Will MasterCard bring a smile to the payments world? (Part 2)
Banks, financial institutions and payment providers are working to create a world which functions without the need to input passwords.
They are counting on unique biometric features, such as customers’ fingerprints or voices, or even the blood flow in their fingertips to authenticate payments. “Consumers hate passwords,” states Bhalla with conviction. Apparently the most-used password is 123456. This is in itself very insecure, but in addition many people also use the same password for multiple purposes. “If they are hacked, the intruder has access to almost all their data,” explains Bhalla.
Payment by ‘selfie’ is only one of a number of authentication initiatives currently being developed. In 2015, at CeBIT, Alibaba boss Jack Ma demonstrated the payment procedure “Smile to Pay“, an app that recognises and authenticates customers based on the shape of their face. Google is currently testing a “Hands Free” app and the UK’s Atom Bank is planning to introduce face scanners. Barclays, a UK-based financial service provider, has developed an authentication procedure that measures the bloodflow in a customer’s finger. Deutsche Bank is also planning to introduce biometric verification processes with a system that recognises whether the accountholder or a third party is holding the mobile phone being used for a payment. Payment transfers are already feasible via fingerprinting at Deutsche Bank.
New EU directive on payment services
MasterCard tested “Selfie Pay” in a pilot program with 500 participants in the United States and the Netherlands in 2015. According to a BBC report, it will be rolled out in 14 countries this summer, including the UK, France and Germany. The launch in Austria is scheduled for 2017. Yet in countries like Germany, where people are concerned about data protection, MasterCard will not find it easy to convince people to make even more of their personal data available.
It is likely that MasterCard will not reveal any details on security until the service is launched. But an EU directive passed in 2015 obliges providers of mobile payment services to use a strict client authentication procedure through “the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is).”
Ultimately, the more data companies gather, the more money they can demand for it. The amount of data that MasterCard, Google & others collect depends on customers’ habits – and whether they are prepared to change them. Time will tell whether users really prefer to constantly make photos of themselves rather than remembering a password. Some people therefore see MasterCard’s “Selfie Pay” app as a marketing stunt rather than a genuinely market changing development.
There is a school of thought that believes that fingerprint checks are simpler to implement and use in practice. It is clear however that MasterCard will attempt to persuade existing and new customers of the benefits of its new payment function. If it proves popular amongst the selfie generation, it may spread beyond this group to the wider population