From science fiction to Camden: finger vein ID firm Sthaler on going mainstream

Sthaler's hack-proof biometric payment system uses vein ID that is fuzzy matched, encrypted and stored in a military-grade safety level security data warehouse. Here's how this technology is breaking into hospitality and retail.

Biometric company Sthaler has made an enviable leap with the recent installation of its Fingopay technology at bar, restaurant and music venue, Proud Camden. Just as digital finger print ID has elbowed its way to the mass market with Apple Pay and Android Pay, and voice biometrics are now a staple in phone banking, Sthaler’s Simon Binns sees finger vein ID as the next big jump for biometrics.

FingoPay works via an electronic reader which builds a 3D map of the customer’s finger veins, generating a “natural personal key”, which essentially replaces having to fill in personal details upon registration to make a payment. In terms of fraud prevention, the chance that two people have the same vein structure is 3.4 billion-to-one, and according to Binns, it’s virtually impossible to copy.

“From a security point of view, (finger vein ID) is an internal biometric, unlike selfie or finger print, so acquiring it can only be done with willing participation of the owner of the finger vein,” he explains. “If someone chops the finger off, it still won’t work because there won’t be blood in the veins. Plus, each vein in unique in the finger.”

Sthaler, like most tech successes, was born out of a need. Founder Nick Dryden has experienced the organised chaos of music festivals first hand, along with the issues affecting concert goers in managing payment methods. As popular as RFID wristbands and contactless payments using mobile phones were gaining popularity in 2012, when Sthaler was founded, Dryden realised how cumbersome carrying all of that around can be for the concert-going crowd. This is where the idea for biometric payments came to be. Sthaler worked with Hitachi and BT to replace festival cards and cash with a simple biometric scan for the first time in the UK at Festival No.6 in Portmeiron, North Wales. This system presented a secure “open-loop” system for consumers to spend on cards using just their finger.

“After the pilot in North Wales, it took several years to secure the partnerships to roll it out wider,” Binns says. “Hitachi is a close partner now, but we had to earn their trust to get to the point where we are now. Also, North Wales isn’t the most connected, but we found work-arounds to make it work. We used satellite to enable transactions. The customer experience is very positive, but we realised that for Fingopay to work seamlessly, we need to be a in a fixed, stable environment.”

Sthaler graduated through the Visa Europe Collab programme and Worldpay. “Both companies are very interested in the future of payments beyond the card. The whole world is opening up with wearables and Apple pay, and the industry is getting used to the idea of a cashless, and now cardless world. We’re linking it with biometrics, which no one else is doing at the moment. Our match-on-cloud capability opens up so many other possibilities. You can go from multiple retailers in our database, and customers can go from retailer to another easily,” Binns adds.

Now customers at Proud Camden can pay with their finger, which, according to Binns, is the first example outside of an innovation hub for the company; a positive sign as it plans to expand further within the hospitality and retail sectors.

“You’ve almost go choice paralysis because there are so many areas in life where you have to pay with a card that can be replaced with this technology. We’re trying to choose environments where it’s most convenient to replace the clutter with your finger. Our hospitality focus is because you don’t have to worry about the hassle of carrying cards around, and can enjoy the experience. On the retail side, you don’t have to worry about new pin numbers and multiple loyalty cards. Instead of having payment and loyalty schemes in parallel, you can collapse both into one,” Binns says.

“There are also other sectors that could benefit from (Fingopay). The theme park experience and concerts, for example, where we’re looking to replace systems in place using wearables. Wearables are great, but they bring their own operational challenges around topping up and having to wear it,” he adds. “We’re not a wearable, we’re a ‘you-able’. Devices are a step in the right direction, but it’s ultimately going to be the assets we all carry ourselves that will win out.”

In search of flaws in the system, we asked how hackers may go about exploiting finger vein ID technology. “You can’t exploit (finger vein ID) at the point of entry. The (vein ID) data is encrypted and stored on the cloud, in a military-grade safety level security data warehouse. It’s just a string of numbers that’s of no use for anyone else. The match is only made if the same finger is put into one of our vein ID scanners, which again can’t be faked,” Binns explains.

He went on to explain the system’s ability to account for organic differences in the vein print. “It’s called fuzzy matching. Each time you put you finger in the scanner, it’s ever-so slightly different. If the print matches exactly, our system will reject it to limit any opportunity for anyone to fake it or defraud it. Because it’s organic and part of you, it’s not something that can be cheated like a card intercepted in the post.”

The technology, rolled out by Hitachi, is already in use in ATMs in Japan and Poland, but it’s in a closed loop environment where users are also expected to use their PIN. “We’ve moved that onto a user-friendly platform,” Binns adds.

“There’s just so much going on. We’re in conversation with so many people in so many industries. We’ve had interest from a financial services company in a market which we don’t serve yet, asking if they can white-label our technology. We’re speaking with a major cinema chain on adopting our technology for the cinema experience, replacing the need for separate payment and loyalty card systems. We did a project with McDonalds, where we did a VR demo of improved customer experience with finger vein ID technology. We’re working with software providers, hardware providers, and the payment companies, forming formal channel partner agreements. These are large global companies! We’re also working with Capita, a big UK PLC, trialling an internal charity-giving offering we call “Fingogive” to simplify staff donations, linked with tax gift aid, so charities get extra money through the system.”

The company grew from seed funding from high net-worth individuals, and according to Binns, will be entering a new funding round in the next couple of months. “There’s a good chance we’ll be supported by existing investors.”

The company is also toying with the idea of incorporating finger vein ID tech in travel as part of its “second or third phase,” says Binns. E-commerce and home shopping is another area on Sthaler’s radar. “A good proportion of people we talk to want to use (finger vein ID) because they hate all the screens and verification steps. E-commerce is also something we’ll look at in phase two, three, or even four as we grow.”

The system is arguably better in reducing crime and fraud, the financial model is robust, and the technology is scalable, according to Binns. Growth is the main thing on the agenda for Sthaler, he says.  “We’ll be building a bigger team, with more partners and more sophisticated models to scale-up. We’re growing by the day in terms of employees. We’re ten at the moment, but expect 25 by the end of the year; and this doesn’t include all the consultants and non-execs we have on board.

Ultimately it’s all about simplicity, and making any form of payment simple.”

Praseeda Nair

Praseeda Nair

Praseeda was Editor for GrowthBusiness.co.uk from 2016 to 2018.