To cut down on fraud while appealing to millennials, MasterCard (NYSE:MA) is testing facial recognition technology as a way to validate in-store and online transactions. Purchasers will be asked to take a picture of themselves—aka a selfie—with their smartphones. Fingerprint verification and voice recognition will also be tested as the credit card network embraces biometrics.
"The new generation, which is into selfies ... I think they'll find it cool. They'll embrace it," said Ajay Bhalla, president of Enterprise Safety and Security at MasterCard, who is responsible for creating innovative solutions for MasterCard's security challenges.
But not all younger people agree, reported USA Today. "If it's better for security, I'll take a selfie," Patricia Madej, a Temple University junior, said. "But if it's a step to appeal to millennials, then I think it's rather silly."
University of Minnesota junior Brent Vizanko said he's not sold on this facial recognition method, but thinks it's a good start to better credit card security. "At this point, I'm hesitant because it's not proven," Vizanko said. "Once it's established and [MasterCard] gets all the right algorithms, I'll be more inclined to use it."
Customers can set up a "SecureCode," according to CNN Money, which requires a password when shopping online. This was used in 3 billion transactions last year, the company said. Passwords can be forgotten, stolen or intercepted so banks are following the lead of the Apple iPhone fingerprint scanner, which started in 2013 and showed that customers are willing to use biometrics to prove their identity.
MasterCard will launch a small pilot program involving 500 customers that uses fingerprints and also facial scans. Once the technology is proven reliable, MasterCard plans a wide launch sometime after that. The company said it has partnered with every smartphone maker and is finalizing deals with two major banks.
To use it, consumers will first need to download the MasterCard phone app. Then a pop-up will ask for authorization during a transaction. Using a fingerprint, a touch is required. With facial recognition, users are simply instructed to stare at the phone and blink once. MasterCard has determined that blinking is the best way to keep criminals from holding up a photo of the customer to fool the system.
According to MasterCard, the company will not get an actual picture of a customer's finger or face. Fingerprint scans will create a code that stays on the device. Facial recognition scans will map a face, convert it to code and transmit the code over the internet to MasterCard.
MasterCard won't be able to reconstruct a person's face, and that information will transmit securely and remain safely on the company's computer servers, Bhalla said.
This, in turn, makes cybersecurity experts uncomfortable as they would prefer that this data stay on the individual's phone.
"I understand why they'd want that data, but no, I do not like it," said . "From a privacy aspect it's awful—but from a business perspective, I don't understand why they'd accept that risk."
While storing such information in one place could make it a more tempting target for cyber criminals, there is also some faith in MasterCard's security capabilities.
"They're storing an algorithm, not a picture of you. And I'm sure they're doing the appropriate stuff to guard it," said Phillip Dunkelberger, CEO of Nok Nok Labs, a company that creates technology to authenticate people.
MasterCard is also working with Canadian firm Nymi to develop technology that will approve transactions by recognizing a shopper's unique heartbeat.
Alibaba to launch biometric payments
Banks worried that retailers won't be ready for EMV
Got fingerprints? Biometric security isn't that simple
CES: Personal security concerns spur new credit card products
Retail security still very much under attack