Will MasterCard bring a smile to the payments world? (Part 1)
How secure is it and how has the market responded?
An increasing number of companies are working on new procedures that quickly and conveniently prove the identity of users making payments. At the Mobile World Congress in Barcelona, MasterCard announced the launch of a new authentication solution: payment by ‘selfie’. This follows last summer’s announcement when, MasterCard stated that it wanted to make passwords and payment codes superfluous.
The rise of the selfie is unstoppable. MasterCard is now counting on self-portraits for its payment procedures. Cardholders will soon be able to take a selfie at the supermarket cash register instead of entering a password in order to identify themselves as the genuine user. By the middle of 2016, MasterCard’s German customers should be able to prove their identity and authenticate payments using a ‘selfie’. Following this “Selfie Pay” is said to be launched in Austria in 2017. Ajay Bhalla, the head of MasterCard’s security department is convinced that the “selfie generation” will welcome and use the new feature.
Blink to beat misuse
For the procedure to work, users must install the MasterCard app “Selfie Pay” on their smartphone, tablet or PC, and save a sample picture of themselves. A unique code is created using the image data. The selfie taken at the point of payment is then transmitted to MasterCard in an encrypted form and compared with the saved code. Alternatively, customers can prove their identity with their fingerprint, according to a BBC report. Once the user is successfully identified, all they need to do is confirm the transaction.
However, cardholders must not forget to blink in the selfie. The software uses this eye movement as a means of ensuring that a fraudster is not just holding up a photo to the camera. MasterCard seems to be aware that this security measure alone is insufficient. Yet to date, the company has only mentioned vaguely other security measures. A spokesman said that the system recognises attempts at fraud because it evaluates other data. However, security researcher Jan Krissler from the technical university of Berlin (TU Berlin) moved a pencil over the eyes of a photo – which a scanner interpreted as blinking and thus the software accepted the payment. There are more extensive means of face identification by way of 3D models which offer significantly better fraud prevention but these are still in the development phase.