JPMorgan, Mastercard Embrace Biometric Payment Options 27
With JPMorgan and Mastercard piloting biometric payment options, a future where consumers can pay with their face is rapidly approaching. "Our focus on biometrics as a secure way to verify identity, replacing the password with the person, is at the heart of our efforts in this area," said Dennis Gamiello, executive vice president of identity products and innovation at Mastercard. Based on the positive feedback received thus far, Gamiello says the biometric checkout technology will roll out to more new markets later this year. CNBC reports: Biometric payment options are becoming more common. Amazon introduced pay-by-palm technology in 2020, and while its cashier-less store experiment has faltered, it installed the tech in 500 of its Whole Foods stores last year. Mastercard, which is working with PopID, launched a pilot for face-based payments in Brazil back in 2022, and it was deemed a success -- 76% of pilot participants said they would recommend the technology to a friend. Late last year, Mastercard said it was teaming with NEC to bring its Biometric Checkout Program to the Asia-Pacific region.
A deal that PopID recently signed with JPMorgan is a sign of things to come in the U.S., said John Miller, PopID CEO, and what he thinks will be a "breakthrough" year for pay-by-face technology. The consumer case is tied to the growing importance of loyalty programs. Most quick-service restaurants require consumers to provide their loyalty information to earn rewards -- which means pulling out a phone, opening an app, finding the link to the loyalty QR code, and then presenting the QR code to the cashier or reader. For payment, consumers are typically choosing between pulling out their wallet, selecting a credit card, and then dipping or tapping the card or pulling out their phone, opening it with Face ID, and then presenting it to the reader. Miller says PopID simplifies this process by requiring just tapping an on-screen button, and then looking briefly at a camera for both loyalty check-in and payment.
"We believe our partnership with JPMorgan is a watershed moment for biometric payments as it represents the first time a leading merchant acquirer has agreed to push biometric payments to its merchant customers," Miller said. "JPMorgan brings the kind of credibility and assurance that both merchants and consumers need to adopt biometric payments." Juniper Research forecasts over 100% market growth for global biometric payments between 2024 and 2028, and by 2025, $3 trillion in mobile, biometric-secured payments. Sheldon Jacobson, a professor in computer science at the University of Illinois, Urbana-Champaign, said he sees biometric identification as part of a technology continuum that has evolved from payment with a credit card to smartphones. "The next natural step is to simply use facial recognition," he said.
A deal that PopID recently signed with JPMorgan is a sign of things to come in the U.S., said John Miller, PopID CEO, and what he thinks will be a "breakthrough" year for pay-by-face technology. The consumer case is tied to the growing importance of loyalty programs. Most quick-service restaurants require consumers to provide their loyalty information to earn rewards -- which means pulling out a phone, opening an app, finding the link to the loyalty QR code, and then presenting the QR code to the cashier or reader. For payment, consumers are typically choosing between pulling out their wallet, selecting a credit card, and then dipping or tapping the card or pulling out their phone, opening it with Face ID, and then presenting it to the reader. Miller says PopID simplifies this process by requiring just tapping an on-screen button, and then looking briefly at a camera for both loyalty check-in and payment.
"We believe our partnership with JPMorgan is a watershed moment for biometric payments as it represents the first time a leading merchant acquirer has agreed to push biometric payments to its merchant customers," Miller said. "JPMorgan brings the kind of credibility and assurance that both merchants and consumers need to adopt biometric payments." Juniper Research forecasts over 100% market growth for global biometric payments between 2024 and 2028, and by 2025, $3 trillion in mobile, biometric-secured payments. Sheldon Jacobson, a professor in computer science at the University of Illinois, Urbana-Champaign, said he sees biometric identification as part of a technology continuum that has evolved from payment with a credit card to smartphones. "The next natural step is to simply use facial recognition," he said.
The Result (Score:2)
If you can pay with your face, your face can be banned.
Lunacy (Score:5, Insightful)
if they fuck up and allow your password to be compromised, you can change it. If they fuck up and allow your face to be compromised, there's no coming back from that. There is no way I trust them to hold that biometric safely against all the attackers attracted to that honeypot. On-device authentication is a meaningful protection that I won't give up.
Ross Anderson is sorely missed, and it's only been a few weeks.
Re: (Score:2)
That said there is absolutely nothing in it for me as a consumer this is entirely targeted to businesses and the hopes that they can get people to check out faster. It's the kind of nasty, pointless optimization that only makes sense when you have ultra mega super duper corporations like Amazon a
Re: (Score:1)
I don't think a hacker would even bother stealing your face.
No, it's much easier to just remove your whole head - or fingers, or hand or eye or whatever.
Even if that couldn't work because infrared sensors would detect that it's not living tissue, I still don't want access to my wealth to be via one of my body parts - because some dumb criminal might decide to try anyway.
Re: (Score:2)
I am fairly certain this would be paired with a PIN. Similar to withdrawing cash from ATM. Possession of card alone isn't enough.
The idea is that you could make purchases without a phone or card or cash. I have on occasion walked into a grocery store realizing that I forgot my wallet at home and had to drive back home empty handed. I know that several people would never sign up for something like this. There are people who still pay with cash for privacy reasons. I already use credit cards for payment
Re: (Score:2)
Oh, like my debit card where I can just bypass the PIN in most cases to pay as credit? What a wonderful convenience that comply negates the whole point of having a PIN....
Re: (Score:2)
The idea is that you could make purchases without a phone or card or cash.
I suspect the idea is to eventually render that 'cash' option obsolete. This seems to me a big step in that direction. When cash is gone, governments and corporations are in total control, and citizens become mere subjects.
It would also be a key step in creating a China-style social credit score [time.com]. I'm sure the CCP would love to eliminate cash, but that's a lot more difficult in China than it would be in North America, because fewer than half of all Chinese people have bank accounts.
Here in Canada it's alread
Re: (Score:2)
Re: (Score:2)
You only have one finger?
Of course, in the real world criminals are not bothering trying to get around biometrics at all. They don't even bother trying to find your PIN number hidden in your wallet most of the time, they just use contactless to make a few purchases and throw it away.
In other words, things don't have to be perfect to be highly effective.
In any case, biometric sensors of any reasonable calibre should reject fakes like photographs and glue based fingerprint copies. Newer fingerprint sensors ca
Re: (Score:2)
1, The article talked about facial biometrics, not finger biometrics. So your snark about "only one finger" is unjustified, because I do, in fact, have only one face, and so the problem I spelled out -- that once a biometric is compromised, it's permanently compromised -- remains. You talk later about subdermal detection etc, but that assumes the attacker targets the individual to capture and then spoof their biometric. If they target the database holding the biometrics instead, they don't need to spoof any
Re: (Score:2)
if they fuck up and allow your password to be compromised, you can change it. If they fuck up and allow your face to be compromised, there's no coming back from that. There is no way I trust them to hold that biometric safely against all the attackers attracted to that honeypot. On-device authentication is a meaningful protection that I won't give up.
Ross Anderson is sorely missed, and it's only been a few weeks.
There are people out there still not using credit, this is a serious issue for banks and payment processors like Mastercard who skim a bit off ever card transaction but the highest amount off credit transactions. They haven't been able to ban cash and other forms of payment they don't get a cut of, not through lack of trying so they're attempting every gimmick in the book to fool people into paying for everything via a credit card.
Biometrics are usernames. (Score:2)
Biometrics are non-revokable usernames and should never be used to assert identity. They're easy to forge, have been proven forgeable by many studies and worst yet you can't change them if something goes wrong.
Again and again this comes up as a solution. It is the "convenience" side of the security triangle of cost, convenience, and security. While it makes things easy, it makes things a lot more insecure.
Re: (Score:2)
Ah, but if you combine your biometrics with some sort of individual identifier - perhaps some unique mark recorded on your forehead or the back of your right hand...
Re: (Score:2)
Haha, yeah face tattoos will become the way people "change their password"
The quick answer.... (Score:3)
Crypto no longer gets VC interest (Score:3)
Prior art (Score:4, Funny)
Loan sharks have been allowing borrowers to pay with their knee-caps for years.
Screw over a few people at a time (Score:3)
So if they have a misidentification rate of say .1%, that's enough for them to just plain say you the victim is lying. You have zero recourse, and attempting to get it will ruin your life. Since the system works great for nearly everyone else nobody will care. You just go to jail instead of the actual identity thief (Reference: https://www.cbsnews.com/news/w... [cbsnews.com] ), or get declared a nutcase. On the rare occasion you can prove you didn't make the transaction they'll just pay you off.
Standard vs. Fuck You Pricing. (Score:3)
All this nonsense about “loyalty” programs. FUCK supporting that bullshit. Oh, you want to charge me a ‘discounted’ rate for my ‘loyalty’, which is me trading my digital soul to be scammed and couponed to death all for the luxury of eating a single meal? And what happens if I say No again? Oh, I get the Fuck You price tag instead? What do you think the ‘regular’ customer who has come in every say for the last 30+ years is going to say about loyalty when they refuse to have their privacy robbed while you have the arrogance to want to label them as not being loyal for refusing to participate in face-recognition couponing?
Anyone remember when a restaurant used to just treat customers like the valued asset they that keeps a restaurant in business, instead of coercing potential clickbait revenue streams to participate in your multi-faceted restaurant ‘endeavor’? Fucking hell. We keep this up, and you’ll pay for the luxury of being in a restaurant that doesn’t even bother serving food anymore. They’ll just sell you pictures of food, charge you per minute, and then tell you to get the fuck out when times up.
If you’re wondering how all this happened, thank a rabid narcissist. You can find one by breathing in any direction.
Re: (Score:2)
All this nonsense about “loyalty” programs. FUCK supporting that bullshit. Oh, you want to charge me a ‘discounted’ rate for my ‘loyalty’, which is me trading my digital soul to be scammed and couponed to death all for the luxury of eating a single meal? And what happens if I say No again? Oh, I get the Fuck You price tag instead? What do you think the ‘regular’ customer who has come in every say for the last 30+ years is going to say about loyalty when they refuse to have their privacy robbed while you have the arrogance to want to label them as not being loyal for refusing to participate in face-recognition couponing?
Regarding loyalty programs, I agree 100%, and I've been saying it for years and years. Most recently here [slashdot.org], here [slashdot.org], and here [slashdot.org].
We make convenience, shininess, and saving a penny our virtual overlords. Then the companies that provide the convenience, the shininess, and the shell-game "savings" become our real overlords.
Do they need to be attached to work? (Score:2)
We'll be fine with it (Score:2)
identification vs authentication (Score:2)
This is identification -the equivalent of a username. It is not authentication. It is not authorization.
We are always talking about Multi-Factor-Authentication. This is ZERO factor.
Just because I was present, does not mean I agree to a purchase.
"Look over here! ...Thank you for your donation!"