At Mobile World Congress this week, MasterCard announced that it plans to roll out a new 'selfie'-based authentication method for online purchases.
After successful tests of the service in the U.S. and UK, MasterCard says that it will offer the authentication option, which involves using a smartphone, tablet or PC app in conjunction with a front-facing camera to verify a person's identity after entering credit card information, in 14 countries this summer.
Initially rolling out in the UK, U.S., Canada, Netherlands, Belgium, Spain, Italy, France, Germany, Switzerland, Norway, Sweden, Finland and Denmark, MasterCard says that its test base far preferred the selfie option to that of a password, which is currently required by MasterCard and its competitor, Visa, when making online purchases.
Since most online purchases are still made on devices with larger screens, such as tablets or laptops, MasterCard has built in a handoff workflow that sends a push notification to a smartphone, which opens the payment company's verification app. iPhone customers will also be able to use the Touch ID sensor on devices released after 2013.
From the BBC:
"Consumers hate passwords," declared Ajay Bhalla, chief of the firm's safety and security division. "We know the most commonly used password is 123456, so they are not secure, and people also use the same passwords for multiple sites. If one site gets hacked all the places that you use the same password get compromised - they are a big pain.
"In the modern world everyone has a mobile phone and there is internet connectivity everywhere. So, we should be able to use biometrics [instead] to authenticate ourselves."
MasterCard is also testing another form of biometric authentication in the form of electrocardiogram, or EKG, wearables. Partnering with Toronto-based Nymi, MasterCard completed the first mobile payment using a EKG-based wristband, the Nymi Band, in mid-2015. Heartbeat authentication is considered considerably more difficult to mimic or hack, since after an initial identity check, the wearer provides "constant authentication," according to MasterCard's Bhalla. It's unclear when MasterCard plans to roll out EKG authentication to the masses, but it won't be until the infrastructure is more mature; very few smartphones or wearables provide 24-hour heart rate monitoring today.
Companies like Microsoft and Google have been using facial recognition to authenticate users for some years, but MasterCard would be the first company to do so for payments.
According to a MasterCard study, nine out of 10 people prefer biometric authentication over having to remember alphanumeric passwords, and three-quarters of respondents believe that it will decrease fraud.