Biometric Match-on-Card solution

October 2013 Access Control & Identity Management, Products

Card-based fraud continues to cost South African financial service providers millions of rands, due to card and PIN theft at ATMs, fraudulent online purchasing and basic identity misrepresentation with stolen cards at retailers.

As security becomes an ever-more critical business need, organisations have generally come to accept the necessity of using biometric data for this purpose. While far more secure than PIN numbers and passwords, which are all too often forgotten or compromised through sharing or written reminders, biometric data nonetheless has its own potential points of failure. Most notably, the need to send such data to an external server for verification opens the possibility that the data could be corrupted while in transition.

However, Bytes Technology Group (BTG) offers a biometric customer identity verification solution called Match-on-Card, which obviates the need to send the data to an external server. Instead, the Match-on-Card solution involves matching and storing a fingerprint biometric directly on a smart card, making this an even more secure form of fingerprint authentication.

“Obviously, it does mean that the smart card used requires a greater processing power and memory in order to run the algorithm to match the data, and to store the biometric. But this is more than made up for by the fact that the card makes the decision, rather than having to rely on a third party to confirm a match,” says Dave Crawshay-Hall, CTO of Brand New Technologies (BNTech), which was recently acquired by BTG.

“The trouble with standard biometric smart cards is that if a match is done on the PC and then a command is sent to the card to instruct it to perform a particular action, there is no way for the card to know that the fingerprint was actually matched. With Match-on-Card, the smart card physically does the match itself, thereby allowing it to decide internally what action to process, such as allowing access to private data.”

The technology allows access to the digital certificates on the card that can then be used for Windows log-on, digital signing, file and volume encryption, secure VPN access and other PKI applications, continues Crawshay-Hall.

He adds that the matching of fingerprints involves two stages, namely ‘feature extraction’ and ‘matching’. Feature extraction, he says, requires a lot of computing power, so this is still done on the PC, with only the actual matching taking place on the card. Despite this, he points out, for the card to accurately perform the match in an acceptable time frame, it still has to have a powerful processor with enough RAM.

“A critical element of a Match-on-Card solution is clearly high quality enrolment of the fingerprint itself, which is used to enrol fingerprints and create fingerprint templates which are stored in the smart card, and possibly elsewhere for back up.

“For this reason, BTG offers an end-to-end solution that includes the card, MOC card applet, customised card applet, fingerprint algorithms and fingerprint scanners. While the algorithms, fingerprint scanners and cards are supplied by third-party vendors, Bytes provides the consultation, integration, implementation and support.”

Nick Perkins, divisional director, identity management solutions at Bytes Systems Integration points out that by using a Match-on-Card solution, organisations are able to establish the physical presence of the cardholder using two-factor authentication, namely fingerprint and smart card. “This can be increased to three factor authentication by adding a PIN.”

Perkins indicates that this technology can be used for a multitude of private sector security issues, from simple customer identity verification before performing a transaction, to internally within an organisation to manage a business solution or ERP login and transaction approval control. It can also be used in retail point of sale terminals, he states, through integration where cashiers can login biometrically to till points and supervisors can approve voids/credits biometrically. This, in turn, eliminates password abuse and provides clear auditability of transactions.

“Moreover, the Match-on-Card solution is the end result of what should become a far more detailed customer take-on process. Organisations can leverage technologies provided by BTG to ensure an accurate and verified documentation and identity collation before issuing the card in the first place. This effectively introduces a two factor verification process for the financial services provider, ensuring that the person sitting in front of them applying for some form of finance is actually the person represented through the documents that they are presenting.

“Furthermore, re-verification takes place at each transaction point by re-confirming the identity of the card holder before commencing with the transaction, ultimately putting processes in place which we expect will massively reduce card based fraud,” Perkins concludes.

For more information contact Lise West, Bytes Systems Integration, +27 (0)11 205 7000,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The importance of XDR for cyber protection
October 2019 , Cyber Security, Products
35% of South African organisations are expecting an imminent cyberattack and a further 31% are bracing for it to happen within a year, according to local research conducted by Trend Micro.

Biometrics: the game changer in access control
November 2019, IDEMIA , Access Control & Identity Management
For security managers, the question is no longer, should I use biometrics, but rather, which biometrics should I use.

ViRDI UBio Tab 5
November 2019 , Access Control & Identity Management
ViRDI Distribution SA (ViRDI Africa) has announced the release of its long-awaited UBio Tablet to the South African market.

Cloud-based access control
November 2019, Elvey Security Technologies , Access Control & Identity Management
Hattrix is a flexible and scalable security platform that marks a shift toward outsourcing security, similar to other services such as IT, HR, and legal services.

Transforming secure access for SMEs
November 2019, dormakaba South Africa , Access Control & Identity Management
The dormakaba Matrix One access solution is an off-the-shelf access offering that is easy to use, completely secure and browser-based, making it accessible from anywhere in the world.

Manage remote transmitters via GSM
November 2019, ET Nice , Access Control & Identity Management
ET Nice has released a new solution to set up and manage remote transmitters online and monitor access equipment via GSM.

Secure hands-free access
November 2019, Suprema , Access Control & Identity Management
Suprema’s facial biometric terminals bring no-touch access into secure residential estates, high-rise apartments and luxury homes providing fast, easy and intuitive user authentication with the added benefit of hygiene.

Duxbury Networking launches Solar Switch
November 2019 , IT infrastructure, Products
Duxbury Networking has launched its Solar Switch with tailored capabilities for applications in less-accessible areas where electricity is not available or not reliable.

There’s an app for gate configuration
November 2019, CAME BPT South Africa , Access Control & Identity Management
CAME KEY is a new generation of working tool for gate automation, allowing setup and configuration from a mobile app.

Arteco launches new management platform
CCTV Handbook 2019, Arteco Global, Technews Publishing , CCTV, Surveillance & Remote Monitoring, Products
Arteco has released its latest management platform, Omnia, designed to be faster and more responsive to operators? needs.