Biometric Match-on-Card solution

October 2013 Access Control & Identity Management, Products

Card-based fraud continues to cost South African financial service providers millions of rands, due to card and PIN theft at ATMs, fraudulent online purchasing and basic identity misrepresentation with stolen cards at retailers.

As security becomes an ever-more critical business need, organisations have generally come to accept the necessity of using biometric data for this purpose. While far more secure than PIN numbers and passwords, which are all too often forgotten or compromised through sharing or written reminders, biometric data nonetheless has its own potential points of failure. Most notably, the need to send such data to an external server for verification opens the possibility that the data could be corrupted while in transition.

However, Bytes Technology Group (BTG) offers a biometric customer identity verification solution called Match-on-Card, which obviates the need to send the data to an external server. Instead, the Match-on-Card solution involves matching and storing a fingerprint biometric directly on a smart card, making this an even more secure form of fingerprint authentication.

“Obviously, it does mean that the smart card used requires a greater processing power and memory in order to run the algorithm to match the data, and to store the biometric. But this is more than made up for by the fact that the card makes the decision, rather than having to rely on a third party to confirm a match,” says Dave Crawshay-Hall, CTO of Brand New Technologies (BNTech), which was recently acquired by BTG.

“The trouble with standard biometric smart cards is that if a match is done on the PC and then a command is sent to the card to instruct it to perform a particular action, there is no way for the card to know that the fingerprint was actually matched. With Match-on-Card, the smart card physically does the match itself, thereby allowing it to decide internally what action to process, such as allowing access to private data.”

The technology allows access to the digital certificates on the card that can then be used for Windows log-on, digital signing, file and volume encryption, secure VPN access and other PKI applications, continues Crawshay-Hall.

He adds that the matching of fingerprints involves two stages, namely ‘feature extraction’ and ‘matching’. Feature extraction, he says, requires a lot of computing power, so this is still done on the PC, with only the actual matching taking place on the card. Despite this, he points out, for the card to accurately perform the match in an acceptable time frame, it still has to have a powerful processor with enough RAM.

“A critical element of a Match-on-Card solution is clearly high quality enrolment of the fingerprint itself, which is used to enrol fingerprints and create fingerprint templates which are stored in the smart card, and possibly elsewhere for back up.

“For this reason, BTG offers an end-to-end solution that includes the card, MOC card applet, customised card applet, fingerprint algorithms and fingerprint scanners. While the algorithms, fingerprint scanners and cards are supplied by third-party vendors, Bytes provides the consultation, integration, implementation and support.”

Nick Perkins, divisional director, identity management solutions at Bytes Systems Integration points out that by using a Match-on-Card solution, organisations are able to establish the physical presence of the cardholder using two-factor authentication, namely fingerprint and smart card. “This can be increased to three factor authentication by adding a PIN.”

Perkins indicates that this technology can be used for a multitude of private sector security issues, from simple customer identity verification before performing a transaction, to internally within an organisation to manage a business solution or ERP login and transaction approval control. It can also be used in retail point of sale terminals, he states, through integration where cashiers can login biometrically to till points and supervisors can approve voids/credits biometrically. This, in turn, eliminates password abuse and provides clear auditability of transactions.

“Moreover, the Match-on-Card solution is the end result of what should become a far more detailed customer take-on process. Organisations can leverage technologies provided by BTG to ensure an accurate and verified documentation and identity collation before issuing the card in the first place. This effectively introduces a two factor verification process for the financial services provider, ensuring that the person sitting in front of them applying for some form of finance is actually the person represented through the documents that they are presenting.

“Furthermore, re-verification takes place at each transaction point by re-confirming the identity of the card holder before commencing with the transaction, ultimately putting processes in place which we expect will massively reduce card based fraud,” Perkins concludes.

For more information contact Lise West, Bytes Systems Integration, +27 (0)11 205 7000,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Econz Wireless Timecard assists with employee screening
Issue 4 2020 , Access Control & Identity Management
Essential workers across a wide range of sectors are using Econz’ Timecard application to check employees’ current wellness status before starting work.

WizzPass COVID-19 screening solution
Issue 4 2020 , Access Control & Identity Management
WizzPass provides COVID-19 screening solution for both staff and visitors in one system.

Foot operated door opener
Issue 4 2020 , Access Control & Identity Management
Pro-Tech and Falcon Security have launched the new Foot Operated Door Opener (FODO), aimed at assisting in the creation of touchless ‘hands-free’ access control solutions.

Infection control access solutions
Issue 4 2020, Gunnebo Africa , Access Control & Identity Management
With many organisations planning to resume operations, the implementation of social distancing and infection control in these environments is a challenge.

Protecting staff with contact tracing software
Issue 4 2020 , Access Control & Identity Management
Gallagher’s latest development, the Proximity and Contact Tracing Report, is supporting organisations with fast and efficient contact tracing during the COVID-19 pandemic.

Suprema enhances cybersecurity
Issue 4 2020, Suprema , Access Control & Identity Management
Suprema BioStar 2 is a web-based, open and integrated security platform that provides comprehensive functionality for access control and time and attendance.

Visitor management for businesses and office parks
Issue 4 2020 , Access Control & Identity Management
Managing visitors is an essential security task for organisations of all sizes, but especially large businesses that need to keep tabs on who enters and exits their premises and their reason for being ...

Weatherproof Bluetooth padlock
Issue 4 2020, ASSA ABLOY South Africa , Access Control & Identity Management
The new ABLOY BEAT locking solution includes a novel digital key, a mobile app and an IP68-rated, weatherproof Bluetooth padlock.

Touch-free face recognition terminals
Issue 4 2020, Hikvision South Africa , Access Control & Identity Management
Hikvision announces touch-free MinMoe face recognition terminals for easier access control and time and attendance.

Contactless T&A
Issue 4 2020, LD Africa , Access Control & Identity Management
Matrix COSEC APTA is a mobile-based employee portal, allowing COSEC users to monitor and manage all their time and attendance, total working hours and leave options.