Selfies could replace passwords for online shoppers

Blink and buy

Move over, Kim Kardashian. The art of the selfie will soon be just as important for security as it is for social sharing on networks like Facebook and Instagram.

MasterCard's pilot program will have online shoppers taking photos of themselves for authentication to reduce fraud. The credit card issuer hopes that the selfie will be more convenient and less cumbersome for shoppers, while also provide more security benefits than a traditional password, which can be easily lost, stolen or intercepted.

"We want to identify people for who they are, not what they remember," said Ajay Bhalla, President of Enterprise Security Solutions at Mastercard. "We have too many passwords to remember and this creates extra problems for consumers and businesses."

The password

MasterCard initially created a SecureCode to help verify a customer's identity before an online transaction is completed to reduce fraud. When you're ready to checkout, a pop-up window appears asking you to enter a password, but SecureCode has been unpopular as complex passcodes can be difficult to remember.

Enter the selfie.

"The new generation, which is into selfies ... I think they'll find it cool. They'll embrace it," Bahalla said in a CNN Money interview.

MasterCard had previously been testing and developing applications that authenticate cardholders with facial identification, voice recognition and cardiac rhythm through a wearable wristband.

'Say cheese'

In order for MasterCard's new online verification to work, users will need a smartphone and the accompanying MasterCard app.

MasterCard is in talks with two major banks and the leading smartphone manufacturers, including Apple, Google, Microsoft, BlackBerry and Samsung to deploy this new service.

Users will have two options to verify their identity. They can choose a fingerprint scan or a face scan. MasterCard researchers say that to keep face scans secure, users should blink.

Because many smartphones today come with a capable front-facing camera for selfies, face scan will work on equipment that lack a fingerprint scanner. Fingerprint scanners are found on a limited number of smartphones, including the latest phones from Apple and Samsung.

For users concerned with privacy, the scans stay on the phone. MasterCard's software will convert scans to 1s and 0s and transmit the digital data over the internet.

Privacy experts are still skeptical about the process as MasterCard is still transmitting the data to their network, rather than keep the authentication on the device. This could potentially open up MasterCard to a hack in the future.

The pilot will be limited to 500 customers, but if MasterCard's trial is successful, it could be a big step in replacing the trusty password.

Is it me you're looking for?

MasterCard isn't the only company looking into biometric security. Microsoft is also introducing new ways to log into PCs with Windows 10. Windows Hello will allow users to authenticate themselves using a facial scan or fingerprint.

Microsoft requires new 3D depth-sensing cameras for its Windows Hello face scan to keep things secure. This way, you can't trick a friend's PC into logging in by holding up a photo of your friend.


Read our picks for the best password managers