Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Mastercard Accelerates Death of Passwords with Selfie Pay Roll-Out

Credit card giant Mastercard has begun the long-awaited roll-out of its Identity Check Mobile feature, better known as ‘pay-by-selfie’ across Europe, promising improved friction-free authentication for users.

The service, which will go live soon across 12 markets including the UK, Spain, Sweden, Germany and the Netherlands, uses facial biometrics to verify a user’s identity, meaning they don’t have to remember yet another password to complete a transaction.

It will also work the same way using a fingerprint scanner on the device, if the user has one.

The idea is that offering customers a simpler way to authenticate will ensure fewer abandoned purchases or have one declined if they enter a password incorrectly.

The technology has already undergone trials in the Netherlands, the US, and Canada and will be rolled out globally next year.

According to Mastercard research, 92% of consumers believe Identity Check Mobile is more convenient than using passwords, and 83% rated it more secure.

Paco Garcia, CTO at authentication firm Yoti, argued the announcement is part of a wider move away from passwords.

“Retailers are now under huge competitive pressure from digitally native, mobile focused customers who have become accustomed to contactless cards and mobile payments,” he added. “The key challenge for any of these selfie authentication solutions is ensuring the right live person is in front of their phone requesting payment, and not a fraudster using a photo or video of another person. It is important for companies to take the time to find a level of security that suits them and their customers."

However, there was a word of caution from Robert Page, lead pen tester at Redsdcan.

“If biometric information is captured and used by an attacker, it's not possible for a user to change his or her imprint as they would a password,” he argued.

“Mastercard’s implementation of facial recognition requiring a user to blink appears to be a novel solution to prevent others from taking a picture of a user. The effectiveness of its implementation is yet to stand the test of time however.”

What’s Hot on Infosecurity Magazine?