MasterCard app lets online shoppers pay with a selfie
MasterCard’s "selfie pay" will be coming to Europe next year after trials in the US, Canada and the Netherlands
Mastercard and BMO make Fingerprint and ‘Selfie’ Payment Technology a Reality in North America
74% of respondents said biometrics—like fingerprints of selfies—were easier to use than traditional passwords
Sources: The Register; MasterCard
Point of View
MasterCard have introduced a new verification process known as Identity Check Mobile™. Users must first install the app on their phones, take a selfie and the send the photo to MasterCard. The photo is then analysed and the results stored for subsequent comparison.
When the user of the Identity Check app wants to make a payment, they go through the checkout process in the usual way. However, in order to complete the transaction, they will be sent a request for a selfie. This request will include the instruction to blink at a particular moment, which helps to overcome common issues in this context such as liveness and intention. i.e. It is not enough that the device recognises you but, for a transaction to occur, there must be some confidence that you have actually given your assent.
This approach to facial recognition is, of course, very different from the high quality biometrics implemented in other contexts. For instance, facial recognition in a cross-border environment has serious implications with regard to immigration control. It therefore involves high quality implementations, based on ICAO standards, which govern international identity verification. In addition to the quality of the documentation and the verification process, appropriate lighting can be an important factor for the success of such biometric implementations.
Identity Check Mobile has very different aspirations. It is intended to be used as one of many elements in a risk decision, prior to authorising a specific payment. In this context, it is comparable to two factor authentication codes, which add an additional level of security, in order to achieve an acceptable level of confidence for both the amount and the context concerned.
The selfie solution launching in North America with BMO is based on technology from Daon, who have used a similar approach for mobile banking for USAA since 2015. Allowing users to choose from different authentication methods, USAA found that younger and older users favoured selfies, while the in-between age groups continued to be happy with PINs.
Mobile biometrics are becoming firmly established as the user friendly authentication method, allowing simple, fast and convenient verification with ‘good enough’ security when used with other authentication factors, such device fingerprint and location data. The combination of factors provides authentication strength, with the biometric enhancing usability. As device capabilities increase progressively over time, further implementations of this kind may be expected. Such implementations should be judged on their overall contribution to both the user experience and risk management processes.
The regular use of selfies for authentication does raise some issues with regard to privacy. However, so long as these are well understood and the process is not made compulsory for all users, it should be possible to manage these effectively.