MasterCard is launching a pilot program to help shoppers improve the security of their transactions by taking photos of themselves, according to the company.
The program focuses on biometric authentication, including methods such as facial identification, voice recognition and cardiac rhythm, through a wearable wristband.
“The new generation, which is into selfies, I think they’ll find it cool. They’ll embrace it. We want to identify people for who they are, not what they remember,” said Ajay Bhalla, president of enterprise safety and security at MasterCard.
By 2018, payments on mobile devices are expected to represent 30% of all online retail sales and the new standard will move security infrastructure beyond the PC era, supporting emerging technologies and changing consumer needs, the company said.
MasterCard said its pilot program will result in far fewer password interruptions at the point of sale. Cardholders will be able to identify themselves with the likes of one-time passwords, or fingerprint biometrics, rather than static passwords.
According to MasterCard Advisors, a typical consumer may have a card number stored in five or more locations and consumers have allowed thousands of merchants to store billions of credit and debit card numbers on their behalf.
MasterCard announced last year a new protocol, being co-created with Visa, could be adopted in 2015 and will gradually replace the current 3DSecure protocol, which requires a password when shopping online. Both MasterCard and Visa are piloting commercial tests for facial and voice recognition apps to authenticate cardholders.
Here is how the new security protocol works, according to MasterCard and BBC:
You have to download the MasterCard phone app to use the feature. MasterCard said a pop-up will ask for your authorization after you pay for something. If you choose fingerprint, all it takes is a touch. If you go with facial recognition, you stare at the phone — blink once — and you’re done. MasterCard’s security researchers decided blinking is the best way to prevent a thief from just holding up a picture of you and fooling the system.
MasterCard said it doesn’t actually get a picture of your finger or face. All fingerprint scans will create a code that stays on the device. The facial recognition scan will map out your face, convert it to 1s and 0s, and transmit that over the Internet to MasterCard.
Bhalla promised that MasterCard won’t be able to reconstruct your face — and that the information will transmit securely and remain safe on the company’s computer servers.