Relevant link: "Fingerprints are usernames, not password" (applies to all biometrics): <a href="http://blog.dustinkirkland.com/2013/10/fingerprints-are-user-names-not.html" rel="nofollow">http://blog.dustinkirkland.com/2013/10/fingerprints-are-user...</a><p>Long story short, it's a bad idea, and it's really not secure.
I'm starting to feel like a grey neckbeard. In my day, when I wanted to hang out with my friends, I called them, from a landline, known simply as "the phone". These days, I'm at or near a desktop/laptop computer almost 24/7 so don't see much need for a smartphone. I dread the day when a smartphone is required to be a part of society. It's shifting in that direction rapidly. If being on Facebook/LinkedIn also becomes a necessity, hopefully I'm already retired and have a beautiful lawn.
People are missing the point, like "chip and pin" this is not about protecting the consumer but about protecting Mastercard and their duopoly<p>"What you mean you did not pay for a hooker and rum in Amsterdam, then who is this in a selfie you took" > shows a selfie some hacker stole from the poor eejits Lifeinvader page.
There's lots of easy avenues to attack this.<p>1. Look for user's Youtube, Facebook, and other social media for photos/video<p>2. Videochat and record them.<p>3. Find them IRL and record them.<p>4. Print a mask of that person, and leave eye holes. Now you blink instead.<p>Ridiculous.
This reminds me of the hat from fifth element:<p><a href="http://images2.fanpop.com/images/photos/5000000/The-Fifth-Element-the-fifth-element-5050874-1918-796.jpg" rel="nofollow">http://images2.fanpop.com/images/photos/5000000/The-Fifth-El...</a>
The don't want to make money safe. making money safe makes money slow. Pay wave / pay pass and mastercard/visa chargebacks are all about getting money moving around more.
How is this supposed to work in low-light and dark environments, like a classy restaurant? What about people that don't have camera phones? This will end up being opt-in only, I'm sure. Can you imagine the checkout at the supermarket as vain people hold the line up while they make up their hair? I really don't see this as becoming commonplace.
I would just be happy if I could actually use my "chip and pin" credit card when performing a transaction. I have yet to find a retailer where I can actually use it.
There's a better link here [1], which explains with more details.<p>Main thing seems that it's not just facial recognition, you can use a fingerprint scanner (assuming your phone has one) instead, and that it requires you to blink when you're being scanned by the app. So it doesn't seem to be just static image recognition, it's looking at the video stream to ensure that your face is there and that it can blink (getting around the 'just hold a photo in front of the camera' problem).<p>[1] <a href="http://money.cnn.com/2015/07/01/technology/mastercard-facial-scan/" rel="nofollow">http://money.cnn.com/2015/07/01/technology/mastercard-facial...</a>
Seems to me that this is a cheap, relatively smart piece of marketing, rather than a serious proposition - note the heartbeat and voice recognition ideas that they're also "experimenting" with.
Ok, so everyone has pointed out how insecure this would obviously be, and all the simple ways in which you could fool it.<p>But, I'm left wondering, did the guys at mastercard never even think this through at all? This is people's money after all. It needs to be safe. Did they not even consider that, as soon as this is rolled out, people were going to see money disappear?<p>I can't believe they didn't think of that. Which makes me wonder, why am I even reading about this at all?
Didn't they get the memo from Japan? <a href="http://pinktentacle.com/2008/06/magazine-photos-fool-age-verification-cameras/" rel="nofollow">http://pinktentacle.com/2008/06/magazine-photos-fool-age-ver...</a>
Well, it just shows that banks and credit card issuers will go to any length to avoid implementing a proper PKI and secure transactions.<p>My only question is why?
First I thought I mixed up my tabs and I am on 4chan instead of being on HN.<p>Other verification approach is to use voice like WeChat does.<p><a href="http://www.biometricupdate.com/201503/instant-messaging-app-wechat-on-ios-adds-voice-biometrics" rel="nofollow">http://www.biometricupdate.com/201503/instant-messaging-app-...</a>
OK, so who thinks it would be a good idea to post their credit card number and CVV2 code on their Facebook wall?<p>Because that's essentially what Mastercard has caused everyone to do here.
I don't even have a cell phone. And there is zero chance I would ever get one just so that SlaveCard will process payments for me. That whole industry is like the grandfather that clearly can't drive anymore but everyone's afraid to confront about taking the keys away... why is nobody willing to 'disrupt' these people already?