Out of curiosity, I went on a run today. No, not a physical run, which only happens when bears and other wild animals chase me. I went on a run through the internet, searching for recent information about payments and the use of biometrics for payment authentication at the Point of Sale (POS).
A couple of timely articles caught my eye. There’s not much out there on this topic yet, but don’t wander too far. It looks like change is underway that could benefit merchants and consumers alike.
The use of biometrics at the POS is possible, currently being used in certain test locations, and may soon be coming to a self-service checkout counter near you. I’ve come across J.P. Morgan Chase and Verifone as POS terminal solution providers, some of the first to introduce biometrics.
Of course, some consumers are already using biometric authentication for device and account access purposes by using Apple ID, Apple Pay, or Android’s facial recognition feature.
Recently, J.P. Morgan Payments (formerly known as Chase Merchant Services) announced two new proprietary payment devices that will “integrate in-store biometric authentication with payment acceptance.” The J.P. Morgan Paypad and Pinpad are expected to be available in the latter half of 2025. They have been piloting a biometric checkout solution, powered by PopID, that uses facial ID technology to authorize payments.
I also discovered an article about the Cleveland Browns and their partnership with Aramark Sports to deploy devices at self-checkout POS that use facial recognition along with a valid ID to verify a consumer’s age.
Then, of course, there is PayPal, which began running ‘I wanna pay with PayPal’ ads that show consumers (and one happy celebrity who I thought was an elf) paying in-store and at a lemonade stand with PayPal.
Biometrics with payments is becoming a reality.
Biometric devices use an individual’s unique physical characteristics, such as face, voice, fingerprint, or palm print, to verify their identity and authorize payment. Payments are still accepted by chip, contactless, and QR code, according to the article.
Manufacturers of biometric POS devices must ensure their products comply with PCI DSS requirements. Biometric POS devices should be regularly updated with security patches and have strong access controls to prevent unauthorized access to sensitive data.
I was curious if the PCI Security Standards Council (SSC) and the v4.0.1 DSS impacted the use of biometrics. I searched the DSS for “biometrics” and found one mention in the guidance section of requirement 8.3 on pg. 186: See fidoalliance.org for more information about using tokens, smart cards, or biometrics as authentication factors.
The FIDO (Fast Identity Online) Alliance provides cross-platform compatibility standards. After a little more digging, I learned that FIDO is an authentication standard that meets the requirements of PCI DSS.
Until now, I never cared or thought to ask if a POS device or a card acceptance terminal was FIDO compliant. I will now. The ability of in-store devices to accept biometric passkey authentication will give consumers more choices in how they pay in person.
Merchants will enjoy less payment fraud risk, and theoretically, card acceptance devices should be better positioned for future enhancements.
Stay informed of evolving payment technologies, regulatory updates, and more by subscribing to our monthly newsletter.
