MasterCard wants to use your face to help fend off fraudsters. Using a new system called MasterCard Identity Check -- or, colloquially, "selfie pay" -- the credit card company will use biometric methods like face recognition and fingerprint scans to better secure online shopping.
Right now, Mastercard offers a feature that financial institutions can enable that lets customers set up a password for online payments to help prevent fraud. The new system will use the same principle, but instead of relying on a password that could be forgotten or stolen, it uses your face or fingerprint.
Consumers will go through all the normal steps of filling out credit card information when making an online purchase, but this feature adds another step: The website will send a notification through an app on customers' smartphones that asks them to verify their identity. This can be done either through a fingerprint scan or by using the phone's camera to take a brief, selfie-like, video.
When taking the "selfie," the user will have to blink to prove that it's a live person and not just an old photo being used to spoof the system.
MasterCard started testing the feature with nearly 1,000 consumers in the United States and the Netherlands last year. It plans to make it more broadly available through partnered banks this summer in the United States, the United Kingdom, Canada and potentially other markets.
Various smart wallet systems, including Apple Pay, already use fingerprint scans to let customers prove their identities when making purchases. Last year, USAA -- a financial services company that offers banking to members of the armed forces and their families -- rolled out a feature that lets customers use a similar blinking selfie test or voice recognition to log into their mobile banking app. And HSBC will soon roll out tech that offers fingerprints and voice recognition to help identify patrons of a U.K. subsidiary.
The rise of biometrics comes as managing multiple passwords has become overwhelming for users and driven them to poor digital hygiene practices, such as reusing passwords.
But using things like fingerprints and facial recognition tech to verify identities comes with its own set of risks. For one, they generally aren't secrets: Your face is probably plastered all over social media profiles and captured by many different surveillance cameras every day while you leave fingerprints on almost everything you touch. Biometrics are also permanent: If a password gets compromised, you can change it -- but it's much harder, if not practically impossible, for most people to change their face or fingerprints.
That means that when entities like MasterCard start using biometric techniques for verification purposes, it's extra important that the information stay secure -- which the company says it will ensure through data protection measures such as encryption.
The fingerprint data will be processed and stored locally on the device, according to MasterCard. For facial recognition, users will snap an initial photo of their face that will be converted into a string of 0s and 1s. The original image will be destroyed, but the digitised protected version will be stored and matched to the blinking selfies to verify a user's identity.
"We are currently prototyping facial recognition to be converted and stored as encrypted code on the device as part of the MasterCard Identity Check rollout," said Jane Khodos, a vice president for communications at MasterCard.