Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security The Almighty Buck Technology

MasterCard Rolls Out 'Selfie' Verification For Mobile Payments (thestack.com) 109

An anonymous reader writes: MasterCard has announced plans to invest in facial recognition technology in the UK, in a push to reduce false decline transactions and increase security for mobile payments. Following trials in countries including the U.S. and the Netherlands, 'Selfie Pay' will be introduced in Britain this summer as part of the financial services company's identity validation process. Users will be able to choose between finger scanning and face recognition for verification, instead of traditional passwords or PIN numbers. Consumers will be asked to upload their pictures to be stored on MasterCard servers [paywalled]. These registered images will then be used as a reference every time a user opts for facial verification during a transaction.
This discussion has been archived. No new comments can be posted.

MasterCard Rolls Out 'Selfie' Verification For Mobile Payments

Comments Filter:
  • by Anonymous Coward on Monday February 22, 2016 @12:48PM (#51559829)

    Which will make things really awkward at the store.

  • by Anonymous Coward on Monday February 22, 2016 @12:54PM (#51559887)

    What prevents the bad guys from taking a selfie of your picture?

  • by QuietLagoon ( 813062 ) on Monday February 22, 2016 @12:56PM (#51559911)
    Is this really more secure? Or is it just more convenient?
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      You could get around this kind of "security" just by holding up a photo.

      • Re: (Score:3, Interesting)

        by Anonymous Coward

        No, most of these applications are designed to mitigate that by asking for the person to blink or smile or something. Now: an emulated video feed might work once, but they should also be doing comparisons to previous logins to avoid the same video loop from being used multiple times. Simple crop/distort/stretch and additive noise to create variation should confound naive image hashing so they would do well to use image features to do that analysis but the false positive rate will go up the more sensitive th

      • I was thinking about this.

        A picture of yourself is hardly private information and so there must be something more to this than a simple image verification.

        I am thinking infrared or motion are going to be integral elements to this.

        • This is how it is done in commercial units. However the key problem here is: are they going to be using commercial units? Nope. So now you're stuck with whatever technology is most common in a cell phone.

    • Well, I have a brother that is not a twin but even my sisters used to have trouble telling us apart, not so much now he has a beard and short hair I keep a clean shave and long hair. I imagine if we had the same hair and facial hair style we could fool the facial recognition software fairly easy.

    • Re: (Score:2, Interesting)

      by tlhIngan ( 30335 )

      Is this really more secure? Or is it just more convenient?

      Neither. It's for vanity. It's to appeal to the millennials to give them one more selfie opportunity, so they can charge their card AND post about their new purchase on social media at the same time.

      If's to encourage sales, which means more revenue for MasterCard in the end. If they had a doubt whether they wanted to buy something, well, the ability to take a selfie of it will hopefully convince them to buy.

  • Revoke? (Score:2, Interesting)

    by Anonymous Coward

    Suppose it's as secure as a password.

    A password can be changed/revoked when you think it's insecure.
    Suppose we also had this kind of protection from photos. I wonder what it would look like.

    "He's smiling but didn't shave but looks bored" therefor it's authorized? "Wait, he revoked that as well" "umm, let's go with unshaven, fluffy bunny hat, asymmetric smile..."

    I know it's easier but it is not a password.

  • Every time my friend tries to use Apple Pay with his iPhone, his bank automatically deactivates his debit card and he has to call in explain what the fraudulent activity he was trying to commit.
  • Will this also replace PIN numbers at ATM machines? /grammar

    • Will this also replace PIN numbers at ATM machines? /grammar

      I've often wondered if FET transistors are involved when you type your PIN number at an ATM machine that uses LCD displays.

      —George

  • by Ghostworks ( 991012 ) on Monday February 22, 2016 @01:14PM (#51560075)

    ...Mastercard is going to consider a selfie run through facial recognition to be as good as a fingerprint. So in order to be able to steal, say, Jessica's money, you need to have her card number and a large photo of her face you can hold up in front of your own face. Or if the transaction is monitored by a clerk who might be marginally competent, you can be more subtle and wear the the photo on a tee-shirt, taking a photo of your chest to pay. Maybe the phone itself is the ID, and the selfie just supposed to be proof that you are in possession of the phone? And all of this assumes that you have to upload the photo through an app and can't just text a saved image. If that's not true it's yet another point of failure.

    I supposed possessing a card and a photo (or card and phone?) is marginally better security than just card. But my PIN isn't on Facebook, or in my phone's camera folder, so this is worse than just entering a PIN on your phone. The only value of the scheme is in using the phone as a side channel (harder to snoop on than a public keypad), or a as form of ID all it's own. So why not just put the existing identifier (the PIN) on the side channel, and not introduce novel way to fail?

    This feels like when banks started letting you check your account over twitter because they just "didn't get it."

    • ...Mastercard is going to consider a selfie run through facial recognition to be as good as a fingerprint

      Could be correct. Fingerprints aren't very secure either.

      • by Anonymous Coward

        At least you can't download most people's fingerprints from Facebook.

        • by Anonymous Coward

          They should skip straight to full handprints instead so they can call the new service FacePalm.

    • You have to blink whilst doing the selfie, to make sure it isn't a photo http://www.bbc.co.uk/news/tech... [bbc.co.uk]
    • You're mastercard requires a fingerprint? All my master card requires from me, after a number, is a "signature." I frequently spend several hundred dollars on my card and leave a small squiggle, assuming the touchscreen worked that day, to confirm it was definitely me who made the purchase.

      Instead of having just a number (which has been taken from me at least twice before), this person needs to spoof my phone and have acquired pictures of me. It's not perfectly secure, but this is orders of security above t

  • by Anonymous Coward

    The future is stupid.

  • by kheldan ( 1460303 ) on Monday February 22, 2016 @01:22PM (#51560183) Journal
    I'm sure part of the 'privacy' agreement that will go along with this, is the 'sharing' of the exemplar photo and/or fingerprints with their 'partner' companies, which no doubt will also include the government. For safety purposes, of course. Really, the government only wants to know where you are at all times and everything you're purchasing for your own safety, really they do!

    Bollocks.
    • which no doubt will also include the government.

      Fuck the government, it will no doubt include Facebook.

      The government just wants power over me. Advertisers want to target my psychological weaknesses to take everything I own and put me in debt forever. (Not that I think they'll succeed to that extent, but private companies will probably have worse consequences for me.)

  • Here's hoping the algorithm is good enough to pick up the fear in someone's eyes that have a knife held up against to them out of camera view.
  • Comment removed based on user account deletion
    • I have a brother that's not a twin but even my sisters had trouble telling us apart until we started wearing different hair and facial hair styles. His friends would often stop me in stores because they thought I was him and sometimes still do if they haven't seen him recently. Aside from the obvious difference in cameras, hair, and clothing styles of the era we both also look just like pictures of our father at around the same age.

  • How are they going to cope with the problem that biometric credentials cannot be revoked once they have been compromised?
  • I've always used a simple, foolproof method of my own invention.

    "Can you identify yourself, sir?"

    *Pulls out small pocket mirror*

    "Yep, that's me all right."





    I think "foolproof" is the right word...
  • was beatable by a photo on my iPhone of the same person. I doubt that these "facial recognition" banking apps will be any more secure.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...