Forget fumbling with a password to secure an online payment. MasterCard is launching a simpler way for you to secure and verify your purchases – no memorization required. All you have to do is snap a quick selfie with your smartphone, tablet or computer and blink.
MasterCard calls this futuristic security measure “selfie pay.” It’s being offered as an alternative to MasterCard’s current online security measure that has users enter a password when further verification is needed.
The card network confirmed at the Mobile World Conference in Spain that it plans to make the biometrics-powered security update widely available later this year, according to multiple reports. Cardholders who are camera shy will also be able to use their fingerprints to confirm their identity instead of their face.
MasterCard is also testing heartbeat sensors that can identify people by the unique patterns of their heartbeats, but it will be a while before that technology is widely released.
The selfie app was tested at a credit union in California in 2015 and found that many cardholders are receptive to having their faces memorized and scanned by a computer. Among the more than 200 credit union employees who participated in the pilot project, 86 percent found it easier to verify payments using facial recognition or fingerprint scanning than it was to use a password. Ninety percent said they could envision using biometrics-secured payments every day.
The app was also tested in the Netherlands, where users reported it was fairly simple to use. According to MasterCard, 80 percent of participants who used their faces to secure a payment said it was “more convenient” to shop with the app than it was to use a pass code. Ninety-five percent of participants who used fingerprints agreed.
“People forget passwords, making the payment process unnecessarily long and complex,” said International Card Service’s Andre Ijbema in a news release. “We expect that passwords will slowly become obsolete in favor of a more user-friendly alternative, such as biometrical identification.”
MasterCard’s app, dubbed MasterCard Identity Check, works like this: Download the app to your phone, computer or tablet, and then make an online or mobile purchase as you would normally on that device. If a participating merchant asks for further verification of your identity before your purchase is approved, hold the device up so it can get a clear view of your face and blink so that MasterCard knows you’re not trying to scam it with a bogus picture. If you prefer to use your fingerprints instead, you can also hold your finger up to a fingerprint sensor.
Growing interest in biometrics
Biometrics has been a hot topic in the financial services world for some time.
Visa has also been testing biometrics-secured payments and advertised its own biometrics-based payment ideas during February’s Mobile World Conference, including contactless fingerprint recognition and iris recognition that lets you use your eyes to verify a payment. In September, Visa also announced that it was testing ATM technology so you can unlock funds with your fingerprint instead of a PIN.
Biometrics has come under fire from security and privacy experts, though, who worry that biometrics-based technology is not as secure as proponents claim.
A Chinese security company made waves at this year’s Mobile World Conference, for example, when it showed how it could hack its way into a locked Apple iPhone by exploiting the phone’s Touch ID feature, which uses fingerprints instead of a password.
According to multiple reports, the president of the mobile security company Vkansee easily unlocked an Apple iPhone in front of audiences just by using a fingerprint replica he made out of Play-Doh. (That said, some security experts say that identity theft via fingerprint is relatively unlikely.)
Experts also worry about what could happen if people’s biometric data is stolen in a data breach. “If an ordinary password gets compromised, you can simply revoke it or change it,” said security expert Ken Munro in an interview with the BBC. “What happens if your facial recognition data gets stolen? You can’t change your face.”