Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Businesses Security The Almighty Buck

MasterCard To Approve Online Payments Using Your Selfies 77

An anonymous reader writes: MasterCard is experimenting with a new program: approving online purchases with a facial scan. Once you’re done shopping online, instead of a password, the service will require you to snap a photo of your face, so you won’t have to worry about remembering a password. The Stack reports: "MasterCard will be joining forces with tech leaders Apple, BlackBerry, Google, Samsung and Microsoft as well as two major banks to help make the feature a reality. Currently the international group uses a SecureCode solution which requires a password from its customers at checkout. The system was used across 3 billion transactions last year, the company said. It is now exploring biometric alternatives to protect against unauthorized payment card transactions. Customers trialling the new technologies are required to download the MasterCard app onto their smart device. At checkout two authorization steps will be taken; fingerprint recognition and facial identification using the device's camera. The system will check for blinking to avoid criminals simply holding a photograph up to the lens."
This discussion has been archived. No new comments can be posted.

MasterCard To Approve Online Payments Using Your Selfies

Comments Filter:
  • by Anonymous Coward

    it would prevent photos, but not videos (real footage or animated picture)

    • Re:blinking? (Score:5, Interesting)

      by Joce640k ( 829181 ) on Friday July 03, 2015 @05:21AM (#50038297) Homepage

      Cut two slots in the photo where the eyes are. Insert small pink Post-Its from behind. Flick them with your fingers. Blinking!!

      • by Anonymous Coward

        I was thinking this also, but in my version you just line up the holes in front of your face so your actual eyes do the blinking!

  • by Anonymous Coward

    Oh yes, this system is going to be really secure.

  • by Anonymous Coward

    The system will check for blinking to avoid criminals simply holding a photograph up to the lens

    Oh well that's great then, no WAY around that, it's not like a simple app could make a photograph appear to blink.

  • by Anonymous Coward

    How long until someone makes an app that adds blinking eyes to a photo?

  • Worst. Idea. Ever (Score:2, Insightful)

    by Anonymous Coward

    Never. Use. Biometrics. For. Authentication

    • Never. Use. Biometrics. For. Authentication.

      Said Pepe the Peg-Leg Pirate.
      Said Frodo of the Nine Fingers.
      Said the Headless Horseman.
      Said One-Eye Pete.
      Said Greasy-Grimy-Finger Gus (based on a true story)
      Said Sam Beckett the Quantum Leper

      We need to all send biometrics patent holders and hardware manufacturers money every month so they can "make money as they sleep" right now, today. Then we'll be able to sleep at night knowing that when we wake the world will not have turned to some shitty 'Orwell' or 'Brazil' nightmare than never ends.

      I'm starting to

    • Microchip under the skin it is then.
      • You could implant a cryptographic radio transponder with a 666-bit keypair in people's forehead or right hand. The plus side is that it'd combine the positive aspects of a "something you have" transponder with biometrics' resistance to loss or theft. The minus side is protests from Christians who think it's the mark of the Beast mentioned in the revelation to John of Patmos.

        * Actual theft, not copying.

  • by Anonymous Coward
    They've partnered with Google so darkies can look forward to gorillas emptying their account [slashdot.org].
  • by BringMyShuttle ( 4121293 ) on Friday July 03, 2015 @04:52AM (#50038225)
    Obviously this has ridiculously low security, but the way chargebacks work if there is a fraudulent purchase with it, the merchant wears the cost. Not Mastercard. So there's no downside for Mastercard, and the upside is the novelty value will have narcissists using it... and spending more. "Once approved, the chargeback cancels the financial transaction, and the consumer receives a refund of the money they spent. When a chargeback occurs, the merchant is accountable, regardless of whatever measures they took to verify the transaction. In 2013, LexisNexis reported that merchants pay up to US$2.79 for every $1 lost in fraudulent transactions." https://en.wikipedia.org/wiki/... [wikipedia.org]
  • by shabble ( 90296 ) <metnysr_slashdot@shabble.co.uk> on Friday July 03, 2015 @05:12AM (#50038273)

    Once again a company decides to use something that should be equivalent to a user-id as a password and gets it wrong.

    This is the same deal as it is with using fingerprints as 'passwords.': http://blog.dustinkirkland.com... [dustinkirkland.com]..

    But biometrics cannot, and absolutely must not, be used to authenticate an identity. For authentication, you need a password or passphrase. Something that can be independently chosen, changed, and rotated.

    • by prefec2 ( 875483 )

      They get confused about id and authentication all the time. Biometric information is not a secret. Only secrets can be used as token for authentication. It does not necessarily be rotated, but is must be a secret to the rest of the world and only known to the two parties communicating with each other. Rotation is only a subtype of changing. And you only need to change if, and only if, it is no longer a secret or becoming to be known. However, passwords are not the best form of authentication mechanism. As t

      • Both of you are wrong and so is Dustin Kirkland (whoever he is). The core of your error is in this statement:

        Only secrets can be used as token for authentication.

        That sentence is true, as stated, but only because it includes the word "token". Yes if you're using secret tokens for authentication, then the tokens must be secret. But exchanging secrets (or proof of possession of secrets, which is what most cryptographic authentication protocols do) is not the only way to do authentication. Not by a long shot. In fact, humans hardly ever use secrets for authent

        • I would give this +1 if I could. Very good discussion of the subject.

  • I can't even start to wonder why a critical, money-bound company would even think of facial recognition for secure payments...

    Simple hack comes to mind the first 2 seconds after reading this headline:

    1. take a photo of the card holder
    2. use it to pass the face check system
    3. ??????
    4. PROFIT!
    • And before anyone starts going "you should have read the article!": blinking can be faked quite easily with the photograph method. Just youtube attempts made at face unlock...
    • by TyFoN ( 12980 )

      My boss (who looks not too different from me) can unlock my phone with his face.

      Using it for banking seems insane

    • I can't even start to wonder why a critical, money-bound company would even think of facial recognition for secure payments...

      Pass a law making banks and credit card companies financially responsible for fraud in the use of their products, rather than being able to pass the cost off entirely onto merchants like they currently do. Then you'll see money-bound companies take security seriously. (Those absurdly high credit card interest rates pay for people who default on their credit card bills, not for fr

  • And can I opt-out before the "payment method" is launched?
  • by Anonymous Coward

    Why bother forcing the user to take a picture? The fingerprinting is far more secure. Until all phones have depth cameras, it sounds like you could use a gif or video of the person to pass the face check. That's too easy to create. Since this system already requires the user to have a phone, why not have them keep the password on the phone so they don't have to remember it? If the phone gets stolen, it's likely to have fingerprints of it's owner on the case and the owner will likely have self-portraits

    • The fingerprinting is far more secure.

      But also problematic, from a usability standpoint. As people that actually work with their hands know, the ability to take a reliable fingerprint can be impeded by blisters, etc. For example, a (long) while ago I had to delay getting my fingerprints taken at NASA because my finger tips were beaten up from recently working around the house and on my car.

  • by Anonymous Coward

    "Gorillas are not authorized to use this credit card."

    Sorry, after seeing Google was one of the partners working on this face recognition thing, I couldn't help myself. :p

  • by Anonymous Coward

    I'm not sure many citizens would willingly let their Government build a handy database of every persons; photo, finger print, location, and finances all in one place.

    Yet that appears to be what this payment gateway will allow. Sure, its a private enterprise, but since when did that stop a Government demanding or just taking the data?

    With access to this source, they can mine for facial recognition & finger print hits. With the phone tracking they can then map people to location to their face.
    Attend a d

  • by Anonymous Coward

    Will be first port of call then for many fraudsters.

    Google name, city, of mark to find their (normally) public Facebook profile, and save their profile pics to use for facial recognition.

    Easy peasy.

    Tim

  • Honest question... Identical twins had better really trust one another if they get a card with this feature.
  • Says it all. This is just a way to get 100% of everyone into a photo database so we can be tracked everywhere more effectively. Guess what, assholes? I don't have and don't want a smartphone, I'm not going to cooperate with this bullshit, and I think I'm far from alone in that sentiment.
  • Looks like http://www.shocard.com/ [shocard.com] lost the pitch completely :-(

  • Just need to make a fun novelty "What does your fingerprint say about you?" quiz - have users log in with Facebook, upload a high-quality pic of their fingerprint, then give them some silly fortune cookie blurb. Then it's just a case of replicating their fingerprint and stealing a selfie off of their Facebook page. SHOPPING SPREEEEEE

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...