Finally someone found a way to use the 1,367 selfies you have stored on your phone. No, it’s not Facebook, instagram, your significant other, or even your friends. It’s your bank. MasterCard recently announced that it is implementing a feature that will allow people to verify their mobile payments with a selfie photo rather than a password.
How will it work?
Let’s say you buy something online: You enter your credit card details and asked to verify that you are the owner of the card. Currently, you would need to enter a pin. Well… instead of going through this monotonous process, MasterCard will ask you to simply hold up the camera to your face, removing the need to enter any passwords. What is actually occurring is a complex facial recognition scan. The scan maps out your face, convert it to 1s and 0s and sends it over the Internet to MasterCard. So… MasterCard do not actually get a photo of you. They receive an algorithm that identifies your face.
Is it safe?
MasterCard has said that this ‘selfie payment’ is in fact safer than using a password. The company attributes this to the fact that passwords can follow predictable patterns, like the famed ‘123456’ or ‘qwerty’. The company also says that passwords are not a safe form of security because we often use the same password for several sites, exposing us to hackers. But can MasterCard’s critique of a security method that has been used since 1980s, be justification enough to introduce ‘selfie pay’?
Facial recognition software on telephones have come a long way. Applications have become savvier and it is no longer possible for you to put a high quality photo of the person in front of a camera and circumvent the system. Most recognition devices will need you to blink for the camera, showing that you’re a person and not a photo. This is a security feature that MasterCard said will appear on their devices. But what’s to stop someone from getting their hands on a video of you blinking, and holding it up to the camera. The flaws in facial recognition security come down to one fact, your face and eye movements are susceptible to being replicated. In today’s age, your face is everywhere, it’s on your insta, facebook, twitter, bedroom wall and in your phone gallery. In contrast, a password, or even a fingerprint, is covert. Its not openly acknowledged or displayed, which is why it may be more secure.
As potential flaws are discovered in MasterCard’s ‘selfie pay’, we must question whether or not convenience and security can co-exist. Should we even look to be more convenient and potentially less secure when there is money at stake?
Let us know your thoughts on MasterCard’s ‘selfie pay’ by tagging us #lawpath or @lawpath.