Company to experiment with biometric technology

Jul 2, 2015 22:39 GMT  ·  By

Snapping a picture of your face could be the new way of approving online transactions from the mobile phone, as MasterCard plans to start trials this fall to determine if the new method is a better option to cut down fraud than passwords are.

Biometric technology has already been implemented in some devices for user authentication, although the efforts to find a foolproof algorithm have not been matched by the efficiency ratio of the results.

Facial recognition is available in some phones as a means to unlock the device, and Apple’s TouchID allows users to access iPhones by using their fingerprints. However, both algorithms proved to be faulty under some common usage scenarios, requiring multiple tries to achieve the expected result.

In the case of Apple’s fingerprinting technology, hackers showed multiple times that it is possible to replicate the marks on a person’s fingertip by carefully collecting them from shiny surfaces or even from high-resolution pictures.

Transaction authorized in a blink

According to a report from CNN Money, MasterCard will start a pilot program for testing both fingerprints and facial scans to approve transactions. The endeavor involved partnering with companies in the smartphone business, including Microsoft, Google, Apple, BlackBerry and Samsung.

MasterCard plans to integrate facial recognition in a mobile app that launches when a payment needs to be made, asking for authorization via fingerprint or facial analysis.

If the latter option is selected, the process is completed after the user blinks once, to protect against fraudulent attempts, such as holding up a picture of the victim.

“The new generation, which is into selfies... I think they'll find it cool. They'll embrace it,” said Ajay Bhalla, president of Enterprise Security Solutions at MasterCard.

In the case of fingerprint scans, a code is created and stored on the device, but with selfies the data is converted to binary and sent to MasterCard servers over a secure connection.

This could represent a risk, as information can be intercepted in transit, but Bhalla says that it won’t be possible to reconstruct the face of the client.

The new authorization method is just starting to be tested, and in the end, it may become sufficiently refined to be a viable option for password replacement.