Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
The Almighty Buck Technology

Mastercard Launches 'Wave To Pay' Programme (ft.com) 80

Mastercard is launching a "controversial" biometric payments programme in stores, as the card company tries to keep pace with nimble fintechs and bigger competitors such as Amazon. From a report: Retailers that sign up to its pilot scheme can allow customers to pay in-store with a gesture such as a smile or a wave. The system, which requires customers to enrol first, could also be connected to loyalty programmes and purchase history. "Payments is a wide space, and we are trying to offer what customers want," Ajay Bhalla, Mastercard's president of cyber and intelligence, told the Financial Times. He said that Mastercard could act as the "enabler of the ecosystem," setting unified privacy and security standards for a technology that has raised the hackles of privacy and data protection campaigners. "It's important that we make sure that data is handled properly and the transaction is safe," said Bhalla. "Everything is done with consumer consent." The facial recognition software itself will come from companies including Japan's NEC, Brazil's Payface and California-based PopID. The first pilots are launching this week at five supermarkets run by the St Marche chain in Brazil. The ambition is to eventually allow consumers to use a single enrolment to pay across different stores, says Bhalla, with further pilots planned across regions including Asia, the Middle East and Europe.
This discussion has been archived. No new comments can be posted.

Mastercard Launches 'Wave To Pay' Programme

Comments Filter:
  • wave this (Score:5, Funny)

    by zlives ( 2009072 ) on Tuesday May 17, 2022 @09:05AM (#62542410)

    i have a gesture i would like to wave

  • Whose Consent? (Score:5, Insightful)

    by jeadly ( 602916 ) on Tuesday May 17, 2022 @09:09AM (#62542426)
    So because some of your customers consent, the rest of us are going to get scanned to see if we're them?
    • Re:Whose Consent? (Score:5, Informative)

      by AmiMoJo ( 196126 ) on Tuesday May 17, 2022 @10:23AM (#62542698) Homepage Journal

      In Europe this is covered by GDPR. You can have CCTV because it comes under "legitimate interest", but you have to inform the customers (with a sign) and respond to data access requests.

      Facial recognition for anything other than crime prevention would not be covered by "legitimate interest" IMHO, and even crime prevention is borderline.

      • Comment removed based on user account deletion
      • In Europe this is covered by GDPR. You can have CCTV because it comes under "legitimate interest", but you have to inform the customers (with a sign) and respond to data access requests.

        Facial recognition for anything other than crime prevention would not be covered by "legitimate interest" IMHO, and even crime prevention is borderline.

        If facial recognition for crime prevention is acceptable and credit cart fraud is a crime then this isn't as clear cut as you believe,

        • by AmiMoJo ( 196126 )

          CCTV for fraud prevention is one thing that might be justifiable. Facial recognition though... It would seem to offer little benefit, and is a huge invasion of privacy.

  • Waves? (Score:4, Funny)

    by Technowarlock ( 4807331 ) on Tuesday May 17, 2022 @09:23AM (#62542470)
    So I see a buddy in the supermarket, say hi to him, and now, I've purchased all the groceries?
    • by jeadly ( 602916 )
      I assume it's supposed to be some kind of secret handshake you'd only do to demonstrate your agreement to pay. If nothing else I look forward to people doing the Carlton in front of self-checkout kiosks.
  • with my Walletmor [walletmor.com] implant [backblazeb2.com]: just as convenient as Mastercard's biometric stuff but a lot safer and a lot less intrusive privacy-wise.

    Downside: getting an implant that size is not that trivial.

    • by Shaeun ( 1867894 )

      with my Walletmor [walletmor.com] implant [backblazeb2.com]: just as convenient as Mastercard's biometric stuff but a lot safer and a lot less intrusive privacy-wise.

      Downside: getting an implant that size is not that trivial.

      That's a real product.. ? O.O I am horrified...

      • Why would you be horrified?

        • Let us count the ways
          1. Its Wireless
          2. It requires surgery to get.
          3. It is expensive.
          4. Requires a special app
          5. Doesn't say if the device can be updated.
          6. It enables wireless payments, which are more miss than hit and take longer than just putting the card in the slot.

          Those are the ones I found off hand.
          • 6. It enables wireless payments, which are more miss than hit and take longer than just putting the card in the slot.

            On one hand I have to rub my card all over the stupid machines to find the reader. On the other hand the RF never has problems because it's dirty, and no one ever cleans their smart card reader contacts.

            My big concern is the tracking. It's very easy to track anyone with implants without their knowledge. RFID has a lot more range than people think, if you use fancy enough antennas and in the right conditions. And those conditions crop up more than most people think, too.

          • Okay I'll answer:

            1/ Yes; Is that a problem?

            2/ Agreed. It's not for everybody.

            3/ To each his own. 200 euros for the convenience of never losing or forgetting my payment card is well worth it. And trust me, if you're a nudist, it's really, REALLY worth it :)

            4/ No. It's a regular Mastercard contactless payment card. The app you need is the iCard app, to add funds to your account and other administrative things. Just like you need an app from your bank to manage your regular bank account.

            5/ It can't be updated.

            • 1. Yes it is a problem.
              3. I have never lost a wallet or card. Never had them stolen. Not since the age of 8.
              5. All well and good until the world decides on a new system rending your chip useless.
              6. The US, but I don't see how that matters.
              • 1/ Care to elaborate why?
                3/ I have. Many times. Like I says, to each his own.
                5/ Believe it or not, if that happens, you can replace the implant. It's not for life.
                6/ Contactless payment is no different technically in the US and in Europe. You must be extremely unlucky. A successful contactless transaction occurs in less than a second, not counting online authorization if the payment is over the floor limit.

                • 1. Wireless can be access remotely.
                  5. Oh yes, what I want. A second unnecessary surgery.
                  6. Key point, successful. They rarely are.
        • I would guess he's horrified that there are enough people signing up to have a tracking pellet embedded in their body that this is a viable product.

          • Why would people implant them? You couldn't watch porn that way.
          • For the n-th time, you can't be tracked with RFID implants. At least no more than being tracked with your regular contactless payment card.

            This of the Walletmor implant as a contactless payment token under your skin - because that's exactly what it is.

            The implant tracking myth is an unfortunate side effect of veterinarians telling their customers that their lost pets can be found and reunited with their owners thanks to pet implants for decades. It's just not true, but the image has stuck.

            I'll repeat again:

            • For the n-th time, you can't be tracked with RFID implants. At least no more than being tracked with your regular contactless payment card.

              You can easily defeat tracking of cards with a mylar wallet. RFID tags can be read from much, much further away than you think. But all that has to be possible is to read them within a couple of feet and you can be scanned going through any doorway. The more people are implanted, the more motivation there is to install scanners. You're voting for the dark future with your e-wallet.

              • RFID tags can be read from much, much further away than you think

                That's the thing: I don't have to think. I know. I have 14 implants - both low and high frequency, I design NFC and RFID products for a living, and I'm telling you: you post about things you know nothing about.

                • by AmiMoJo ( 196126 )

                  Explain to us then. Get as technical as you like. I happen to also be an engineer with experience of RFID and NFC, so don't hold back.

                  Why is it infeasible to place a high power RFID/NFC reader by the door, and collect data from passing customers? The main issue I can see would be having multiple RFID/NFC devices all activating at once inside a wallet, but that's conveniently solved by implanting the RFID device in the customer's body.

                  • Why is it infeasible to place a high power RFID/NFC reader by the door, and collect data from passing customers?

                    In the NFC band (13.56 MHz), it's infeasible because the read range is 4 / 5 cm for a 1.5W reader with glass implants, *at best*, with a large pad antenna, with the implant oriented orthogonal to the antenna's traces and placed perfectly over them. And if you thought of putting out even more power to increase the range, then you need an even larger antenna, and then you run into problems in the frontend's design to listen to the weak tag's response among all the RF noise you're putting out.

                    As for coupling b

                    • by AmiMoJo ( 196126 )

                      So what you are saying is that I just need to force people through a narrow gate, like at a station, in order to read the tag in their hand.

                      I think you are being pessimistic about range though. When contactless payment was introduced to the UK some terminals were charging cards in people's wallets and handbags much more than 5cm away.

                    • Build the reader into a stairway hand rail.
                    • Build the reader into a stairway hand rail.

                      Good idea! Or the mounting plate for the elevator button, or the light switch. Or the hand sanitiser at the entrance.

                      Hell, go out and set up a few dummy hand sanitisers in the mall or train station, and harvest as many implant IDs as you want.

                    • Set up a mall kiosk where you stand in front of a camera and wave your hand to 'use the Force' to blow over digital stormtroopers or something.
                  • Comment removed based on user account deletion
                    • by ceoyoyo ( 59147 )

                      There's a limit, but you can overcome that by using directional antennas instead of just jacking up your transmit power. Phased arrays are pretty cheap and plentiful now.

                • NFC, with the shortest design range of all the common RFID technologies, is broadly acknowledged to be readable from 20cm at the upper end of the allowable power range. Tell me again how you can't read that from the hand of someone going through a doorway. It's not going to be cheap, but the feds are spending a great deal of our money to spy on us already, what's a few billion more? Hide it in some of those billions the military didn't ask to be added to their budget.

                  Numerous other experts in the field have

                  • NFC, with the shortest design range of all the common RFID technologies, is broadly acknowledged to be readable from 20cm at the upper end of the allowable power range

                    Nowhere near that with implants - or even payment tokens like NFC rings or NFC keychains. The 20 cm range holds true for ISO-size NFC cards with 1W-ish readers and A5-sized antenna pads or larger.

                    Implants are far too small for that sort of range. Glass implants are contact to 4/5 cm at the most, in perfect conditions. Flex implants are 1 cm to 5/6 cm at best.

                    The real risk that expects have acknowledged is the risk with full-size antenna cards - which is different from a much shorter range and much more fini

            • by ceoyoyo ( 59147 )

              For the n-th time, you can't be tracked with RFID implants.

              You can say it as many times as you want, it doesn't make it true.

              I'll repeat again: RFID implants cannot be located remotely.

              Ah, sneaky. See how that's not what you said the first time? How many of those n-times are which version?

              RFID can be tracked, locally. That's how those alarms at the doors of stores work. "Locally" is defined by "how big an antenna do you have?"

              Most people choose to go with lots and lots of small antennas rather than a few bi

        • First the zealots adopt a new cool technology. Then the masses begin to accept it. Throw in some mass disappearances followed by some natural disasters, disease, war, and some areas of famine. Sprinkle in some civil unrest and high profile identity theft (database leaks and hacks) to give a reason to outlaw any transactions that don't use a particular physical identifier for security reasons due to the turmoil, and voila - prophecy fulfilled. And before you laugh, currency is going away in a lot of places -

    • I don't know where you are, but last time I looked, getting implants like this is not considered to be a medical procedure, so most places that will do it don't/can't use anesthetic. But I should say it's been like 10 years since I last really looked into it.

      • You're correct. My installer has access to black market lidocaine, so it's very comfortable for me. Those who don't... well, it'll sting a bit for sure.

  • by quenda ( 644621 ) on Tuesday May 17, 2022 @09:32AM (#62542506)

    I see that Brazil, like the US, is somewhat behind in contactless payments.
    In many countries now, almost all face-to-face transactions are made by contactless payment using NFC, from card, phone or watch.
    (China is an exception using QR codes.)
    It is so convenient, so not sure what the driving force is for face-recognition based payments.

    • by Hizonner ( 38491 )

      It is so convenient, so not sure what the driving force is for face-recognition based payments.

      You can re-use the equipment to follow people everywhere they go and record most of what they do.

      • Oh no! Some guy in an office might find out that I bought Raisin Bran!
        • by Hizonner ( 38491 )

          Some guy in Mississippi might find out that I got an abortion. Some guy in Egypt might find out I went to a gay club. Some guy in China might find out that I spent too much time with Subversive Elements. Some guy in Saudi Arabia might find out that I'm trying to escape the country.

          I did not make those up.

          These tracking databases have killed people, and will kill more as they get better. Yes, including the fucking marketing ones. Excuse me if I do not give a fuck about the cereal guy's needs.

    • Targetted ads
      • If you pay with something other than cash, they know who you are. That has been true ever since we were paying with checks.
        • Who are "they" and when you say that "they" "know who you are" what does that mean exactly?
        • by quenda ( 644621 )

          If you pay with something other than cash, they know who you are.

          In Australia, a good way to stand out and make sure the cashier really remembers you, is to pay with cash :-)

          (same in many countries, i expect.)

          • In Australia, a good way to stand out and make sure the cashier really remembers you, is to pay with cash :-)

            (same in many countries, i expect.)

            In Australia they also often charge extra for eftpos. Where I live it seems to range from 0.8% to 1.8%. I choose not to give 1.8% of all my retail purchases to our banks (they already announced record profits this quarter!)

            Like all privacy, it's a tradeoff. For me, it's worth having the cashier remember me, if it means I give less money to the banks and less data to advertisers.

    • by AmiMoJo ( 196126 )

      The main problem my wife has with payments is the fact that her iPhone doesn't recognize her face when she has a mask on. I'm guessing this facial recognition tech won't be any better.

      Phone with fingerprint scanner is my preferred payment method. Secure, no data sharing required.

    • It is so convenient, so not sure what the driving force is for face-recognition based payments.

      It's being done for the same reason places like Walmart insist on implementing their own on-device payments system even though NFC payments work well and are supported by pretty much everyone's smartphone.

      This lets them collect data which they can then turn around an monetize in various ways.

      I imagine they're going to sell all these scans to police departments as well as some of the other companies that are building huge databases of this sort of data.

  • by TomGreenhaw ( 929233 ) on Tuesday May 17, 2022 @09:52AM (#62542584)
    This is what you do when you say goodbye to your money.
  • We've probably already seen the demos of how contactless payment can go wrong. A guy in a bus with a terminal he holds up to people's pockets. Beep, thanks for supporting your local criminal overlord.

    With gesture-based payment, life is even more fun. Imagine the ways people could screw with this: show a video of someone else to the payment camera. Impersonate someone else. Have an enabled payment terminal, and point it at people. Etc, etc, etc.

    This project belongs on reddit's DIYwhy

  • I wouldn't want to go into any store that uses this tech, as they would be collecting facial data from everyone, even people not enrolled into this program.
  • Have the system recongnise your frontal tail as the appendage that must be waved.

  • Really?
    Customers have asked to pay for goods by waving or smiling?

    The way this bullshit is going, I tell you what this customer wants for most of my payments - I pay you in notes and coins.

    No traceable transaction, no link back to me so you can snag my buying habits and snap my mug shot.

    Welcome to the "convenient" future, where we seemed to gladly hand over the keys to our privacy with card payments _everywhere_ - and now see exactly where this is headed.

    Pretty much the same as China and WePay - you have _n

  • The stores will be doing this for non-payment reasons too and event trading the data between themselves I'm sure. Maybe the Burqa will become popular in the west soon
  • This brings back memories of The Sims. When your Sim needed to shit really badly it would wave or do all sorts of crazy gestures to bring your attention to the fact that you may soon have to clean up the floor if you don't do something about the Sim's needs quickly. Same thing here. It's the big boys of the big tech playing their own version of The Sims, just with the real population.

  • They can't spell check for crap.
    that's the easy part, how well will they do on the hard issues?
  • by netik ( 141046 ) on Tuesday May 17, 2022 @02:54PM (#62543882) Homepage

    How many times do we have to tell people that biometrics are irrevocable usernames and should never be used for authenticating payments?

    I feel like every time this comes up it's chosen because it's gimmicky, sci-fi, and people are convinced it's more secure. It's not.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...