In the face of ID theft, MasterCard uses selfies
Facial recognition, other biometrics to verify shoppers
MasterCard wants to use your face to help fend off identity thieves. Using a new system called MasterCard Identity Check — or, colloquially, “selfie pay” — the credit card company will use biometric methods like face recognition and fingerprint scans to better secure online shopping.
Right now, MasterCard offers a feature financial institutions can enable that lets customers set up a password for online payments to help prevent fraud. The new system will use the same principle, but, instead of relying on a password that could be forgotten or stolen, it uses a customer’s face or fingerprint.
Consumers will go through all the normal steps of filling out credit card information when making an online purchase, but this feature adds another step: The website will send a notification through an app on customers’ smartphones that asks them to verify their identities. This can be done either through a fingerprint scan or by using the phone’s camera to take a brief, selfie-like video.
When taking the selfie, the user will have to blink to prove he or she is a person and not just using a photo to spoof the system.
MasterCard started testing the feature with nearly 1,000 consumers in the United States and the Netherlands last year. It plans to make it more broadly available through partnered banks this summer in the United States, the United Kingdom, Canada and potentially other markets.
Various smart wallet sys-
The rise of biometrics comes as managing multiple passwords has become overwhelming for consumers and driven them to poor digital hygiene practices.
tems, including Apple Pay, already use fingerprint scans to let customers prove their identities when making purchases. And last year, USAA — a financial services company that offers banking to members of the armed forces and their families — rolled out a feature that lets customers use a similar blinking selfie test or voice recognition to log into its app.
The rise of biometrics comes as managing multiple passwords has become overwhelming for consumers and driven them to poor digital hygiene practices, such as reusing passwords.
But using things like fingerprints and facial recognition technology to verify identities also comes with risks. For one, fingerprints and faces generally aren’t secrets: Your face is probably plastered all over social media and captured by many different surveillance cameras every day while your fingerprints are left on almost everything you touch. Biometrics are also permanent: If a password gets compromised, you can change it — but it’s much harder, if not practically impossible, for you to change your face or fingerprints.
That means that, when entities like MasterCard start using biometric techniques for verification purposes, it’s extra important that that information stays secure — which the company says it will ensure through data protection measures such as encryption.
The fingerprint data will be processed and stored locally on the device, according to MasterCard.
For facial recognition, a user will snap an initial photo of his or her face that will be converted into a string of 0s and 1s. The original image will be destroyed, but the digitized protected version will be stored and matched to the blinking selfies.
“We are currently prototyping facial recognition to be converted and stored as encrypted code on the device as part of the MasterCard Identity Check rollout,” said Jane Khodos, vice president of communications at MasterCard.