In an attempt to create a passwordless credit card transaction settlement process, MasterCard is set to develop a system that approves online purchases using facial recognition technology. Ajay Bhalla, in charge of innovative security solutions for MasterCard, said:
"The new generation, which is into selfies ... I think they'll find it cool. They'll embrace it."
MasterCard has partnered with every international smartphone manufacturers and developers, including Google, BlackBerry, Apple, Microsoft and Samsung to launch a pilot test implementing both fingerprint- and facial-recognition technology. The beta test of the new biometric security system will involve 500 customers. Soon after receiving feedback and making improvements, MasterCard says it will launch the service publicly.
MasterCard has also announced that the company is trying to secure deals with two major banks, but decided not disclose their names just yet.
As of now, the majority of MasterCard customers use a password-based security system called SecureCode, which was developed to stop hackers from stealing credit card numbers on the Web. According to CNN Money, the system was used in over 3 billion transactions in 2014. However, MasterCard was concerned that passwords were often stolen and intercepted, and decided to follow Apple in implementing biometric security in online transactions.
The Facial Recognition Technology
Customers using facial recognition to settle payments simply have to stare at the phone and blink once. MasterCard’s security researchers have come to a consensus that the method of obtaining a picture of a customer’s face prevents hackers from fooling the system.
"Mastercard will want this to be secure because they're dealing with money. But there is a case for adding extra layers of security," said Ken Munro, security researcher at Pen Test Partners. "If an ordinary password gets compromised you can simply revoke it or change it. What happens if your facial recognition data gets stolen? You can't change your face."
However, Robert M. Lee, co-founder of consulting firm Dragos Security, argued:
"I understand why they'd want that data, but no, I do not like it. [...] From a privacy aspect it's awful — but from a business perspective, I don't understand why they'd accept [the] risk [of storing private data on company servers]."
MasterCard also announced last year in November that they were working with the Canadian security firm Bionym to develop technology that will settle transactions by recognizing the human heartbeat.