MasterCard will begin trials of face recognition software to authorize payments – let the travesty begin!

source http://www.triggar.com.au/By Simon Davies

In its continuing effort to crack down on fraud, MasterCard has announced ambitious plans to trial a new program that approves online purchases using facial scans. The program is scheduled to begin in the US this Fall and – if successful – could be rolled out globally.

Company executives told CNN Money that at checkout, customers will be asked to hold up their phone and snap a photo. MasterCard’s reasoning is that this process is easier than remembering a password. The company says people will be required to blink at least once to prevent the risk of thieves simply holding up a photograph of a legitimate customer in front of the phone.

Even before considering the innumerable challenges in law, technology and culture of this scheme, the plan couldn’t have been announced at a worse moment.

Consumers will be required to download a MasterCard phone app to use the feature.

Even before considering the innumerable challenges in law, technology and culture of this scheme, the plan couldn’t have been announced at a worse moment. Only last month, privacy groups walked out en masse from White House endorsed talks aimed at striking a deal with retailers on the use of face recognition. Privacy advocates were frustrated that retailers and digital advertisers fought back on any rules that would require customers to proactively give permission before facial recognition services were used.

This rebuff has not bothered MasterCard, which assured CNN Money: “The new generation, which is into selfies … I think they’ll find it cool. They’ll embrace it.”

MasterCard has partnered with all smartphone makers, including Apple (AAPL, Tech30), BlackBerry (BBRY, Tech30), Google (GOOGL, Tech30), Microsoft (MSFT, Tech30), and Samsung (SSNLF). The company is still finalizing arrangements with two major banks.

The tragic hilarity of this scheme is that it ignores the disastrous technical failure of some similar programs that attempted to use face recognition for sensitive security processes. While there are some encouraging research findings, the technique is notoriously unstable, often resulting in unacceptable failure rates. That failure may be OK when used for personal devices such as mobile phone access (where the margin of error can be quite wide) but using it for bank security is an entirely different matter.

True, face recognition is being trialled in equally sensitive security environments such as airports, but the advantage there is that lighting conditions are stable and the quality of photographic equipment is high. Taking a snap of one’s face under a flickering fluorescent light will not give the same results. Nor will a system work optimally where people wear sunglasses, hats or put on funny faces (as retail customers in real life are likely to do).

The Privacy Surgeon predicts four inevitable outcomes from this scheme:

  1. As with previous experiments that carry such high expectations, the trial will be over-managed, resulting in an unrealistically positive outcome. When rolled out globally (where it will largely be unmanaged), the system will encounter the full range of technical and environmental challenges. Failure rates are likely to be higher than expected and large retailers will experience a warp in their checkout management models as troublesome or non conforming customers create bottlenecks.
  1. In the wake of these problems, there will be a push back from retailers, forcing MasterCard to review and refine its system parameters, perhaps limiting the use of facial recognition to specific environments and demographics.
  1. In an effort to placate consumers who are frustrated about being rejected by the recognition system, MasterCard will adjust the recognition threshold to reduce “false negatives”. However this will result in a higher number of “false positives” (false approvals), necessitating a two stage authentication using both face and PIN. This will again cause pressure on retailers because of increased authorisation time.
  1. MasterCard will inevitably be required to exercise due diligence regarding aberrant or suspicious activity, meaning that customers experiencing repeated failure will possibly be subjected to a variety of additional checking and authentication procedures.