Though it’s still a somewhat new concept, payment via mobile device is gaining in popularity. The latest smartphones make it easier than ever to pay bills or send money whenever needed. Yet, this also presents an interesting conundrum. What’s the best way to make mobile payments, and how can they be processed with minimal chance of being compromised?
As it turns out, two-factor authentication may provide an answer.
MasterCard wants to implement biometric-based two-factor authentication to improve security and cut down on false-positive transactions. The system in question utilizes a “selfie” taken by the user through a mobile application. The image is then compared to an image that’s stored, and if it’s similar enough, it will authenticate your identity. There are also other methods of biometric technology that are being used to help prevent credit card fraud, such as fingerprint scanning.
However, security isn’t the only way that this biometric authentication improves the user experience. MasterCard wants to cut down on the number of legitimate transactions that are being declined while users are traveling abroad. This is a problem larger than even credit card fraud. As reported by The Financial Times, there’s roughly $118 billion worth of false declines every year, which is considerably more money lost than is the case with credit card fraud–13 times more, to be specific. It’s thought that biometrics can be implemented to cut down on the amount of false declines and credit card fraud.
Granted, the question that needs to be answered is whether or not these technologies can be trusted to secure personal devices. Phones, tablets, and other mobile devices are known to get hacked just like any ordinary desktop computer. ITProPortal offers some insight into what will be necessary for mobile payment systems to take off:
“User devices are notoriously prone to penetration by cyber criminals – whether that’s as a result of users adapting their devices or overriding device security parameters, or using non-secure public WiFi when transacting online. Which means biometric data will need to be encrypted to ensure it cannot be stolen – otherwise we open a whole new vector for identity theft. What’s more, rigorous PCI standards already exist to protect users and merchants, especially where liability is concerned should things go wrong. What’s not clear in this scenario is whether liability will shift – and to whom. Quite simply, we’re in new territory here.”
One of the more interesting parts of this quote is the liability aspect. If a user isn’t securing their mobile device and is using it for payment, are they at fault if their financial information is stolen or lost? If so, this could change the way that financial institutions and payment compliance functions. In particular, biometric hacking could become a major problem, and you can’t issue a new face or fingerprint like you would a new credit card number.
Therefore, it’s crucial that you take measures to ensure the safety of your mobile devices, especially if you plan on using them for two-factor authentication. What are your thoughts on mobile payment authorization using a selfie-based system? Let us know in the comments.