FINANCIAL OUTFIT MasterCard has launched its mugshot-based authentication service in Europe following trials in the US, Canada and the Netherlands.
The technology replaces the standard password format with, er, a selfie, and is rolling out in 12 European countries including the UK.
The service will replace the existing MasterCard check-out process that appears during purchases at individual retailer sites, manifesting as a pop-up to accept a selfie or a fingerprint scan.
"This is a significant milestone in the evolution of payments," said Ajay Bhalla, president of enterprise, security and risk at MasterCard.
"Shopping in person has been revolutionised thanks to advances like contactless cards, mobile payments and wearables, and now we are making Identity Check Mobile a reality for online shopping in Europe and soon the world."
The use of high-resolution stills to fool the system has apparently been counteracted by the MasterCard application insisting that the user blinks.
However, nothing has so far been said about how well Identity Check Mobile will deal with short, moving videos, for example a WhatsApp capture of a person in which they blinked.
MasterCard has cited "convenience" and "mitigating the risk of fraud" as chief reasons for offering the selfie security.
The company claimed that 75 per cent of its users who took part in a trial in the first three countries believed that selfies will reduce fraud.
However, when TechCrunch asked MasterCard to provide more information on where the biometric information from the security applications is stored, the answer was somewhat vague.
"As an industry, we are moving toward storing biometrics in all instances at the device level. Fingerprints are stored at the device level and we are currently prototyping face recognition to be converted and stored as encrypted code on some devices," said a spokesperson.
Which dances nicely around what's apparently a glaring problem. The fingerprints are stored at device level, which isn't completely secure if the device is lost, but the destination of the face information remains unclear.
Overall, it feels like MasterCard may have successfully loaded potentially unprotected biometric security processes onto a popular gravy train, and that the element of "convenience" is more applicable to the company itself as it faces stiff competition from Apple and Google in the digital wallet space. µ
C3-PO, R2-D2, BB-8 and other Androids
Helpful cyber vigilante gets short changed by customer services
...you know, now it's less confusing...
Firm will no longer provide updates for its first Android mobe