MasterCard is bringing a new dimension to online shopping: facial scans.
CNNMoney reported Thursday (July 2) that upon choosing whatever items an account holder is buying, MasterCard will ask users to snap a photo with their phones at checkout. CNN says the photo scanning is easier to remember than a password.
The biometric-based ID option is likely to debut this fall, according to CNN, via pilot program. In addition to facial recognition, fingerprint scanning will also be an option. With a limited test run of about 500 customers, it’s too early to tell what the full rollout might entail.
But, as CNN notes, MasterCard is teaming up with every smart device maker, ranging from Apple to BlackBerry to Samsung. And other user-centric methods of approving transactions might extend to voice or even heartbeat recognition.
In a blow-by-blow account of the user experience with the MasterCard program, CNN reported that individuals will have to download the MasterCard app; the company will then ask via popup for authorization after a payment is made. The user can choose a fingerprint scan, which takes a simple touch on the device. The fingerprint-based payment uses a code that resides within the device. Alternatively, if the facial recognition feature is chosen, the user must blink at the device.
The move toward biometrics comes even as MasterCard has a successful shopping security program in place that is known as SecureCode. This program requires users to supply passwords when they shop online, a move that is billed as effective against credit card hacks. SecureCode was used across 3 billion transactions last year, the company said.
Referring to data concerns, CNN said MasterCard’s user biometric information would remain on its servers. And, noted the news site, that strategy makes some cybersecurity experts “uncomfortable,” as they say data should in fact stay stored on user devices rather than company servers.
“I understand why they’d want that data, but no, I do not like it,” said Robert M. Lee, cofounder of Dragos Security, a consulting firm. “From a privacy aspect, it’s awful, but from a business perspective, I don’t understand why they’d accept that risk.”