February 3 2017
Aussies will soon be able to smile at their smartphones to confirm payments as credit card giant MasterCard prepares to bring its biometric authentication app to Australia.
There’s no magic bullet when it comes to security, while people complain about needing to remember logins and passwords they often balk at the idea of using biometrics like fingerprints and facial recognition to prove their identity. MasterCard attempts to strike a balance with MasterCard Identity Check, dubbed “Selfie Pay”, which uses biometrics to complement your passwords rather than replace them
MasterCard Identity Check has been available overseas for a while but it’s coming to Australia in 2017 – MasterCard unveiled the details at the Australian Open but wouldn’t be drawn on an exact launch date. When it does arrive we’ll see the release of a local MasterCard smartphone app, supporting both facial recognition and fingerprint readers, plus MasterCard will offer an API allowing financial institutions to build these features into their own apps.
The idea isn’t to let you shop on your good looks alone, instead MasterCard Identity Check will act as a form of two-factor authentication to double-check that someone else hasn’t broken into your account or stolen your card details. MasterCard holders won’t be forced to use it, instead it will be a free opt-in additional service.
A rough mockup of MasterCard’s facial recognition, using tennis champion Lleyton Hewitt. Photo: Supplied
At the moment SMS codes are one of the most common forms of two-factor authentication, with an online service sending a one-time code to your phone which you need to enter along with your password to access your account. This way even if someone discovers your password they still can’t break into your account unless they’re also holding your phone.
For an extra level of security some services use a smartphone app to generate the code, rather than sending an SMS, in order to thwart hackers who hijack mobile phone accounts in an effort to intercept text messages containing two-factor codes.
When you’re making an online purchase using your MasterCard with a participating retailer, the MasterCard app on your phone will pop up a notification asking you to authenticate. MasterCard says the app will be available for Apple, Android and Windows Phone devices, giving you the option to swipe a digit on the fingerprint reader or else snap your photo with the front camera.
As an extra layer of security, the app is linked to your specific handset. Unlike mobile payment platforms like Apple Pay, MasterCard Identity Check doesn’t require the cooperation of tech giants like Apple, Samsung and Google. It’s simply an agreement between MasterCard and your financial institution.
MasterCard doesn’t store your actual fingerprint or photo, nor are these images kept on your device. Instead the app analyses the face/fingerprint scan and uses an algorithm to generate a long string of numbers which is encrypted and then sent to MasterCard for comparison to the encrypted string they have on file. The app examines 72 points when studying your face, plus the process requires you to blink in order to prove that you’re not trying to trick it with a photograph.
If it’s a match the online purchase is approved and the app discards the photo and fingerprint. There’s also the potential for banks to build this into their own apps, as an extra layer of security for mobile banking. Your bank could also call you to query suspected fraudulent transactions and ask you to use MasterCard Identity Check to confirm your identity.
Thankfully MasterCard Identity Check is optional, there’s nothing forcing you to use it if you’re not sold on the merits of biometrics, but it’s handy to have one more option at your disposal if you’re looking to stay safe online. Have you embraced biometrics? What won you over?