When payments pundits start talking mobile payments, there’s always two hot topics that are top of mind: biometrics and authentication.
Authentication, of course, has always been the “hot-off-the-press” type of buzzword that industry experts have debated. This includes the best methods — and technologies — to achieve the top security measures to ensure that identities are properly verified when it comes to mobile payments. That’s where the concept of TouchID, passwords and PINs came into the mix, but it didn’t take long for tech and payments companies to realize there’s probably more sophisticated ways to authenticate a payment.
Fingerprints? “So 2014,” some say. Iris scanning? Getting closer. But it seems, at least from the interest from Alibaba with Alipay, and more recently from MasterCard, more companies are throwing their hat into the biometrics ring to discuss how facial scanning authentication might be the next big thing in mobile payments.
Alibaba made it clear last year that it wants to have the selfie be the new way to pay. Perhaps the next wave of big “Pay” players might have “Smile Pay” in their names.
“Online payments are always a big headache. You forget your password … you worry about security,” said Alibaba founder Jack Ma at an event in March, speaking to a group of tech enthusiasts. He even pulled out his phone to take a selfie to show how easy it was to pay via facial scanning.
Alibaba’s vision for using facial scanning as the next big biometrics tech in the payments space hasn’t seemed to progress much in the past few months, at least what’s been publicly discussed. Reports also indicate that Alibaba and Ant Financial’s facial scanning tech would need approval from Chinese regulators, which could cause another hurdle in itself.
Meanwhile, Face++, the startup behind the facial recognition technology that would power that service, recently raised $25 million, which shows there’s a least some investors who believe in the concept, too. And that’s not all that shocking since figures from the Biometrics Research Group project the biometrics market is expected to grow to $15 billion in 2015 alone.
And just in the past week, MasterCard has shown up in the headlines as being interested in implementing technology to its mobile payment option that enables users to snap a photo with their phones at checkout. Scanning a photo, some suggest, is easier than remembering a password.
And in a world where selfie sticks and smartphones are becoming increasingly popular, there’s a population who’s more likely to embrace the new way to pay. At least one MasterCard executive thinks so.
“The new generation, which is into selfies … I think they’ll find it cool. They’ll embrace it,” said Ajay Bhalla, president of enterprise safety and security for MasterCard, in an interview.
But cutting down on fraud, of course, is the ultimate goal.
A CNNMoney report on the development said MasterCard’s biometric-based ID option is likely to debut this fall, but company representatives indicated the technology is still in testing mode. MasterCard is also working on developing its voice recognition tech — suggesting that MasterCard is staying afloat on the biometrics trend.
In addition to facial recognition, fingerprint scanning will also be an option. With a limited test run of about 500 customers, it’s too early to tell what the full rollout might entail. MasterCard is reportedly teaming up with every smart device maker, ranging from Apple and Google to BlackBerry and Samsung.
So how would the technology work?
Reports suggest that individuals would have to download the MasterCard app. The company will then ask via a popup message for authorization after a payment is made. The user can choose a fingerprint scan, which takes a simple touch on the device. The fingerprint-based payment uses a code that resides within the device. Alternatively, if the facial recognition feature is chosen, the user must blink at the device.
MasterCard’s tech wouldn’t involve taking an actual picture, rather it works by scanning the features of a person’s face, which is transmitted to MasterCard’s servers. As for fingerprint scans, that data is stored on the device.
The move toward biometrics comes even as MasterCard has a successful shopping security program in place that is known as SecureCode. This program requires users to supply passwords when they shop online, a move that is billed as effective against credit card hacks. SecureCode was used across 3 billion transactions last year, the company said.
But not every cybersecurity expert is on board with MasterCard’s interest in biometric facial scanning. MasterCard’s user biometric information would remain on its servers, which is what sparked the concern from one cybersecurity consultant who suggested the data stay stored in the devices.
“I understand why they’d want that data, but no, I do not like it,” said Robert M. Lee, cofounder of Dragos Security, a consulting firm. “From a privacy aspect, it’s awful, but from a business perspective, I don’t understand why they’d accept that risk.”
Another authentication expert, however, disagrees.
“They’re storing an algorithm, not a picture of you. And I’m sure they’re doing the appropriate stuff to guard it,” Phillip Dunkelberger, CEO of Nok Nok Labs, which creates technology that authenticates people, told CNNMoney.
Samsung has been getting serious about biometric authentication, too. And with its new mobile payment option, Samsung Pay, rolling out soon, it makes sense the company would be investing in new tech.
In April, Samsung revealed new plans to launch its own fingerprint scanning technology in its digital payment efforts. During that time, Samsung’s IT service unit Samsung SDS said it is working with South Korean payment gateway firms KG Mobilians and KG Inicis to introduce a fingerprint digital payment service. While the tool will first launch in South Korea, reports said Samsung is planning an eventual global rollout.
The technology, a biometrics authentication solution, is certified by the Fast Identity Online (FIDO) Alliance and thus complies with international standards for online identification, reports said. Microsoft, PayPal and Google are all also FIDO Ready members.
This, of course, is just the start of biometrics authentication tools for Samsung. Biometric authentication, the company said, is the way of the future as traditional online authentication mechanisms like passwords and certificates reduce their presence and become replaced by FIDO-approved innovations.
“Going forward, we plan to not only target hardware manufacturers that make smartphones but also provide our biometric solutions to online service and security companies,” said a spokesperson for Samsung in an interview. “We plan to offer clients that need biometrics solutions with various business models and offer differentiated authentication services.”
While Samsung hasn’t divulged exactly how the technology works, reports suggest the tool will use fingerprint, voice and iris recognition.
In early May, Samsung announced that it had signed an exclusive licensing agreement with SRI International to introduce iris recognition technology, called Iris on the Move, into Samsung mobile devices for B2B apps. Its new biometrics ID technology, however, is reportedly meant for digital payments technology, meaning it will likely be integrated into the company’s expected new Samsung Pay service.