Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Can facial recognition authentication improve mobile security?

MasterCard is testing a new facial recognition authentication system for mobile payments. Expert Michael Cobb explains how it works, and what it means for users.

MasterCard is testing a new facial recognition authentication system for online payments; users can download the...

credit card company's mobile app, which will scan their faces to approve payments (users can also select fingerprint scanning for authentication). Is this a good idea? Can facial recognition authentication on mobile phones replace passwords?

The key to dominating the online payment industry is security and ease of use, which is never an easy combination to get right. Authentication methods -- the most important security step in a payment transaction -- that don't rely on troublesome passwords, tackle both security and ease of use and are gaining in popularity for both online and in-store purchases. New credit and debit cards offer contactless transactions using Near Field Communication (NFC), known as tap and pay, but the real battle is moving to mobile apps that enable users to authorize payments using their smartphones.

The Apple Pay and Google Wallet apps already let users tap and pay with their Apple or Android phone, and now MasterCard has joined the fray by announcing an app that will approve online transactions with a facial scan -- pay by face. The credit card company is hoping to introduce other biometric authentication methods like fingerprints, voice recognition and heartbeat, which would truly be a contactless and uninterrupted transaction.

MasterCard hopes the use of "selfies" will replace SecureCode, the password-based system currently used to verify the identity of its customers shopping online. Users with the MasterCard app receive a pop-up request on their phone at the point of sale asking for authorization. This is completed by looking at the phone and blinking once. The blink is required to thwart the use of photos to fool the camera; Google's Face Unlock and Liveness Check features were both easily deceived by holding up a photo to the phone’s camera. By using facial recognition authentication technology, the app can convert the image into a unique binary string, which is compared to the stored string held by MasterCard. If the two match, then the transaction will be authorized.

MasterCard wants to, "identify people for who they are, not what they remember," and biometric authentication offers a lot of advantages over passwords as users can't forget them, they're unique, and they are easy to provide. The fact that today's smartphones can capture fingerprints, voice and facial images removes the need for costly and cumbersome external readers, but devices used to read or measure a biometric can still produce false negatives and false positives. People leave their fingerprints all over the place, which is the equivalent of the password written on a post-it note, and it's fairly easy to copy them and create a replica in silicone. Someone's voice is also easily captured, and dynamic biometrics like blinking can be captured and copied.

The protection of biometric information is extremely important, as unlike a password, a fingerprint or face can't be changed. MasterCard has not yet explained how the app will protect and transmit biometric-based authentication data, but hopefully the phone's ID will be tied to the authentication process to add another layer of protection. Interestingly, although Android phones can be unlocked using facial recognition, Google labels the option low-security and experimental, feeling a PIN is still the safer option.

MasterCard is not alone in trialing pay by face. Alibaba demoed its facial recognition technology for making payments earlier this year, and consumers do seem to be happy using biometrics for authentication. Facial recognition authentication will certainly make the checkout process quicker, and if biometric authentication raises the security bar higher than current card payment systems, then it's a move in the right direction. No system will ever be 100% secure, and easy security is better than strong security that nobody uses.

Next Steps

Learn how accurate MasterCard's voice and facial recognition systems tested

Discover why the popularity of biometric authentication is set to spike

Find out what enterprises should do if biometric data is compromised

This was last published in December 2015

Dig Deeper on Biometric technology

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you think a facial recognition authentication system can improve mobile payment security?
Cancel
It sounds like a good idea, if and when it ever works well. Makes me think of automated self checkouts, which have been around for ages, and how many issues those systems still experience.
Cancel
As long as facial recognition is used to make payments but not access to other personal data, I think it's a great idea. I can't help but wonder if the person's face changes for some reason like in a car accident even temporarily, this method to authenticate is not a sure thing.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close