Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MasterCard Expanding 'Selfie Pay' Following Successful Pilot Program

It sounds intriguing, I love the idea.

But then I think about what they're proposing...hosting your ID information and linked (non changeable) biometric information on an internet facing server (secured by a commercial company...trying to keep costs down of course). Companies still haven't figured out how to keep the bad guys from stealing their user data. Until then keep any biometric data (which is permanent and can't be changed) out of their hands no matter how "convenient" it appears to be.
 
69Mustang said:
That and the fact that I'm pretty sure facial rec takes the size of an actual face under consideration. There's a whole host of wrong with andy's comment. The least of which would be the refresh rate of the of the video source being held up to the camera. I gotta think Andy was making a funny.
Click to expand...

No, I'm quite serious, though the photos idea was silly and unnecessary. You could of course just play the video of them blinking, as two photos may well not be good enough if it's looking for the motion of blinking - you're right on that. But do you really think their algorithm does DSP fast enough to detect the refresh rate of a video? That assumes the camera input sample rate exceeds the output refresh rate, which I highly doubt. Then we're talking about doing a fuzzy comparison against two image samples in 16ms (1.0(second) / 60(hz), the minimum required to confirm every other sample is roughly the same) minus CPU time for all other processing, if we're trying to catch a 30hz refresh rate or lower - much less 60hz. After doing real-time audio DSP work on the iPhone, and imagining blowing those samples out to another dimension, it's not happening. Not going to say it's impossible, but I'd be incredibly impressed. Head size? Hold the camera closer to a Retina display, or to a TV.

I don't see it happening while you're standing at Target, but someone looking to commit fraud against a specific person, with plenty of time on their hands? I would be very surprised if it couldn't be done by the right (wrong?) people.
 
Last edited:
69Mustang said:
Why are people coming up with ideas that make no sense? How is the camera going to see a live photo? How are you going to leave the payment app to go get a live photo? How a...
Click to expand...
Using a 2nd phone with spoofed live photo, hold it in front of the camera on the 1st phone.
 
69Mustang said:
Why are people coming up with ideas that make no sense? How is the camera going to see a live photo? How are you going to leave the payment app to go get a live photo? How a...
Click to expand...

Step #1 Attach a screen to the mobile like the lenses for the iPhone.
Step #2 Play video.
Step #3 Profit.
 
Using biometrics to ensure security and that the person using the device to make a payment is an authorized user on the account... This is a good thing.

Taking a step back, that's a bad thing. The convenience MUST remain. Holding my phone out with my thumb on it does not become more inconvenient than swiping a card. Accessing the camera, "taking a selfie" long enough to blink and have it register. That's inconvenient. The difference in security (if there even is one) does not make up for the difference in convenience.
 
I heard about the first implementation of this "technology" over a year ago, and was instantly worried. I did a quick check and discovered that some people were already able to easily fool the system with a photograph.

Then they added blink detection, and someone was able to print out a photo of himself and cut out the eyes to get right in. Then a Popular Science writer tried the same thing and couldn't get the photo to work (probably because the scale was off a bit), but was able to login using a video of his face played on another device.

http://www.popsci.com/its-not-hard-trick-facial-recognition-security

Sure, you can keep layering on security checks to make this concept more secure... such as blinking twice with a user-specified delay in between, blinking a code, blinking and frowning at the same time, etc. But this only results in...
  • your authentication taking more time than just typing in a password
  • you can forget some "blink code" as easily as you can a pin
  • you looking like a complete idiot making faces at your phone while people behind you wait with their Apple watches ready to make their 2-second payments
  • still more vulnerabilities, as someone could apply your photo to a 3D model and blink, smile or frown away until they replicated the goofy facial expression you did in front of them at the 7eleven.
I'm a big fan of 2-factor authentication. The iPhone/Apple Watch with a 6-digit pin before you can use TouchID Apple Pay payments, particularly if the TouchID authorization expires in a reasonable period of time, seems pretty secure and low-friction to me. Sure, TouchID can be broken, too, but it has been more secure than I expected. The combination of the two is even better.
 
No thanks MC.

I have no interest in entrusting you or your app to my biometric data (if you were Apple I would.)

Please just push retailers and more banks to sign on to Pay !
 
Do you remember the Sinclair Car/Trike, Pretty neat idea. Had its faults. But how many people wanted to look like a dork using one. I remember seeing one. Once?

Holding a phone in front of your face at the checkout puts even that debacle in the shade.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back