Mastercard Launches 'Wave To Pay' Programme (ft.com) 80
Mastercard is launching a "controversial" biometric payments programme in stores, as the card company tries to keep pace with nimble fintechs and bigger competitors such as Amazon. From a report: Retailers that sign up to its pilot scheme can allow customers to pay in-store with a gesture such as a smile or a wave. The system, which requires customers to enrol first, could also be connected to loyalty programmes and purchase history. "Payments is a wide space, and we are trying to offer what customers want," Ajay Bhalla, Mastercard's president of cyber and intelligence, told the Financial Times. He said that Mastercard could act as the "enabler of the ecosystem," setting unified privacy and security standards for a technology that has raised the hackles of privacy and data protection campaigners. "It's important that we make sure that data is handled properly and the transaction is safe," said Bhalla. "Everything is done with consumer consent." The facial recognition software itself will come from companies including Japan's NEC, Brazil's Payface and California-based PopID. The first pilots are launching this week at five supermarkets run by the St Marche chain in Brazil. The ambition is to eventually allow consumers to use a single enrolment to pay across different stores, says Bhalla, with further pilots planned across regions including Asia, the Middle East and Europe.
wave this (Score:5, Funny)
i have a gesture i would like to wave
waive this (Score:2)
Re: (Score:2)
i have a gesture i would like to wave
I find your idea intriguing and would like to subscribe to your newsletter.
Whose Consent? (Score:5, Insightful)
Re: (Score:2)
you are implicitly granting your consent to be scanned and identified
False. You are Not consenting to anything other than you expect to be seen in Public by other people, so that expectation of privacy is gone, and this includes that the store might take video or pictures on their property, But you have Not consented to intrusive techniques such as capturing your biometric data which is private, or recording your voice conversations, Etc.
Re: (Score:3)
It's time to revoke that norm. The new rule should be that you can take a picture of somebody in public if it's done by a human who specifically chooses the subject and composes the picture, but you can't direct an automated camera toward a public area. Nor may you try to be surreptitious about it, nor create any large central repository of pictures of any person, place, or particular class of persons or places.
The language needs to
Re: (Score:2)
I don't want to respect your unreasonable demand for privacy in public. I don't even care if the webcams and the data belong to the government, major corporations, or joe sixpack. Anybody . . . must . . . be permitted to engage in normal activities, such as recording audio and video.
If you don't want to be seen publicly, either don't go out in public or pick yourself up a changeling net before you go out.
Re: (Score:3)
Surveillance-style recording of audio, video, or anything else, is not "normal activities"". It wasn''t even POSSIBLE 75 years ago.
By the way, audio recording of other people's conversations was (properly) made illegal in many places around when it became technically possible, so even now it could only be "normal activity" if by "normal" you mean "bad enough that it's already been literally outlawed".
And that kind of recording is also almost always done for malicious or paranoid reasons, so it's only "norma
Re: (Score:2)
but you can't direct an automated camera toward a public area.
That's not going to happen. Retailers obviously need to record video for security reasons - due to these problems called Criminal behaviors, shoplifting, etc. If push come to shove: They will Not let people in their stores without providing whatever type of consent is necessary.
Also, why should it matter if it's " if it's done by a human" If it is still a picture and still provides the same information ? It doesn't, and how the pictu
Re: (Score:3)
They went literally thousands of years without that. They do not "need" it.
Nobody who actually operates any kind of retail establishment is going to tank their traffic by collecting any kind of meaningful consent.
And I did not say that there should be any exception for "consent" to begin with.
Re: (Score:2)
It's perfectly reasonable to have a security camera recording the self-checkout area. Sometimes you need to be able to check back later when you realize something went wrong. And it harms nobody. It's creating a categorized repository which gets shared with others that harms people.
Re: (Score:1)
Re: (Score:1)
Re:Whose Consent? (Score:5, Informative)
In Europe this is covered by GDPR. You can have CCTV because it comes under "legitimate interest", but you have to inform the customers (with a sign) and respond to data access requests.
Facial recognition for anything other than crime prevention would not be covered by "legitimate interest" IMHO, and even crime prevention is borderline.
Re: (Score:2)
Yes, European nations are generally more careful about individual rights than the US. They've chosen to surrender just the tiniest sliver of freedom for (potentially) a great deal of security.
A great number of US American people will think that this is a horrible thing. Myself, I'm contemplating just where the government's obligation to keep me safe ends and its obligation to preserve my freedom begins . . . because (according to the preamble to the US Constitution and the US Declaration of Independence)
Re: (Score:2)
In Europe this is covered by GDPR. You can have CCTV because it comes under "legitimate interest", but you have to inform the customers (with a sign) and respond to data access requests.
Facial recognition for anything other than crime prevention would not be covered by "legitimate interest" IMHO, and even crime prevention is borderline.
If facial recognition for crime prevention is acceptable and credit cart fraud is a crime then this isn't as clear cut as you believe,
Re: (Score:2)
CCTV for fraud prevention is one thing that might be justifiable. Facial recognition though... It would seem to offer little benefit, and is a huge invasion of privacy.
Waves? (Score:4, Funny)
Re: (Score:1)
Re: (Score:2)
Actually, just couple this with some voice recognition - say, I have to walk up to a kiosk near the exit and verbally tell it I want to check out. The system should already know I am. I'd like some tiny scrap of control, or at least involvement in the process.
I'd still go out of my way to find someplace else to shop. I don't care if it's totally benign, and I know I can't get away from it, but please don't rub my nose in the fact that public monitoring just is and privacy only potentially exists within
I've been "waving to pay" for quite some time (Score:3)
with my Walletmor [walletmor.com] implant [backblazeb2.com]: just as convenient as Mastercard's biometric stuff but a lot safer and a lot less intrusive privacy-wise.
Downside: getting an implant that size is not that trivial.
Re: (Score:2)
with my Walletmor [walletmor.com] implant [backblazeb2.com]: just as convenient as Mastercard's biometric stuff but a lot safer and a lot less intrusive privacy-wise.
Downside: getting an implant that size is not that trivial.
That's a real product.. ? O.O I am horrified...
Re: (Score:2)
Why would you be horrified?
Re: (Score:2)
1. Its Wireless
2. It requires surgery to get.
3. It is expensive.
4. Requires a special app
5. Doesn't say if the device can be updated.
6. It enables wireless payments, which are more miss than hit and take longer than just putting the card in the slot.
Those are the ones I found off hand.
Re: (Score:2)
6. It enables wireless payments, which are more miss than hit and take longer than just putting the card in the slot.
On one hand I have to rub my card all over the stupid machines to find the reader. On the other hand the RF never has problems because it's dirty, and no one ever cleans their smart card reader contacts.
My big concern is the tracking. It's very easy to track anyone with implants without their knowledge. RFID has a lot more range than people think, if you use fancy enough antennas and in the right conditions. And those conditions crop up more than most people think, too.
Re: (Score:2)
Okay I'll answer:
1/ Yes; Is that a problem?
2/ Agreed. It's not for everybody.
3/ To each his own. 200 euros for the convenience of never losing or forgetting my payment card is well worth it. And trust me, if you're a nudist, it's really, REALLY worth it :)
4/ No. It's a regular Mastercard contactless payment card. The app you need is the iCard app, to add funds to your account and other administrative things. Just like you need an app from your bank to manage your regular bank account.
5/ It can't be updated.
Re: (Score:2)
3. I have never lost a wallet or card. Never had them stolen. Not since the age of 8.
5. All well and good until the world decides on a new system rending your chip useless.
6. The US, but I don't see how that matters.
Re: (Score:2)
1/ Care to elaborate why?
3/ I have. Many times. Like I says, to each his own.
5/ Believe it or not, if that happens, you can replace the implant. It's not for life.
6/ Contactless payment is no different technically in the US and in Europe. You must be extremely unlucky. A successful contactless transaction occurs in less than a second, not counting online authorization if the payment is over the floor limit.
Re: (Score:2)
5. Oh yes, what I want. A second unnecessary surgery.
6. Key point, successful. They rarely are.
Re: (Score:2)
I would guess he's horrified that there are enough people signing up to have a tracking pellet embedded in their body that this is a viable product.
Re: (Score:2)
Re: (Score:2)
For the n-th time, you can't be tracked with RFID implants. At least no more than being tracked with your regular contactless payment card.
This of the Walletmor implant as a contactless payment token under your skin - because that's exactly what it is.
The implant tracking myth is an unfortunate side effect of veterinarians telling their customers that their lost pets can be found and reunited with their owners thanks to pet implants for decades. It's just not true, but the image has stuck.
I'll repeat again:
Re: (Score:2)
For the n-th time, you can't be tracked with RFID implants. At least no more than being tracked with your regular contactless payment card.
You can easily defeat tracking of cards with a mylar wallet. RFID tags can be read from much, much further away than you think. But all that has to be possible is to read them within a couple of feet and you can be scanned going through any doorway. The more people are implanted, the more motivation there is to install scanners. You're voting for the dark future with your e-wallet.
Re: (Score:2)
RFID tags can be read from much, much further away than you think
That's the thing: I don't have to think. I know. I have 14 implants - both low and high frequency, I design NFC and RFID products for a living, and I'm telling you: you post about things you know nothing about.
Re: (Score:2)
Explain to us then. Get as technical as you like. I happen to also be an engineer with experience of RFID and NFC, so don't hold back.
Why is it infeasible to place a high power RFID/NFC reader by the door, and collect data from passing customers? The main issue I can see would be having multiple RFID/NFC devices all activating at once inside a wallet, but that's conveniently solved by implanting the RFID device in the customer's body.
Re: (Score:2)
Why is it infeasible to place a high power RFID/NFC reader by the door, and collect data from passing customers?
In the NFC band (13.56 MHz), it's infeasible because the read range is 4 / 5 cm for a 1.5W reader with glass implants, *at best*, with a large pad antenna, with the implant oriented orthogonal to the antenna's traces and placed perfectly over them. And if you thought of putting out even more power to increase the range, then you need an even larger antenna, and then you run into problems in the frontend's design to listen to the weak tag's response among all the RF noise you're putting out.
As for coupling b
Re: (Score:2)
So what you are saying is that I just need to force people through a narrow gate, like at a station, in order to read the tag in their hand.
I think you are being pessimistic about range though. When contactless payment was introduced to the UK some terminals were charging cards in people's wallets and handbags much more than 5cm away.
Re: (Score:2)
Re: (Score:2)
Build the reader into a stairway hand rail.
Good idea! Or the mounting plate for the elevator button, or the light switch. Or the hand sanitiser at the entrance.
Hell, go out and set up a few dummy hand sanitisers in the mall or train station, and harvest as many implant IDs as you want.
Re: (Score:2)
Re: (Score:2)
You're absolutely right. But . . . it won't work. You push the inductance system in the RFID chip that hard, it'll burn out. I could have this part wrong, but that's how they deactivate the tags on tagged objects you purchase. They basically overload and smoke the microcircuit.
If I have that wrong, someone mod me down. I'm not an electrical engineer, just a technician; decent hand with a multimeter and a soldering iron. I get all sorts of stuff wrong.
Re: (Score:2)
There's a limit, but you can overcome that by using directional antennas instead of just jacking up your transmit power. Phased arrays are pretty cheap and plentiful now.
Re: (Score:2)
NFC, with the shortest design range of all the common RFID technologies, is broadly acknowledged to be readable from 20cm at the upper end of the allowable power range. Tell me again how you can't read that from the hand of someone going through a doorway. It's not going to be cheap, but the feds are spending a great deal of our money to spy on us already, what's a few billion more? Hide it in some of those billions the military didn't ask to be added to their budget.
Numerous other experts in the field have
Re: (Score:2)
NFC, with the shortest design range of all the common RFID technologies, is broadly acknowledged to be readable from 20cm at the upper end of the allowable power range
Nowhere near that with implants - or even payment tokens like NFC rings or NFC keychains. The 20 cm range holds true for ISO-size NFC cards with 1W-ish readers and A5-sized antenna pads or larger.
Implants are far too small for that sort of range. Glass implants are contact to 4/5 cm at the most, in perfect conditions. Flex implants are 1 cm to 5/6 cm at best.
The real risk that expects have acknowledged is the risk with full-size antenna cards - which is different from a much shorter range and much more fini
Re: (Score:2)
You can say it as many times as you want, it doesn't make it true.
Ah, sneaky. See how that's not what you said the first time? How many of those n-times are which version?
RFID can be tracked, locally. That's how those alarms at the doors of stores work. "Locally" is defined by "how big an antenna do you have?"
Most people choose to go with lots and lots of small antennas rather than a few bi
Re: (Score:2)
First the zealots adopt a new cool technology. Then the masses begin to accept it. Throw in some mass disappearances followed by some natural disasters, disease, war, and some areas of famine. Sprinkle in some civil unrest and high profile identity theft (database leaks and hacks) to give a reason to outlaw any transactions that don't use a particular physical identifier for security reasons due to the turmoil, and voila - prophecy fulfilled. And before you laugh, currency is going away in a lot of places -
Re: (Score:2)
Re: (Score:1)
I don't know where you are, but last time I looked, getting implants like this is not considered to be a medical procedure, so most places that will do it don't/can't use anesthetic. But I should say it's been like 10 years since I last really looked into it.
Re: (Score:2)
You're correct. My installer has access to black market lidocaine, so it's very comfortable for me. Those who don't... well, it'll sting a bit for sure.
What problem is this meant to solve? (Score:3)
I see that Brazil, like the US, is somewhat behind in contactless payments.
In many countries now, almost all face-to-face transactions are made by contactless payment using NFC, from card, phone or watch.
(China is an exception using QR codes.)
It is so convenient, so not sure what the driving force is for face-recognition based payments.
Re: (Score:2)
You can re-use the equipment to follow people everywhere they go and record most of what they do.
Re: (Score:2)
Re: (Score:2)
Some guy in Mississippi might find out that I got an abortion. Some guy in Egypt might find out I went to a gay club. Some guy in China might find out that I spent too much time with Subversive Elements. Some guy in Saudi Arabia might find out that I'm trying to escape the country.
I did not make those up.
These tracking databases have killed people, and will kill more as they get better. Yes, including the fucking marketing ones. Excuse me if I do not give a fuck about the cereal guy's needs.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If you pay with something other than cash, they know who you are.
In Australia, a good way to stand out and make sure the cashier really remembers you, is to pay with cash :-)
(same in many countries, i expect.)
Re: (Score:2)
In Australia, a good way to stand out and make sure the cashier really remembers you, is to pay with cash :-)
(same in many countries, i expect.)
In Australia they also often charge extra for eftpos. Where I live it seems to range from 0.8% to 1.8%. I choose not to give 1.8% of all my retail purchases to our banks (they already announced record profits this quarter!)
Like all privacy, it's a tradeoff. For me, it's worth having the cashier remember me, if it means I give less money to the banks and less data to advertisers.
Re: (Score:2)
The main problem my wife has with payments is the fact that her iPhone doesn't recognize her face when she has a mask on. I'm guessing this facial recognition tech won't be any better.
Phone with fingerprint scanner is my preferred payment method. Secure, no data sharing required.
Re: (Score:2)
IIRC you have to specifically enable "use Face ID with face mask" in Settings.
Re: (Score:2)
It is so convenient, so not sure what the driving force is for face-recognition based payments.
It's being done for the same reason places like Walmart insist on implementing their own on-device payments system even though NFC payments work well and are supported by pretty much everyone's smartphone.
This lets them collect data which they can then turn around an monetize in various ways.
I imagine they're going to sell all these scans to police departments as well as some of the other companies that are building huge databases of this sort of data.
Interesting choice of gestures (Score:5, Funny)
WCGW (Score:2)
We've probably already seen the demos of how contactless payment can go wrong. A guy in a bus with a terminal he holds up to people's pockets. Beep, thanks for supporting your local criminal overlord.
With gesture-based payment, life is even more fun. Imagine the ways people could screw with this: show a video of someone else to the payment camera. Impersonate someone else. Have an enabled payment terminal, and point it at people. Etc, etc, etc.
This project belongs on reddit's DIYwhy
Re: (Score:2)
I expect the main outcome of this will be that people with dark skin find it hard to pay for stuff.
Re: (Score:2)
Re: WCGW (Score:2)
"What could possibly go worng?"
Re: (Score:2)
Facial recognition means mass collection (Score:2)
Re: (Score:2)
How to stop yourself from overspending (Score:2)
Have the system recongnise your frontal tail as the appendage that must be waved.
and we are trying to offer what customers want... (Score:2)
Really?
Customers have asked to pay for goods by waving or smiling?
The way this bullshit is going, I tell you what this customer wants for most of my payments - I pay you in notes and coins.
No traceable transaction, no link back to me so you can snag my buying habits and snap my mug shot.
Welcome to the "convenient" future, where we seemed to gladly hand over the keys to our privacy with card payments _everywhere_ - and now see exactly where this is headed.
Pretty much the same as China and WePay - you have _n
Welcome back Mr. Yakamoto (Score:2)
Big tech playing real life The Sims (Score:2)
This brings back memories of The Sims. When your Sim needed to shit really badly it would wave or do all sorts of crazy gestures to bring your attention to the fact that you may soon have to clean up the floor if you don't do something about the Sim's needs quickly. Same thing here. It's the big boys of the big tech playing their own version of The Sims, just with the real population.
Must be a phish (Score:1)
that's the easy part, how well will they do on the hard issues?
Biometrics is a username, not a password. (Score:3)
How many times do we have to tell people that biometrics are irrevocable usernames and should never be used for authenticating payments?
I feel like every time this comes up it's chosen because it's gimmicky, sci-fi, and people are convinced it's more secure. It's not.