Nymi announced that it has partnered with Toronto-Dominion (TD) Bank Group and Mastercard to make, for the first time ever, a wearable credit card payment authenticated by a person's heartbeat.
Nymi, a startup created in 2011 (then named Bionym), made a smart band that can use a person's unique heartwave shape to automatically authenticate other devices. Unlike other biometric forms of authentication such as fingerprint or iris scanning, the system doesn't require the users to authenticate each time they want to unlock something. It all happens in the background without users having to think about it, which increases the convenience of securing all the devices around them rather than leaving them exposed.
The Nymi Band can be used to unlock computers, smartphones or car doors when you approach them, by sending the unlock signal through Bluetooth. However, the company has also created a new prototype with NFC built in, which allows users to make secure MasterCard credit card payments from their wrists. The participants in the pilot program can make contactless payments at the Tap & Go terminals found in many retail stores in Canada.
Karl Martin, Nymi's Founder and CEO stated, "Nymi's goal is to fundamentally change the way authentication is treated and to move industries towards a more secure and convenient identity model. By working with partners like TD and MasterCard, we are effectively demonstrating that continuous authentication can be a more secure and convenient way to make retail payments."
Both Nymi and MasterCard collaborated with NXP, a company that creates secure chips for payments, to prototype the NFC-enabled Nymi Bands using NXP's SmartMX Technology.
The Nymi Band has used hardware encryption and secure elements from its very first prototype in order to better encrypt and protect users' electrocardiogram data that's used for unlocking devices securely. It seems to have taken the same path in regards to protecting the users' credit card data, as well.
As we've learned recently, not all companies take this much care about protecting a user's biometric data, despite the fact that its orders of magnitude are more sensitive than a user's password, because you can never really change it again, or at best you have an extremely limited number of choices (two irises, 10 fingers, etc.).
Over 100 TD users in Toronto, Ottawa and Regina, Saskatchewan will be testing the Nymi Band's contactless payment feature until the end of summer. Other banks will join the program, and Nymi expects several thousand heartbeat-authenticated payments to be made by the end of the year.