MasterCard is moving from trials of facial biometrics for payment authentication, including one in the U.S. and Canada launched earlier this year, to its first proper rollout of what is colloquially referred to as ‘selfie pay’ (aka MasterCard Identity Check). So basically enabling app users to confirm an online payment by showing their face to their smartphone’s camera.
The biometric authentication app is being rolled out in Europe in the following markets: Austria, Belgium, the Czech Republic, Denmark, Finland, Germany, Hungary, the Netherlands, Norway, Spain, Sweden and the UK. The company said it plans to make the tech available to MasterCard users worldwide beginning next year, according to Engadget, which reported the European rollout earlier.
As well as selfies, MasterCard’s Identity Check app supports fingerprint biometrics, offering users a choice of authenticating a mobile payment with either their face or finger at the point of purchase — idea being to speed up ecommerce by eschewing the need for online shoppers to remember yet another password.
And there’s surely plenty of mileage in that need. MasterCard touted “convenience” as one of its motivations for developing the app when it announced the trial, back in March. The other being “mitigating the risk of fraud” for card-not-present purchases, while simultaneously seeking to grease the wheel of ecommerce.
Biometrics for payment authentication have also been building momentum after the launch of Apple’s Apple Pay fingerprint-powered system for iPhones and the Apple Watch. Various Android devices also include fingerprint readers, with different payments systems available in Google’s mobile OS ecosystem including Android Pay and Samsung Pay.
To make use of the MasterCard biometric authentication system, MasterCard users need to download the corresponding app and snap and send a selfie to provide the company with their facial biometric.
To get around attempts to spoof the authentication process — i.e. by holding up a static photo to the lens — the app requires the user to blink to confirm it’s really their face in shot.
One extant issue with using biometrics for authentication is that, unlike passwords, they cannot be changed. So let’s hope MasterCard is properly encrypting whatever biometric data it is storing/accessing. We’ve also asked MasterCard what else — if anything — it does with the selfies/facial biometric data it has access to and will update this post with any response.