Biometrics are coming into our lives very fast. It rises both concerns and opportunities. Recently MasterCard announced a new authentication solution – selfie. Soon instead of entering a PIN or password you will be able to authorize a payment by taking a selfie.
MasterCard has promised that selfie payments already this summer will be available in UK, US, Canada, Netherlands, Belgium, Spain, Italy, France, Germany, Switzerland, Norway, Sweden, Finland and Denmark.
To use the system users must install the MasterCard app “Selfie Pay” on their smartphone, tablet or PC. A unique code is created using the image data. To authorize the payment users will have to point their camera to themselves and – to blink to prove they are not just holding up a photo.
The selfie taken at the point of payment is then transmitted to MasterCard in an encrypted form and compared with the saved code. For security reasons photograph itself is not transmitted.
However, some security researchers have questioned how easy it might be to spoof the system. Security researchers have already showed that both facial scans and fingerprint sensors can be compromised.
Mastercard is assuring that its security mechanisms should be able to prevent or at least detect suspicious behaviour. Nevertheless, security researcher Jan Krissler was able to cheat the system – he moved a pencil over the eyes of a photo and a scanner interpreted it as a blinking and payment was accepted.
MasterCard, of course is not the only company looking into replacing passwords with facial scans – China’s e-commerce site Alibaba last year demonstrated a pay-with-your-face system. Also Microsoft’s Windows 10 and Google’s Android operating systems already allow users to unlock devices by looking at their cameras.