Stories
Slash Boxes
Comments

SoylentNews is people

Mastercard Will Roll Out Pay-by-Selfie Across Europe

posted by CoolHand on Wednesday October 05 2016, @10:45PM   Printer-friendly
from the no-privacy-concerns-here dept.

Phoenix666 writes:

MasterCard's "selfie pay" will be coming to Europe next year after trials in the US, Canada and the Netherlands.

The financial services firm is rolling out biometric technologies that will allow European consumers to authenticate their identity without a password, but with a selfie, in order to provide customers with a more convenient method to sign in and a faster checkout process. Security firms view the development as another sign of the mainstream availability of biometric authentication, comparing it to the introduction of TouchID fingerprint authentication technology in the iPhone.

Javvad Malik, security advocate at enterprise security tools firm AlienVault, said that "selfie pay" is seemingly an attempt to bridge the gap between a fully authenticated method, such as chip and PIN – and unauthenticated payments methods such as contactless.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Mastercard Will Roll Out Pay-by-Selfie Across Europe | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Informative) by stormwyrm on Thursday October 06 2016, @12:35AM

    by stormwyrm (717) on Thursday October 06 2016, @12:35AM (#410887) Journal

    Once again, Bruce Schneier has an old article [schneier.com], about this very thing.

    On the other hand, some biometrics are easy to steal. Imagine a remote system that uses face recognition as a biometric. "In order to gain authorization, take a Polaroid picture of yourself and mail it in. We'll compare the picture with the one we have in file.'' What are the attacks here?

    Take a Polaroid picture of Alice when she's not looking. Then, at some later date, mail it in and fool the system. The attack works because while it is hard to make your face look like Alice's, it's easy to get a picture of Alice's face. And since the system does not verify when and where the picture was taken--only that it matches the picture of Alice's face on file--we can fool it.

    Schneier's essay was written in 1999, before digital cameras and selfies became commonplace, hence the reference to Polaroids, but the description of the system from the article doesn't seem to have any essential difference from the silly system that Schneier describes, and is subject to essentially the same attack. What's to stop any random scammer from taking a picture of Alice while she's not looking, and then sending that to MasterCard to get them to authorise payments against her cards? Everywhere it seems, the exact same mistakes and abuses of biometrics that Schneier warned about seventeen years ago are being made.

    The moral is that biometrics work well only if the verifier can verify two things: one, that the biometric came from the person at the time of verification, and two, that the biometric matches the master biometric on file. If the system can't do that, it can't work. Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look.

    --
    Numquam ponenda est pluralitas sine necessitate.
    Starting Score:    1  point
    Moderation   +3  
       Insightful=1, Informative=2, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 2) by arslan on Thursday October 06 2016, @01:59AM

    by arslan (3462) on Thursday October 06 2016, @01:59AM (#410918)

    Yea I was thinking the same thing. Lot a lot of details in TFA. The only way I can see this working is if the picture is also sent together with a unique signature + OTT token like maybe generated off the iPhone's (assuming iPhone) biometric scanner over a secure channel...

  • (Score: 2) by mhajicek on Thursday October 06 2016, @02:41AM

    by mhajicek (51) Subscriber Badge on Thursday October 06 2016, @02:41AM (#410925)

    And if it asks you to blink, you just need some video. Most people blink frequently.

    --
    The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek

    • (Score: 0) by Anonymous Coward on Thursday October 06 2016, @03:05PM

      by Anonymous Coward on Thursday October 06 2016, @03:05PM (#411117)

      Or use an image and add the blink electronically. I'm sure that is possible (and it only has to be convincing for the software, not for a human).

  • (Score: 2) by Hairyfeet on Thursday October 06 2016, @03:42AM

    by Hairyfeet (75) <reversethis-{moc ... {8691tsaebssab}> on Thursday October 06 2016, @03:42AM (#410951) Journal

    Hell you don't even have to take a pic of Alice when she isn't looking because if she is one of that irritants that takes selfies she has plastered the damned things all over the fucking Internet so help yourself.

    Ya know there is dumb and there is "WTF were they smoking when they come up with THAT shit?" and I'd say this firmly falls into the latter as anybody with a teeny tiny bit of common sense knows the selfie twats are narcissists and splatter those things to every social media site they possibly can and you are gonna use THAT for a security feature involving large sums of money? Yeah...good luck with that.

    --
    ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.

    • (Score: 0) by Anonymous Coward on Thursday October 06 2016, @06:11AM

      by Anonymous Coward on Thursday October 06 2016, @06:11AM (#410983)

      They smoke your privacy and they like it.