MasterCard Wants Your Selfie, But it’s Not for What You Think it’s For

secure_mobile_payments_400.jpg

Payment via mobile devices is still a relatively new concept. With newer smartphones, it’s now easier than ever to pay your bills or send money on a whim. However, this also brings up an important topic; what’s the best way to handle mobile payments, and how can those who accept and process these payments ensure maximum security?

The answer might lie in two-factor authentication.

Specifically, MasterCard wants to introduce biometric-based two-factor authentication to its system, starting with the UK this summer. The technology discussed is a “selfie” based system that allows users to take a picture through an application, which is then compared to an image stored. The idea is that selfie-authentication, and other methods of biometric technology like fingerprint scanning, can help to prevent credit card fraud.

More than anything else, MasterCard is attempting to limit how many legitimate transactions are being declined while users are traveling abroad. Apparently, this is a bigger problem than actual credit card fraud. As reported by The Financial Times, there’s roughly $118 billion worth of false declines every year, which is considerably more money lost than is the case with credit card fraud–13 times more, to be specific. By using biometrics technology, MasterCard is looking to handle both the fraud and false decline problems.

Of course, the question that needs to be asked is whether or not these technologies are secure for users. Phones, tablets, and other mobile devices can be hacked just as easily as any desktop infrastructure. ITProPortal offers some insight into what will be necessary for mobile payment systems to take off:

“User devices are notoriously prone to penetration by cyber criminals – whether that’s as a result of users adapting their devices or overriding device security parameters, or using unsecured public WiFi when transacting online. Which means biometric data will need to be encrypted to ensure it cannot be stolen – otherwise we open a whole new vector for identity theft. What’s more, rigorous PCI standards already exist to protect users and merchants, especially where liability is concerned should things go wrong. What’s not clear in this scenario is whether liability will shift – and to whom. Quite simply, we’re in new territory here.”

What’s most interesting here is the liability aspect; if a user isn’t securing the mobile device used for payment, can they be considered at fault for the theft of their data? If so, it completely changes the way that financial institutions and payment compliance works. Also, what happens if biometrics are hacked? You can’t exactly issue a new face or a fingerprint with a new credit card number. These are critical possibilities that need to be addressed before biometric two-factor authentication for mobile payment systems can be implemented.

What are your thoughts on mobile payment authentication using a selfie-based system? Let us know in the comments.