Digital Defense Group Set to Launch a Fingerprint-Secured RFID Card

An Omaha, Neb.-based maker of biometrically secured identity cards says it expects to participate in contactless-payment pilots within three months, with a commercial rollout possible by mid-2006. Five-year-old Digital Defense Group says its credit-card-size token, which contains a fingerprint sensor and an RFID chip, is compliant with MasterCard International's PayPass contactless-payment program and can potentially be used for Internet transactions as well as payments in stores. “Our product is ready for prime time,” says Steven E. Campisi, president of the company. According to Campisi, the company is in talks with “two of the largest banks” and “one of the largest credit card processors” with respect to testing the product. “We are the first company to produce and deliver credit cards with a biometric sensor onboard,” he says. Campisi expects issuers to be interested in the card's ability to secure contactless transactions. With standard RFID cards and tokens, transactions take place when the card is waved very near a transceiver-equipped POS terminal, regardless of whether the cardholder or some other person is doing the waving. Digital Defense's card requires a match between the cardholder's finger and a template stored in the card before it will transmit card data for a payment. “If you hold the card up to a PayPass terminal, nothing will happen [unless you are touching the sensor],” he says. This technology, he says, should answer the problem of so-called friendly fraud, in which cardholders repudiate transactions made by themselves or friends and relatives. “Friendly fraud is now over,” he says. “In fact, fraudulent transactions are not possible with our card. To me, it's all about identity. Are you you? And we've done it, indisputably.” Local storage and processing on the card also means cardholders can enroll in contactless programs “to the card,” Campisi says, without the need of any other gear and without storage of fingerprint templates in central data warehouses, something that bothers some privacy advocates. “You put your finger on that little sensor, the fingerprint will be stored on the card and never leaves the card,” Campisi says. Although it's card shaped, Digital Defense's payment token contains processor chips and a power source that cause it to be considerably thicker than a standard credit card. The company's card used for building and computer access is about the thickness of four stacked credit cards. Campisi figures for payments Digital Defense can get this down to the thickness of two stacked credit cards, since the payment card would not require as much processing horsepower. The card, which can be recharged in a power stand, can last six months at 20 transactions per day before running out of juice. In this way, the card functions independently of an external computer, something Campisi says is the result of years of work, though he won't go into detail. “We own a lot of IP on our product,” he says. “But there are trade secrets that aren't in our patents.” The cards also cost significantly more than standard credit cards. Campisi says the payment device would run $80 to $100 at retail, down from $150 for the physical-access card. One pricing model, he says, would call for Digital Defense to license the product to banks, taking a cut of transaction fees, rather than charging up front. Banks, he says, could then distribute the cards free to customers. Digital Defense is also looking at the potential for its card in Web payments. “I think that's one of the first wins out there?online transactions,” says Campisi. To make payments on a Web site, cardholders would hook up the card, in its charging stand, to a PC with a USB cable. When ready to buy, the cardholder would send payment-account details by touching the card's sensor. To prevent fraudsters from simply entering the card's account number and CVV code in the merchant's shopping cart, Campisi says payment networks would need to introduce a transaction-message standard for such cards that would contain a key indicating the card is a so-called biocard and as such requires a biometric match for authorization. Such standards don't come quickly. “That's a big road to hoe,” he admits.