Selfies might soon serve a real purpose within point-of-sale systems.
In March, MasterCard announced plans to add a selfie-based payment authentication feature to its mobile application, CNN reported. Last year, the company ran a pilot program for the feature which enables users to submit a selfie to confirm mobile transactions.
“As the world gets increasingly digital, this will be the next wave of technology that will change the consumer experience of shopping digitally,” Ajay Bhalla, president of enterprise security solutions at the credit card company, told USA Today soon after kicking off the pilot in October of 2015. “It’s all part of our role in making commerce available anywhere, anytime, on any digital device.”
The technique, called “selfie pay,” has since gained traction, with multiple parties, including Amazon, Lucova and Kim Kardashian, squabbling over the patent for the egoistic security feature.
Since Apple and Samsung made the password irrelevant with fingerprint-based authentication methods, retailers and technology companies have started looking for new ways to further ease mobile-purchasing security protocols. Selfie pay is a product of that push.
Cybersecurity experts are divided on the technique. Some say the obvious privacy risks associated with selfie pay outweigh its utility. Others have faith that MasterCard will take the necessary steps to protect its customers.
“They’re storing an algorithm, not a picture of you. And I’m sure they’re doing the appropriate stuff to guard it,” Phillip Dunkelberger, director of Nok Nok Labs, a security authentication developer in Palo Alto, California, told CNN.
When users log into the MasterCard app to submit a payment, a dialog box appears asking for either a fingerprint or photograph to confirm. Those who choose the selfie option must stare into a darkened phone screen and blink once. In this instant, the app’s facial recognition tool takes a reading and creates unique, scan-based code which is then transmitted to MasterCard for confirmation.
The company says the code is stored safely in its secured servers.
Despite its novelty, selfie pay isn’t the only advanced authentication system MasterCard has in the works.
It is also partnering with multiple biometric firms to produce heartbeat-based payment confirmation technology, The Verge reported. The system leverages pulse readings collected via a wearable to authenticate users. The company has completed user tests in Canada and the Netherlands but has yet to release a launch date.
“It’s constant authentication,” Bhalla told the online publication. “This technology can reside in your watch, can reside in any other wearable.”
Other organizations have taken the same experimental path when it comes to payment authorization. In February, HSBC announced that it was partnering with Apple to build voice authentication into its mobile app, the BBC reported.