MasterCard says it plans to bring "selfie pay" security checks to more than a dozen countries. Last year, the company started trialling the technology — which uses facial recognition to authenticate users' identity — but now says it has firm plans to roll the feature out to users after positive reactions from testers.
Users still have to enter credit card information
To use selfie pay, customers will have to download MasterCard's app to their phone or tablet. Then, after entering their credit card information as normal during an online payment, they'll hold their device up to their face to take a quick picture. Users will have to blink to prove that they're not holding a photograph in front of the camera, and MasterCard says its algorithms can tell when someone is trying to fool the system by using a video.
The company adds that the facial recognition system will only be used in certain contexts when further authentication is needed, and that a lot of its security is based on knowing whether a transaction just seems normal or not. "We will have a lot of information about your transaction," Ajay Bhalla, MasterCard's president of enterprise security solutions, tells The Verge. "Where are you, where are the goods getting shipped, what is your location."
MasterCard's selfie pay systems on display at Mobile World Congress in Barcelona. (Image credit: MasterCard)
Bhalla says the company is also looking at security measures beyond facial recognition and fingerprint sensors. (Just earlier this week, UK bank HSBC said it would introduce support for Apple's Touch ID and voice recognition.) One alternative, he says, could be heartbeat recognition: using a sensor to read a person's electrocardiogram — the unique electrical signal produced by their heart.
Heartbeat recognition could use any wearable with the right sensors
MasterCard did its first trials with heartbeat recognition late last year using the Nymi Band. Now, it's completed trials using the device in both Canada and the Netherlands, and says the reactions were very positive. Bhalla adds that while even fingerprint or facial recognition requires input from the user, heartbeat recognition can take place seamlessly in the background. You just wear a bracelet and it sends a signal to devices you're near to prove you're you. "It’s constant authentication," says Bhalla. "This technology can reside in your watch, can reside in any other wearable."
However, he adds that heartbeat authentication is a way off, simply because there's no infrastructure currently available to support it. Facial recognition can roll out much sooner by comparison. "This is what the consumer is going to see in the next 12 months," he says.