Payment security has been a big topic these past few years. Not only do we have to deal with the constant threat of digital identity theft, we have to worry about data being stolen from hacked companies. Is there any relief in sight?
Maybe. Maybe not.
One major issue is that consumers are always demanding greater convenience. That’s why mobile payment methods have recently soared in popularity. Unfortunately, the risk of new technology is that it doesn’t yet have the years of experience necessarily to build robust systems.
This year, mobile payments are set to take another big leap forward. The proposed evolution has a lot of potential — potential to succeed and potential to bomb. Hard.
The Current State of Mobile Payments
The general idea behind mobile payments is that you replace the traditional debit or credit card with your smartphone. Merchants that accept mobile payments have a reader device that you can “bump” with your own device, and that bump facilitates an immediate transaction.
The most popular mobile payment apps are Apple Pay, Google Wallet, and Samsung Pay.
These transactions all occur using NFC technology, a super-short ranged wireless protocol that can also be used for other things, like sharing files and photos with another smartphone. (All you have to do is bump!)
But there’s a big problem. Actually, two big problems. First, NFC has a few security risks that still need to be ironed out. Second, merchants who don’t accept mobile payments far outnumber merchants who do. Even if you want to bump-to-pay, you may not be able to.
Fortunately mobile payment adoption is on the rise, so security issues are the main concern for many consumers. That’s why MasterCard has developed a brand new method of mobile payment: taking a selfie.
How Would Selfie Payments Work?
When people talk about why we still use passwords, the discussion tends to veer into “What are the alternatives?” territory, and one of the main alternatives is biometrics — the use of human characteristics for access control.
Or in other words, using a body part in place of a password.
In order to use selfie payments, you’ll need to install MasterCard’s app onto your smartphone. When you want to make a payment, you look at the camera and blink. The app uses your facial features and your blink for authentication.
Why the blink? Because Google actually tried in the past to incorporate facial recognition as an authentication method (but for lock screens rather than mobile payments) and it ended up being circumvented with simple photos.
According to MasterCard, the blink is much harder to forge, thus more authentic and secure. And in general, it’s much harder to counterfeit biometrics than it is to hack or crack someone’s text-based password — especially since people don’t care enough to create strong but memorable passwords.
At the moment, MasterCard is trialing their technology with a group of 500 users. If it goes well, they’ll expand.
MasterCard isn’t the only one working on this. Alibaba, the Chinese e-commerce company, demonstrated a similar feature — called “Smile to Pay” — in March 2015. No release date exists for Alibaba’s version, but it will first launch in China before going international.
Selfie Payments Are Problematic Too
There’s a good chance these selfie payments will be very popular amongst the newer generation, what with their already-instilled obsession with selfies and what not. However, we caution you to think twice before you hop on the bandwagon.
As with all new advancements, problems lurk around the corner here as well. The advent of selfie payments comes with two potential worries that should keep you on your toes.
Is blinking really that foolproof? There have already been reports that early prototypes of the blinking mechanism have been fooled by animated photos with drawn-on eyelids.
A more practical example might be stored video footage. If you can trick someone to blink into a recording camera, would the biometric sensor be smart enough to distinguish that from real life? What about twins? What about plastic surgery?
The core issue here is that biometric technology is an infant, relatively speaking, and it’s just too early to use it for any significant kind of security. But the video example leads us into our second problem…
What happens when someone does forge your credentials? This particular issue is a general one that’s applicable to all of biometrics, but it’s important enough to warrant a mention here.
Think about what happens when someone cracks your password. How do you resolve that? By changing your password! It’s easy, quick, and convenient. Dealing with the aftermath — e.g. recovering your stolen money — might be difficult, but resecuring your credentials is simple.
What can you do if someone cracks your face? You can’t just change up your face overnight.
And that’s why biometrics will never be a primary mode of authentication. It’s useful if you can supplement it with another method, e.g. PINs, voice activation, fingerprints, etc. But on its own, I don’t see it being all that safe to use.
So are we out of luck, stuck with current methods of mobile payment for the time being? Not quite. Smart credit cards may be the change you’re looking for if you need convenience while shopping. Between the two, I’d bet on the smart card.
So what do you think? Are you excited for selfie payments? Or do you think it’s going to be a huge flop? Would you rather stick with cash? Share your thoughts with us in the comments below!