During the past summer, MasterCard was experimenting with a new security feature: approving online purchase with a facial scan. Instead of memorizing the password, buyers must snap a photo of their face at checkout. This new feature is similar to Apple’s fingerprint scanner in a way to help stop hackers from using buyer’s card on the web. According to the company’s representative, MasterCard chose this feature in order to adapt to the new generation’s trend of snapping selfies. This technique was to be experimented with 500 customers.
Here’s how it works:
1. Download the MasterCard phone app.
2. A pop-up will ask for your authorization after a purchase.
3. You can either choose to use fingerprint scanning or face recognition; for fingerprint, all you have to do is touch the screen, and for face recognition, you have to stare at the screen and blink once.
MasterCard suggests that blinking is a way to prevent thieves from using a picture of you in order to fool the system. They also promise that MasterCard would not be able to reconstruct your face, and that the data would remain safe on the company’s computer server. Once the scan has mapped out your face, it will be converted into 1s and 0s, and the data will be transmitted to MasterCard through the Internet.
Some people believe that this technique is a threat to privacy because the user’s photo will be available along with his or her personal information. However, others argue that they are storing an algorithm, instead of an actual picture of the user.
Personal thoughts: It is true that technology like fingerprint scanning and face recognition can prevent hackers from breaking into our account and using our credit card, however, it can also threaten our privacy by revealing our true face and identity.
What do you think about using face recognition to approve your web purchases? Since many of us take selfies on a daily basis, would you enjoy using this feature? Would this be able to secure your credit card information, or would it post as a threat to your privacy?
Reference:
http://money.cnn.com/2015/07/01/technology/mastercard-facial-scan/
I think this has great potential, but it does not come without flaws. It has been discussed already how this may in fact be a bigger threat to security and privacy than actual protection. It doesn’t seem all that hard to crack for intelligent people that do this kind of thing. I do think that this should be implemented in succession, and believe that it will be used in trial and error. I agree that double authentication could and would solve some of these protection issues. As we’ve discussed in class, Penn State is currently gearing up to apply this process with students. Personal information should not be shared with anyone that does not have permission. Cyber security is becoming more and more of a conflict these days with the advancement of technology and the increased demand for this information. Like many new developments in technology these days, the growth of the software should be incredible and not too far away. This is definitely a story that I will be following closely, as it continues to develop.
I think that this MasterCard feature is great. For someone who uses MasterCard, I like having the added security option. Whether this feature has the potential to eliminate even a small percentage of credit card hackers, we have yet to see, but I firmly believe that any form of personal recognition adds a certain level of security that cannot be matched by a 10 character password.
Although adding personal recognition, like fingerprints and facial recognition, may be a threat to privacy, there are a lot of other systems out there that use these recognition tactics. For example, every time we fly into the United States, we must go through customs. When entering the United States, the airport uses a facial recognition system to take our picture to validate that it matches our passport information. Is this a threat to our security too? Some may argue that it is but giving personal information to a secondary body such as the government, airport, or a company is a threat to our security because our information is not longer private to us. I think it’s fair to argue that features like facial recognition and fingerprints increase the desirability for hackers, but again, it is up to the user whether he or she wants to use this feature. This feature is not mandatory for MasterCard users.
For those who do chose to use this feature, I am curious as to what features MasterCard uses to recognize individuals. What kind of process would you have to go through if you decided to change your looks? Is this recognition sensitive to females who wear make up and can often change the way they look entirely? Although I think the concept is great, and will probably use this feature when it is launched, MasterCard still has a lot of details to work out.
This is an interesting idea that’s been gaining a lot of popularity, but in my experience hasn’t been very accurate. When I got my first android phone it has a feature that to unlock the phone required facial recognition that is similar. I found in my experience that it never seemed to work though. My phone had to be held at the same angle as the original picture with the same lighting, otherwise it wouldn’t recognize my face. Granted, this was a few years ago so the software has probably improved since then.
However, from what I’ve read, the software still seems pretty easy to beat. In this article (http://www.popsci.com/its-not-hard-trick-facial-recognition-security), the person was able to take a video of himself and hold it up to the phone camera and got through the security. Now, for some people a video like this would be hard to get, but with social media in today’s age it is becoming increasingly easier to find something that can be used for anyone.
I would suggest instead a form of double authentication that will be similar to what Penn State is implementing. Everyone will have their phone on them or will be making the purchase on their mobile phone, so instead send a text message with a code that has to be typed in. The phone number can be set up in an online account that can only be changed by calling into the company, that way anyone can’t just steal your phone and change the registered number.
Mobile Security is a big topic that has to be addressed, so it’s good seeing companies like MasterCard putting it as their top priority and trying to make it stronger. I think over the next few years we’re going to see a lot of different techniques and ideas with things like this until they find one that works