Pay-by-Selfie – MasterCard is replacing the customer password with his selfie

Pierluigi Paganini February 23, 2016

MasterCard announced the extension of the ‘pay-by-selfie’ facial recognition technology to 14 countries this summer, this means no more passwords.

The giant multinational financial services corporation MasterCard announced the extension of the ‘pay-by-selfie’ facial recognition technology to 14 countries this summer. In October Mastercard announced the creation of a new payment method based on the Identity Check App which lets users complete financial transactions by using their face.

Mastercard wants to increase the security with biometric technology and improve the user experience making easy to authenticate users for ordinary operations like payments.

“As the world gets increasingly digital, this will be the next wave of technology that will change the consumer experience of shopping digitally,” Ajay Bhalla, president of enterprise security solutions for MasterCard told to USAToday. “It’s all part of our role in making commerce available anywhere, any time, on any digital device.”

Pay-by-Selfie

Pay-by-Selfie – Mastercard

How does it work?

The pay-by-selfie’ facial recognition technology is simple to use, a customer only needs to download the Identity Check app. When a merchant requires identifying the user before purchase, the customer will get a push notification to his mobile device which triggers the mobile app. At this point, it is enough to take a selfie to authorize the purchase.

Mastercard conducted tests in several countries before the introduction of the technology, and now it considers it as a mature technology to be introduced in strategic market like the British one.

The technology will drastically reduce the risk of identity fraud because it will be harder for hackers to take a victim’s pictures without the users’ interaction. Data provided by Get Safe Online, revealed that the top 10 internet fraud campaigns between September 2014 and August 2015 cost the UK over £268 million.

The company is proud to have reduced the attack surface if the customers don’t rely on the user inputting passwords that could be easily phished by fraudsters.

I had no opportunity to test the technology, but the first attack scenario that I have in mind is the infection of a mobile device that is able to steal a customer selfie end submit it in stealth way when a transaction must be authorized. A similar malware needs to have access to the camera, the local storage, the applications and needs the ability to intercept the push notifications.

Mastercard is investing in the biometric authentication, including iris and voice recognition technologies, most advanced studies are pushing the use of heartbeat via a connected bracelet device.

According to Fortune, other banks are introducing biometric technology to improve security of their customers, HSBC is working on the voice recognition and touch identification, meanwhile Barclays introduced voice recognition to its private banking division in 2013.

Pierluigi Paganini

(Security Affairs – Authentication, Pay-by-Selfie)



you might also like

leave a comment