Users’ Selfies Will Secure Online Payments, MasterCard confirms
Global payments and technology company MasterCard has decided to use selfie photos and fingerprints to secure online payments and prevent fraud. The move comes after a pilot program launched in the US and Netherlands last June to help shoppers improve the security of their transactions by taking photos of themselves.
The program focuses on biometric authentication, including methods such as facial identification, voice recognition and cardiac rhythm, through a wearable wristband, as HOTforSecurity previously reported.
Credit card users from the UK, US, Canada, the Netherlands, Belgium, Spain, Italy, France, Germany, Switzerland, Norway, Sweden, Finland and Denmark will start using the new authentication method this summer, the company announced this week at the Mobile World Congress in Barcelona.
By 2018, payments on mobile devices will represent 30% of all online retail sales, and the new standard will move security infrastructure beyond the PC era, supporting emerging technologies and changing consumer needs, the company said.
According to MasterCard Advisors, a typical consumer may have a card number stored in five or more locations and consumers have allowed thousands of merchants to store billions of credit and debit card numbers on their behalf. Both MasterCard and Visa are piloting commercial tests for facial and voice recognition apps to authenticate cardholders.
Here is how the new security protocol works, according to MasterCard and BBC:
You download the MasterCard phone app to use the feature. MasterCard said a pop-up will ask for your authorization after you pay for something. If you choose fingerprint, all it takes is a touch. If you go with facial recognition, you stare at the phone — blink once — and you’re done. MasterCard’s security researchers decided blinking is the best way to prevent a thief from holding up a picture of you and fooling the system.
MasterCard said it doesn’t actually get a picture of your finger or face. All fingerprint scans will create a code that stays on the device. The facial recognition scan will map your face, convert it to 1s and 0s, and transmit that over the Internet to MasterCard.
Ajay Bhalla, president of enterprise safety and security at MasterCard, promised that MasterCard won’t be able to reconstruct your face — and that the information will transmit securely and remain safe on the company’s computer servers.