MasterCard is trialling a new smartphone app that uses facial recognition technology to verify purchases made online. Users in the trial can hold their phone up, as if taking a selfie, to approve transactions.
“The new generation, which is into selfies… I think they’ll find it cool”, the company’s security expert Ajay Bhalla said.
MasterCard tests selfie security
Security experts say that facial recognition should be complemented however with additional layers of security. “Google tried facial recognition on Android phones and there were a lot of problems in the early days”, said Ken Munro, a security researcher at Pen Test Partners.
“People realised you could take a photo of somebody and present it to the camera, and the phone would unlock.”
Google does say that its own facial recognition is less secure than a pattern, PIN or password on the website for one of its devices. The app being trialled by MasterCard however asks users to blink to prove they are indeed human, but it has been faked in the past.
“People took photographs and animated them, drawing eyelids on”, said Munro. “There have been advances in biometrics since then, but they’re not quite there yet”.
MasterCard is interested in face recognition as an alternative to SecureCode, which is the firm’s security software that asks online shoppers for a password to complete a purchase – technology that was used in billions of transaction last year.
The face recognition trial currently involves around 500 users in the US.
“Mastercard will want this to be secure because they’re dealing with money. But there is a case for adding extra layers of security”, said Munro. “If an ordinary password gets compromised you can simply revoke it or change it. What happens if your facial recognition data gets stolen? You can’t change your face”.
Larry Banks is a keen follower of technology and finance. He has worked for a variety of online publications, writing about a diverse range of topics including mobile networks, patents, and Internet video delivery technologies.