Verification of online payments is about to go a whole new route. In February, MasterCard® launched “selfie pay” as an upgrade to online payment security.
Offered as an alternative to the credit card network’s current security measures that require users to enter a PIN code, password or verification code when completing their purchases, “selfie pay” was tested last year through First Tech Federal Credit Union in California. Equipped with the MasterCard Identity Check mobile app, cardholders used biometric payment authentication (either facial recognition or fingerprint matching) to verify the authenticity of donations they made online to Children’s Miracle Network Hospitals.
The process is simple. Cardholders download the Identity Check app to a phone, computer or tablet, and make an online or mobile purchase on that device. If a participating merchant asks for further identity verification before the purchase is approved, the user simply holds the device up to get a clear view of their face and blinks so that MasterCard knows they’re not trying to scam it with a bogus picture. Camera-shy folks have the option of holding their finger up to a fingerprint sensor.
Participants in the pilot trial were later surveyed for their opinions about the technology and how easy it was to use. Eighty-eight percent found it overwhelmingly easy to use on its own, and 86 percent indicated that it was easier than password-based authentication. An impressive nine out of ten said they could see themselves using it on a daily basis.
Identity Check has also been tested in The Netherlands in collaboration with International Card Services (ICS). “Biometrics, unlike passwords, ensures convenience,” said André IJbema, Manager Risk Management at ICS, in a prepared statement. “People forget passwords, making the payment process (unnecessarily) long and complex, so we expect that passwords will slowly become obsolete in favor of a more user-friendly alternative, such as biometric identification.”
MasterCard has announced that it will bring the “selfie pay” system to the U.S., Canada, United Kingdome and other European countries this year. Visa® is also exploring biometrics-secured payment options, including iris and contactless fingerprint recognition, as well as ATM technology that allows cardholders to unlock funds with a fingerprint instead of a PIN.
As with any new technology, there are critics of biometrics-based payments. Some security and privacy experts maintain it is not as secure as its proponents claim. CreditCards.com reported recently on fingerprint hacking, concluding that the digital version of a person’s whorls loops arches is an unlikely target for identity thieves.
Dr. Brian Martin, director of biometric research at MorphoTrust USA, told the website that all biometrics start from an image. “The biometric features are then extracted and stored as ones and zeros,” he explained. “These ones and zeros are sometimes encrypted and sometimes just mixed up and they are generally impossible to reverse engineer.”
In the meantime, shoppers may want to brush up on their selfie proficiency to prepare for what appears to be the future of online verification.
TransFirst is a registered ISO/MSP of: Wells Fargo Bank, N.A., Walnut Creek, CA; Synovus Bank, Columbus, GA; and Deutsche Bank, New York, NY; for Visa® and MasterCard® transactions only.