Mastercard to swap password protection for Selfie verification
10 Jul 2015
London - Fans of the selfie will be happy to hear that Mastercard is set to begin testing new facial recognition technology that will allow users to verify and complete their online credit card transactions simply by taking a photo of themselves.
The company aims to roll out a pilot programme this fall which will use facial recognition biometrics as well as fingerprint scans to approve of online purchases on 500 users before rolling out the system to all MasterCard customers. "The new generation, which is into selfies ... I think they'll find it cool," commented Ajay Bhalla, the man who has been put in charge of developing new solutions to improve MasterCard's security issues to CNN Money. "They'll embrace it."
The idea behind the facial scan approval is that it's easier than remembering a password. MasterCard currently offers customers the option to use a 'SecureCode' which requires a password for transactions made online. However, passwords can be forgotten, stolen or intercepted, so the banking service has decided to take heed of Apple's fingerprint scanner and Apple Pay, and use facial scans for customers to prove their identity. MasterCard has teamed up with several key smartphone manufacturers, including Samsung, Apple and Blackberry for the potential app.
Those participating pilot will be asked to either touch the pad before making a payment or stare at their smartphones camera, blink once and snap a photo. The logic behind the blinking is simple, as security researchers found that blinking prevents a potential identity thief from just holding up a photo of someone else to trick the system. Bhalla stressed that MasterCard will not be able to reconstruct faces with the data gathered and that the information will be safely and securely transmitted over the internet to MasterCard servers via code, something which has made some cybersecurity specialists worry.
"I understand why they'd want that data, but no, I do not like it," noted Robert M. Lee, co-founder of consulting firm Dragos Security. "From a privacy aspect it's awful -- but from a business perspective, I don't understand why they'd accept that risk." However MasterCard still has other plans up its sleeves if the selfie payment app fails. Bhalla claimed that the company is also working on voice recognition software to approve online payment by speaking to your phone or through someone's unique heartbeat.