Swapping biometric data for traditional security measures presents challenges and opportunities
WASHINGTON – Global financial services company MasterCard is reportedly testing the possibility of adding facial recognition as a security measure for online purchases.
Fraud is now the world’s No. 1 criminal enterprise, costing consumers and industries an estimated $500 billion each year. MasterCard hopes to stem that flow of fraud by using facial recognition software in the form of the near-ubiquitous selfie.
Ajay Bhalla, the company’s security expert, is convinced this new security measure will appeal to modern consumers.
“The new generation, which is into selfies … I think they’ll find it cool,” he said.
MasterCard plans to begin a pilot program in the fall with 500 customers testing out the technology. The use of biometric data to subvert identity theft follows a broader trend within the financial and technology industries as companies concerned about the potential of cybersecurity threats are switching from passwords and personal identification numbers toward more personal information.
Apple’s iPhone now comes standard with a fingerprint scanner and Wells Fargo, one of the nation’s largest commercial banks, is examining the potential of voice recognition for its mobile transactions.
“Biometric sensors could make passwords and PINs a thing of the past,” Nish Modi, SVP of payment technology company Worldpay, predicated.
However, concern has been raised over the viability of biometrics, which some say are no better than passwords.
Ken Munro, security researcher at Pen Test Partners, said, “Google tried facial recognition on Android phones and there were a lot of problems in the early days. People realized you could take a photo of somebody and present it to the camera, and the phone would unlock.”
Phillip Dunkelberger, head of Nok Nok labs, noted that MasterCard’s proposed system isn’t actually as simple as it sounds. “They’re storing an algorithm, not a picture of you. And I’m sure they’re doing the appropriate stuff to guard it.”
Munro also pointed out one major issue with the biometric-as-password system: “If an ordinary password gets compromised you can simply revoke it or change it. What happens if your facial recognition data gets stolen? You can’t change your face.”
