MasterCard has announced that it is rolling out a new way to securely pay for purchases this summer. Speaking at Mobile World Congress 2016, the company revealed that customers will now be able to pay for online purchase with a selfie or fingerprint. Certainly a great idea for those who hate having to come up with passwords, especially as a secure password these days needs a capital letter, number, character and a sacrifice to the Virgin Mary. However, are either of these methods actually secure?
The software will be housed in a third party application (which needs to be downloaded) to use the system. When you make a purchase online, rather than spelling out your password to work out what the 3rd, 5th and 9th characters are, you can look at the camera or use the fingerprint sensor.
On the surface this sounds amazing. Much less messing around with multiple passwords (which you inevitably reset because you forget them all anyway) and much more shopping online.
Unfortunately, there have already been a few murmurings from the cyber security community. Firstly, these systems are by no means foolproof. Should you choose the fingerprint route thinking that this is a simple straightforward piece of biometric data that can’t be broken, I’m afraid you’d be wrong. Hacker Starbug famously cracked Apple’s Touch ID fingerprint recognition only 48 hours after it was released and published his methods online. At this stage there is no suggestion from MasterCard that they have created a fix to his methods (or the many other hacks out there).
So maybe instead you’re thinking of using the selfie option. This is certainly the more interesting of the two. You will be asked to blink at the camera to prove that you’re not just holding up a photo or previously taken video. Which sounds great, but again experts have said it can be compromised. The technology used is not new – with both Microsoft’s Windows 10 and Google’s Android operating systems allowing users to unlock devices by looking at their cameras. Hacks to get around the facial recognition software have already been revealed online.
While MasterCard’s move is certainly in the right direction, biometrics at this stage just aren’t quite accurate enough to prevent fraud. With credit card fraud rates on the rise, expect to see more companies looking into new and innovative ways to confirm your identity other than your usual password. But until biometrics catches up, I think you would be best to use a combination of biometric and password.
Picture credit: Glenn3095