerprint
PKI-based Extended
Access Control Authentication
Reference
fingerprint
Matching SW
Candidate’s
fingerprint
Issuing country grants
through reciprocal
agreements to those
authorized to access
confidential information
on the chip.
11. Privacy intrusiveness assessment
Is biometric data stored?
Interoperability and algorithm independence
At stake: Most people only have 10 fingerprints
Tamper-resistance of
• ID document
• Communication
• Matcher execution
Permanent storage of data in central
database – e.g. TES, CIR
STORAGE
12. Privacy intrusiveness assessment
What data is stored?
US passport stores no biometric data
US can’t do EAC on EU passports
DHS’ IDENT system stores some
data to facilitate re-entering visitors
What data is stored sounds like a
reasonable question?
It’s recommended to store the
template rather than the fingerprint.
?
13. Privacy intrusiveness assessment
Where is data stored and processed?
Storage location?
Who has access to it?
For which purpose?
Tamper-proof storage and
processing in a secure
environment is a must.
Source: https://www.nextgov.com/it-modernization/2019/06/dhs-move-biometric-data-hundreds-millions-people-amazon-cloud/157837/
14. Privacy Intrusiveness Assessment Based on GDPR
Q1: Is biometric data stored?
Q2: What data is stored?
Q3: Where is data stored?
Q4: Is the storage permanent or temporary?
Q5: How is biometric data processed?
A1: Yes
A2: Enrolled reference template
A3: Inside the secure element
A4: Storage
Reference template permanently stored
Candidate template temporarily stored
in RAM during match
A5: Match is processed in secure element
Biometric smart card
15. To conclude:
How will biometric payment overcome consumer fears
over privacy and contactless?
Personal device GDPR compliant
• No central database
• Storage of template vs. image
• Tamper resistant device
• Match in Secure Element (SE) is a MUST
No data is retrieved over contactless
without the fingerprint authentication.
16. €430
100
80%
200
Million turnover in 2018
Dedicated employees
worldwide
Of the population
uses Linxens
products every day
Billion
microconnectors
supplied to the
market
Linxens
is a global leader in
Microconnectors,
RFID Antennas
& Inlays
Production sites
Clients over
the world
Research &
Development
Centers
Billion RFID
Antennas sold
since 2008
Years
experience
6
10
3200
30
4
More than
18. 1) * Sales Representatives ** Sales Office
Linxens Global Footprint
South America*
France – Levallois, Mantes-la-Jolie, Vorey
Germany - Dresden
The Netherlands - Wijchen
South Korea**
China – Suzhou, Guangzhou, Shanghai
India - Mumbai
Thailand - Ayutthaya
Singapore – Changi
LATAM*
USA*
19. linxens.com
For further information, please feel free to contact:
• Jean-François Durix, Linxens Business Development Director
Jean-Francois.Durix@linxens.com
• Stephany Gochuico, Linxens Digital & Product Communications Manager
Stephany.Gochuico@linxens.com