MasterCard Pilots Pay-By-Selfie Facial Authentication

Written by

Call it a mobile payments idea for the Kardashian age: why not use selfies for payment processing? MasterCard has decided to pilot a program that allows customers to do just that when making online purchases.

At checkout, users will be asked to hold up their phone and snap a photo, after which facial recognition software will either allow or disallow the transaction. The facial recognition scan won’t be saved on MasterCard servers; rather, it’s converted into a code for secure transit, which can’t be used to reconstruct a picture of the user’s face once created.

The small pilot program will be very limited, involving just 500 customers. But, if all goes well, MasterCard expects a wider release.

MasterCard has partnered with the bigwigs in the smartphone space, including market leaders Apple and Google, BlackBerry, Microsoft/Nokia and Samsung. Deals with banks are still in the works.

In many ways, the move is a perfect example of how financial institutions and other businesses are looking for new ways to improve their customers’ mobile experience, particularly when it comes to younger consumers.

"The new generation, which is into selfies ... I think they'll find it cool. They'll embrace it," said Ajay Bhalla, who's in charge of coming up with innovative solutions for MasterCard's security challenges, speaking to CNN.

Research seems to bear this out. A survey of millennials last year from Lexis Nexis, entitled “Millennials, Selfies And The Changing Face of Mobile Commerce,” found that 87% never let their smartphone leave their side and that millennials increasingly want the important processes in their lives—from enrolling in classes to signing up for healthcare—to be simplified by snapping photos with the mobile camera to auto populate data or verify their identity.

In fact, nearly half (48%) of respondents indicated they would like to do more banking with a snapshot, while one-third said they would like nearly every industry to adopt more mobile imaging functionality.

“As the consumer desire to bank and shop with smartphones has increased, so has the need to create a seamless system to verify a customer’s identity,” said Michael Hagen, corporate ID strategist and managing director for Mitek’s IDchecker, in an email. “Passwords work, but can be easily forgotten or stolen, and quite frankly, they can be a pain to enter on a small mobile keyboard.”

He pointed out that people already interact with their banks, insurance companies and other businesses by using their mobile camera to deposit checks, pay bills, snap pictures of documents to auto-populate data into forms, and yes, snap selfies to verify their identity.

“With m-commerce, merchants and other industries saw a 70% spike in fraud in 2014, Mitek is seeing increasing interest from financial institutions, mobile payment providers and other companies looking to use the mobile camera as a way to optimize the mobile channel for safe and secure customer acquisition,” he said.

And, data from Acquity Group shows that retailers will lose one-fifth of their customers (21%) from not offering enhanced payment security measures such as a fingerprint or other biometric sensors for mobile shopping

Jack Ma, the founder and executive chairman of the Chinese e-commerce behemoth Alibaba, debuted the same idea at CeBIT earlier this year. Onstage, he demonstrated the function by scanning his face and, via mobile facial recognition, using the scan as a digital signature to purchase a German stamp online.

The service, called "Smile to Pay," is currently in beta mode, and will be incorporated into the company’s Alipay Wallet NFC service in China, with other markets likely to follow.

But how safe is it? When facial recognition is used as standalone authentication mechanism, there can be serious security concerns. Facial recognition has been fooled in the past by simply holding up photographs of the user, or with animated gifs. But, arguably, it’s more secure than simply requiring the verification code on the back of a credit card when buying stuff online, or a signature in-store. But, a PIN may still be the safest way to go.

What’s hot on Infosecurity Magazine?