Moving from social media to commerce, the “selfie” is about to become verification for online transactions for Mastercard users.
An executive of the credit-card company says the “selfie verification” technology will be introduced in Singapore and other parts of Asia this year.
Known as Mastercard’s Identity Check, the system will let card holders use facial-recognition technology to match selfies against their photograph on file to ensure the veracity of online transactions.
“There could be an issue with twins, but I would need to have a bad twin,” says Mastercard executive VP for identity solutions Bob Reany. “They would have to break into my house, steal my phone and be at my location.”
With its prototype, Mastercard will convert head shots into encrypted code to be stored on a mobile device. The “selfie” would not need to be a perfect match, and banks would set the threshold for the accuracy of the matching.
“We’ll advise the bank and say ‘You don’t want to be too open and have only 20 per cent of the things match’. Then, everybody and their dog could use it,” says Reany.
The technology can either be as a standalone app or be integrated into an existing bank app. It can also work with other payment brands.
No specific date has been set for the launch in Singapore, where some banks provide not just tokenisation but also use two-factor authentication for transactions.
Already the technology has been rolled out in 12 markets in Europe.
Mastercard data shows that the rate of online payment fraud is more than three times higher than for physical transactions. Against this, banks are approving just 83 per cent of online transactions, compared to the 96 per cent for physical transactions.
Reany says cybercrime is also gaining in sophistication, with new forms of malware being evolved. He says the fraudsters are smart. “They are getting PhDs and are finding ways to commit fraud. What we have to do is ruin their business model.”
He says this runs along the enormous potential for growth in the online payment space, with the number of online and mobile transactions expected to double to 40 billion by 2020.
Tokenisation already cuts the risk of credit-card numbers being stolen from single individuals and the details being sold in larger batches on the dark web. With tokenisation, a card number is replaced by a unique set of numbers not tied to actual account details. Mastercard is now working to fill another gap by tokenising the card details merchants already have on file.
Reany says banks and payment companies need to combine various tools to create more secure authentication. This should so significantly raise the costs for criminals to exact fraud that the returns are no longer worth it. “If it’s not a scalable attack, we’re winning.”