Sunnie Yi Ning ’18
MasterCard has announced that it will accept selfie photographs and fingerprints as alternatives to passwords when verifying identification for online payments. Clearly, MasterCard has become a pioneer in welcoming new biometric technologies to the mobile world. The selfie will be mapped against a stored image on file for verification. For those not into selfies, fingerprints will also be available.
The new system is the first of many new biometric technologies that MasterCard would like to explore. The company aims to improve identity verification for mobile phone payments and other wearable devices. It is also testing voice and iris scanning as a means to authenticate credit card transactions and prevent fraud. The technology is also designed to mitigate false declines: in the past year, the value of false declines has hit $118 billion.
By removing more barriers, the technology will also incentivize consumers to buy more. According to trials in the Netherlands and United States, MasterCard claims that 92 percent of participants preferred the new selfie approach.
However, as with each new technology, many question the reliability of the system. Security researchers have pointed out that both facial scans and fingerprint sensors are liable to fraud, even if users have to blink for the selfie to prove they are real humans. Faking a fingerprint is easy. A security researcher at Yokohama National University used a method allowing him to “take a photograph of a latent fingerprint (on a wineglass, for example)” and re-create it. The technique is good enough to fool biometric scanners 80 percent of the time. If hackers manage to create a fake fingerprint, you cannot just change your fingerprint as you can with a password.
Privacy is also a huge concern with the new biometric systems, as researchers point out. As threats to online security increase, giving out fingerprint information and selfies to private companies like MasterCard might cause more trouble than we think. A leak of this information might lead to more serious issues than credit card fraud, such as false crime charges.
Even though biometric technologies are a booming business with many potential applications, law enforcement does not seem to be catching up with this current trend. The legal status of most types of biometric data is unclear, especially with regard to facial recognition. Only two states have laws that require consumer consent on the collection of biometric information.
In this case, it seems that consumers don’t have much say in choosing the boundaries of privacy. With the increasing expansion of biometric technology, it is almost certain that what used to be our private information will soon go public. What previously only the government had the right to collect will be acquired by businesses as well. Unfortunately, our society is not yet prepared for that major shift. Granted, biometric technology provides consumers with an easier experience, which is possibly more secure too. Nonetheless, the public needs to be better informed of the risks, and the legal tortoises should keep up with the technology rabbits before bad influences outweigh good intentions.