By Anthony Voigt on Tuesday, 19 April 2016

Last week the Japanese Government announced that it would commence development of fingerprint payment technology in time for the Tokyo 2020 Olympics.

The system is part of a broader strategy to increase the annual number of foreign tourists to visiting Japan to 40 million by that date.

The way the system will work is that:

  • inbound tourists will register fingerprints when they arrive in the country
  • fingerprint records will be associated with a bank or credit card account
  • tourists will then pay for purchases by using fingerprint readers in stores, restaurants, etc.
  • data collected by the system will be used to identify tourist movements and spending habits

Japan's Olympic envsioned Payment System

The system is to be initially trialed in 300 restaurants, shops and hotels popular with tourists, with a view to it being extended country-wide by 2020.

What are the implications?

Privacy

One obvious concern is privacy.

The USA already requires most foreign visitors to record their fingerprints and photograph at airports for security purposes, and various other countries use, or are developing, biometric authentication practices for similar reasons.

However, the Japanese project plans to use fingerprints for an entirely different reason:  commerce.  Will foreign tourists accommodate this system and feel comfortable with their fingerprints being recorded and used in this way?

It’s obviously too early to say, but it seems unlikely that tourists will object.  There is a growing adoption of biometric ID solutions on consumer devices (eg phone-based fingerprint recognition on iPhones, Galaxy S phones, etc).

TouchID

As well, we are becoming more accustomed to the loss of privacy inherent in the widespread use of digital technology.

So my hunch is that it won’t be a problem.

Risk

Another issue is risk.  One of the proposed benefits of the system is a reduction in financial crime, presumably through a reduction in card theft, skimming and fraud.  This may occur, although tourists will still be carrying their purses and wallets, so I’m not sure what % reduction we may see.

A risk question that arises, though, is fingerprint identity theft.  A looming issue with the growing adoption biometric security systems (such those based on fingerprints is) hacking.

What happens if the tourist’s fingerprints are stolen and re-used?

As I’ve previously discussed, recent developments in fingerprint emulation have demonstrated how easy this can be.

If, by 2020, in-store purchases can be undertaken across Japan using nothing more than fingerprints, then the potential for criminal gangs to take advantage of this is obvious.  After all, it’s likely to be easier to lift a person’s fingerprint (eg from a glass) than to steal their credit card.

The Japanese system, too, only uses one form of biometric authentication:  fingerprints.  This is in contrast to the Indian Government’s national identity program, Aadhaar, which uses multiple biometrics:  an iris image, ten fingerprints, and a digital photograph.   This multi-biometric approach reduces the likelihood of fraudulent ID verification.

My bet is we may see a new wave of crime built around ‘fingerprint fraud’.

Extension of the model?

There’s no clear indication yet from the publicly-available reports, but the obvious question to consider is:  will the system be extended to domestic consumers.  If it’s successful, you would have to think that this would be either an option, or part of the long-term plan.

If so, then it creates a model that is radically different to the model of mobile payments being developed in most other countries, in which the mobile phone plays a central role.

Is this the best model?

Which, of course, raises a final question as to whether this potential long-term approach is the best model for consumers.

The finger-print based solution has an obvious benefit:  the consumer does not need to carry any extra hardware (eg a phone, token, wristband, etc) or software (eg an app).  This makes the development and operation of the system potentially more straight-forward.

However, the use cases for this system are therefore limited to those which are built into the system (currently payment authentication and tax-exemption recording).  And while these use-cases might be expanded over time, they will require bespoke development and deployment in every case, without benefit from solutions being developed elsewhere.

An alternative approach would have been to utilise the fingerprint recognition systems already built into phones.  In this scenario the user would place their finger over their device’s fingerprint reader and the device would handle communication and payment authentication with the POS terminal.  This has the potential  benefit of leveraging existing capability and utilising a deployment platform (the phones) which can be used for a variety of consumer use cases.

That said, Japan’s phone-independent model removes the need for the complex arrangements needed for integration with mobile phones; and brings with it one big advantage:  Japan will not need to work with the likes of Google, Apple, Samsung to make it happen.