In-Band Biometric Verification (with Enrollment)
The following diagram shows the sequence of messages exchanged between actors to do an in-band biometric verification. When the payment card hasn’t been seen previously, the user is enrolled for biometric verification.
Our on-demand PSD2 SCA
Inherence Biometric service enables an end-user to enrol their biometric without the need to disclose personal information on 1st time use by automatically associating a PAN (Primary account Number - e.g. debit - credit card long number) on a successful PIN verification to the Biometric modality being used (for example AimBrain Face). There is no tracking of a named user i.e. the service associates the Biometric with a verified and valid PAN+PIN combination (from a security perspective the Authentictaor platform does not store the PAN in a clear format, it uses a tokenised approach, and PIN entry is per the MYPINPAD patented approach using banking grade end-to-end cryptography and isolation techniques).
The service benefits from our HSM (Hardware Security Module) protected PIN verification services and server side biometrics; thus providing freedom and flexibility for an end user who may enrol on one mobile device during their first SCA triggered transaction (e.g. their Apple iOS iPhone) and then on subsequent SCA triggered transactions could use any other mobile device they have in their possession (such as an Android mobile phone) to perform the SCA process.
The solution is also suited to any Financial Institution wishing to develop and deliver a 3DS2 service where PAN verification is performed via the end users knowledge (PIN) and Inherence (Biometric).