Stories
Slash Boxes
Comments

SoylentNews is people

Mastercard Will Roll Out Pay-by-Selfie Across Europe

posted by CoolHand on Wednesday October 05 2016, @10:45PM   Printer-friendly
from the no-privacy-concerns-here dept.

Phoenix666 writes:

MasterCard's "selfie pay" will be coming to Europe next year after trials in the US, Canada and the Netherlands.

The financial services firm is rolling out biometric technologies that will allow European consumers to authenticate their identity without a password, but with a selfie, in order to provide customers with a more convenient method to sign in and a faster checkout process. Security firms view the development as another sign of the mainstream availability of biometric authentication, comparing it to the introduction of TouchID fingerprint authentication technology in the iPhone.

Javvad Malik, security advocate at enterprise security tools firm AlienVault, said that "selfie pay" is seemingly an attempt to bridge the gap between a fully authenticated method, such as chip and PIN – and unauthenticated payments methods such as contactless.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Mastercard Will Roll Out Pay-by-Selfie Across Europe | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by DECbot on Wednesday October 05 2016, @10:53PM

    by DECbot (832) on Wednesday October 05 2016, @10:53PM (#410865) Journal

    Remind me again how your phone recognizes the difference between taking a picture of you and taking a picture of a picture of you.

    --
    cats~$ sudo chown -R us /home/base

    • (Score: 2) by broggyr on Wednesday October 05 2016, @11:09PM

      by broggyr (3589) <{broggyr} {at} {gmail.com}> on Wednesday October 05 2016, @11:09PM (#410870)

      I had a tablet that would unlock via facial recognition. It would ask you to blink to be sure it wasn't a photo.

      --
      Taking things out of context since 1972.

      • (Score: 3, Touché) by Scruffy Beard 2 on Wednesday October 05 2016, @11:15PM

        by Scruffy Beard 2 (6030) on Wednesday October 05 2016, @11:15PM (#410872)

        ... Because moving picture technology has not been invented yet...

      • (Score: 1, Funny) by Anonymous Coward on Wednesday October 05 2016, @11:34PM

        by Anonymous Coward on Wednesday October 05 2016, @11:34PM (#410874)

        Ever seen those paper books with moving parts or animations made with paper objects? I sure would like to test one against that recognition.

      • (Score: 3, Funny) by krishnoid on Thursday October 06 2016, @02:47AM

        by krishnoid (1156) on Thursday October 06 2016, @02:47AM (#410928)

        Pfft, this is the future we're talking about! Now it'll ask you to duckface.

    • (Score: 0) by Anonymous Coward on Thursday October 06 2016, @12:20AM

      by Anonymous Coward on Thursday October 06 2016, @12:20AM (#410885)

      Forget about the middle steps. How does MasterCard prevent me from pointing my camera at you and logging into your account? While you're blinking at your camera you're also blinking at my camera. I guess you'd get a notification of a new sign-in from a new device, but that's after the fact.

      • (Score: 3, Interesting) by Francis on Thursday October 06 2016, @12:53AM

        by Francis (5544) on Thursday October 06 2016, @12:53AM (#410893)

        The relevant question here ought to be whether or not this is more secure than the current system. Nobody has invented a method of verification that is completely impossible to crack, it's just that some are easier than others. Showing up in person is generally quite reliable, except in cases where you've got an identical twin or they can find somebody that looks and sounds like you that they can train to act and think like you as well.

        Obviously, that's incredibly unlikely, but it's technically possible. I'm sure there's even folks that share fingerprints, especially given that fingerprint scanners usually don't attempt to match absolutely every aspect of the fingerprint in the first place.

        OTOH, selfies are a particularly bad idea as you've got to store that biometric data somewhere and it has to be accurate enough to just let the right person in, but inaccurate enough that if you've got more stubble than usual you can still get in.

      • (Score: 2) by bob_super on Thursday October 06 2016, @01:02AM

        by bob_super (1357) on Thursday October 06 2016, @01:02AM (#410896)

        This completely fools me because my usual $5 wrench technique leaves people only able to blink with the remaining eye...

        • (Score: 3, Funny) by Bogsnoticus on Thursday October 06 2016, @02:58AM

          by Bogsnoticus (3982) on Thursday October 06 2016, @02:58AM (#410935)

          Thats why you go to the backup plan of introducing their fingernails to a pair of pliers.
          Or knuckles to a ball-peen hammer.
          Or testicles to a couple of bricks.

          No, I'm not a member of any 4 letter security service. Just someone who has worked out ways to stop users fucking with my printers.

          --
          Genius by birth. Evil by choice.

          • (Score: 0) by Anonymous Coward on Thursday October 06 2016, @04:49AM

            by Anonymous Coward on Thursday October 06 2016, @04:49AM (#410967)

            Yeah. You sound experienced.
            Which 3 letter agency do you work for?

            • (Score: 0) by Anonymous Coward on Thursday October 06 2016, @06:21AM

              by Anonymous Coward on Thursday October 06 2016, @06:21AM (#410988)

              Sounds to me like he works for FUN.

              • (Score: 2) by maxwell demon on Thursday October 06 2016, @07:28AM

                by maxwell demon (1608) on Thursday October 06 2016, @07:28AM (#411005) Journal

                Sounds to me like he works for FUN.

                Fucking Unshowered Nerds?

                --
                The Tao of math: The numbers you can count are not the real numbers.

            • (Score: 2) by Bogsnoticus on Thursday October 06 2016, @06:41AM

              by Bogsnoticus (3982) on Thursday October 06 2016, @06:41AM (#410993)

              I'm not employed by any 3, or 4 letter agency to do any of these things.
              I volunteer.

              Damn, now I've said too much. Kindly put on this canvas jacket, yes the one that allows you to hug yourself, while I set up the DVR to endlessly stream all things Kardashian for your viewing pleasure.

              --
              Genius by birth. Evil by choice.

              • (Score: 2) by DECbot on Thursday October 06 2016, @01:44PM

                by DECbot (832) on Thursday October 06 2016, @01:44PM (#411083) Journal

                My Austrian and German colleagues call it the no smoking jacket.

                --
                cats~$ sudo chown -R us /home/base

          • (Score: 3, Funny) by driverless on Thursday October 06 2016, @08:16AM

            by driverless (4770) on Thursday October 06 2016, @08:16AM (#411014)

            Thats why you go to the backup plan of introducing their fingernails to a pair of pliers.

            Or a coupla hard pipe-hittin' niggas and a blowtorch, and let them get medieval on his ass.

    • (Score: 2) by r1348 on Thursday October 06 2016, @06:09AM

      by r1348 (5988) on Thursday October 06 2016, @06:09AM (#410982)

      This will give new meaning to "mugged and shot".

  • (Score: 2) by MostCynical on Wednesday October 05 2016, @10:54PM

    by MostCynical (2589) on Wednesday October 05 2016, @10:54PM (#410866) Journal

    one one hand, people who take "selfies" don't need any encouragement
    on the other, MasterCard might now appeal to that sort of person.

    Will this mean more selfie-taking Mastercard customers, and more people who don't like those sort of people boycotting Mastercard?

    http://theoatmeal.com/comics/selfies [theoatmeal.com]

    also, related: http://theoatmeal.com/comics/selfie_stick [theoatmeal.com]

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex

  • (Score: 5, Insightful) by edIII on Thursday October 06 2016, @12:23AM

    by edIII (791) on Thursday October 06 2016, @12:23AM (#410886)

    Yeah, that's exactly what we fucking need. Master Card with all of your transaction data, your biometric data, and pictures of the environment you're in, along with everyone else there. Should we also send our diaries to Master Card? Oh wait, they just need to pay Facebook for that! LOL

    How about we move to systemic privacy instead of systemic privacy invasion?

    I will not adjust to this future well, and will start destroying the equipment that takes away my privacy so forcefully.

    That and selfies are so fucking stupid and annoying, I'm beside myself on why anyone thought they had security value. Facial recognition technology has been fooled with pictures and this would only result in mass information leakage, not actual increases in security.

    Seriously. Somebody will bypass this system by pulling a Facebook photo from the Internet and passing it into the security app as if it came from the camera. If regular people have access to base tech for the readers (smartphones), then I can go into a Starbucks/Whole Foods and start cataloguing the rich folks to steal from later.

    Unless the identifying pieces of information are contained in "wet storage" or tamper resistant tech like chip & pin, the attackers have access to the information that allegedly would only authenticate you.

    Tech like this falls under the category of too-stupid-too-work-but-stupid-enough-to-sell.

    --
    Technically, lunchtime is at any moment. It's just a wave function.

  • (Score: 5, Informative) by stormwyrm on Thursday October 06 2016, @12:35AM

    by stormwyrm (717) on Thursday October 06 2016, @12:35AM (#410887) Journal

    Once again, Bruce Schneier has an old article [schneier.com], about this very thing.

    On the other hand, some biometrics are easy to steal. Imagine a remote system that uses face recognition as a biometric. "In order to gain authorization, take a Polaroid picture of yourself and mail it in. We'll compare the picture with the one we have in file.'' What are the attacks here?

    Take a Polaroid picture of Alice when she's not looking. Then, at some later date, mail it in and fool the system. The attack works because while it is hard to make your face look like Alice's, it's easy to get a picture of Alice's face. And since the system does not verify when and where the picture was taken--only that it matches the picture of Alice's face on file--we can fool it.

    Schneier's essay was written in 1999, before digital cameras and selfies became commonplace, hence the reference to Polaroids, but the description of the system from the article doesn't seem to have any essential difference from the silly system that Schneier describes, and is subject to essentially the same attack. What's to stop any random scammer from taking a picture of Alice while she's not looking, and then sending that to MasterCard to get them to authorise payments against her cards? Everywhere it seems, the exact same mistakes and abuses of biometrics that Schneier warned about seventeen years ago are being made.

    The moral is that biometrics work well only if the verifier can verify two things: one, that the biometric came from the person at the time of verification, and two, that the biometric matches the master biometric on file. If the system can't do that, it can't work. Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look.

    --
    Numquam ponenda est pluralitas sine necessitate.

    • (Score: 2) by arslan on Thursday October 06 2016, @01:59AM

      by arslan (3462) on Thursday October 06 2016, @01:59AM (#410918)

      Yea I was thinking the same thing. Lot a lot of details in TFA. The only way I can see this working is if the picture is also sent together with a unique signature + OTT token like maybe generated off the iPhone's (assuming iPhone) biometric scanner over a secure channel...

    • (Score: 2) by mhajicek on Thursday October 06 2016, @02:41AM

      by mhajicek (51) on Thursday October 06 2016, @02:41AM (#410925)

      And if it asks you to blink, you just need some video. Most people blink frequently.

      --
      The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek

      • (Score: 0) by Anonymous Coward on Thursday October 06 2016, @03:05PM

        by Anonymous Coward on Thursday October 06 2016, @03:05PM (#411117)

        Or use an image and add the blink electronically. I'm sure that is possible (and it only has to be convincing for the software, not for a human).

    • (Score: 2) by Hairyfeet on Thursday October 06 2016, @03:42AM

      by Hairyfeet (75) <bassbeast1968NO@SPAMgmail.com> on Thursday October 06 2016, @03:42AM (#410951) Journal

      Hell you don't even have to take a pic of Alice when she isn't looking because if she is one of that irritants that takes selfies she has plastered the damned things all over the fucking Internet so help yourself.

      Ya know there is dumb and there is "WTF were they smoking when they come up with THAT shit?" and I'd say this firmly falls into the latter as anybody with a teeny tiny bit of common sense knows the selfie twats are narcissists and splatter those things to every social media site they possibly can and you are gonna use THAT for a security feature involving large sums of money? Yeah...good luck with that.

      --
      ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.

      • (Score: 0) by Anonymous Coward on Thursday October 06 2016, @06:11AM

        by Anonymous Coward on Thursday October 06 2016, @06:11AM (#410983)

        They smoke your privacy and they like it.

  • (Score: 1, Insightful) by Anonymous Coward on Thursday October 06 2016, @08:12AM

    by Anonymous Coward on Thursday October 06 2016, @08:12AM (#411011)

    People used to think that those "security questions" were a great idea. Mothers maiden name, name of your dog, all that crap. Back then, the idea was that only you would know those things.

    Nowadays, the answer to all of those questions (it's always a list of predefined questions) can be found on Facebook.

    This is just reinventing the same stupidity.

    "If the answer can be found on Facebook anyway, why not simply use a selfie?"

    • (Score: 0) by Anonymous Coward on Thursday October 06 2016, @03:03PM

      by Anonymous Coward on Thursday October 06 2016, @03:03PM (#411116)

      Mothers maiden name, name of your dog, all that crap. Back then, the idea was that only you would know those things.

      What, they thought your mother would not know your mother's maiden name?

    • (Score: 0) by Anonymous Coward on Thursday October 06 2016, @04:21PM

      by Anonymous Coward on Thursday October 06 2016, @04:21PM (#411138)

      nobody said the answers you gave to the system had to be factually correct

      they just need to be consistent

      so if you always answer that your mother's maiden name was jane jetson, it works well enough...

      • (Score: 2) by Scruffy Beard 2 on Friday October 07 2016, @03:09PM

        by Scruffy Beard 2 (6030) on Friday October 07 2016, @03:09PM (#411512)

        They usually ask a series of "security" questions.

        That means you need to remember 5-6 passwords instead of 1.