Selfies, long the rage on social networks like Snapchat, Instagram and Facebook may now have a serious application as payment card giant MasterCard announced it will start using selfies to verify payments.
500 pilot users will now take a photo instead of keying in PIN numbers, a method MasterCard chief product security officer Ajay Bhalla says is targeted at youth, who are estimated take over 100 million selfies per day according to search company Google.
Bhalla said that Mastercard has partnered with all phone manufacturers on the new biometric security method.
“The new generation, which is into selfies … I think they’ll find it cool. They’ll embrace it,” Bhalla said. “This seamlessly integrates biometrics into the overall payment experience.
“You can choose to use your fingerprint or your face – you tap it, the transaction is okayed (sic) and you’re done.”
The U.S. based trial, which will be extended to other markets shortly, will have users hold their mobile phones at eye-level and blink once when instructed for the checkout process to complete.
The blink test is designed to stop attackers from using another photograph, though the new verification process will still lack a method of revocation. If a hacker group is able to impersonate a user, the only way to stop an attack is to not allow authorization through selfie (or fingerprint).
A password on the other hand can be easily revoked and a new one issued in its place, stopping the hackers yet allowing the user to continue making purchases.
Bhalla says the company is sensitive to privacy concerns and the images will not actually be sent to MasterCard but instead be converted to a format that will allow authentication but not be viewable to the human eye.
MasterCard is exploring other ways of removing the painful PIN numbers as well. Its currently experimenting with voice and and heartbeat recognition to help speedily and reliably approve transactions.