Mastercard banks on selfies to reduce online fraud

Internet Retailing

5th Jan 2017

Moving from social media to commerce, the selfie is about to become verification for online transactions for Mastercard users.

Already the technology has been rolled out in 12 markets in Europe, and the credit card company says it will become available around the world in phases in 2017.

Known as Mastercard’s Identity Check, the system will let card holders use facial-recognition technology to match selfies against their photograph on file to ensure the veracity of online transactions.

“There could be an issue with twins, but  I would need to have a bad twin,” says Mastercard executive VP for identity solutions Bob Reany. “They would have to break into my house, steal my phone and be at my location.”

With its prototype, Mastercard will convert head shots into encrypted code to be stored on a mobile device. The selfie would not need to be a perfect match, and banks would set the threshold for the accuracy of the matching.

“We’ll advise the bank and say, ‘You don’t want to be too open and have only 20 per cent of the things match’. Then, everybody and their dog could use it,” says Reany.

The technology can either be as a standalone app or be integrated into an existing bank app. It can also work with other payment brands.

More sophistication

Mastercard data shows that the rate of online payment fraud is more than three times higher than for physical transactions. Against this, banks are approving just 83 per cent of online transactions, compared to the 96 per cent for physical transactions.

Reany says cybercrime is also gaining in sophistication, with new forms of malware being evolved. He says the fraudsters are smart. “They are getting PhDs and are finding ways to commit fraud. What we have to do is ruin their business model.”

He says this runs along the enormous potential for growth in the online payment space, with the number of online and mobile transactions expected to double to 40 billion by 2020.

Tokenisation already cuts the risk of credit-card numbers being stolen from single individuals and the details being sold in larger batches on the dark web. With tokenisation, a card number is replaced by a unique set of numbers not tied to actual account details. Mastercard is now working to fill another gap by tokenising the card details merchants already have on file.

Reany says banks and payment companies need to combine various tools to create more secure authentication. This should so significantly raise the costs for criminals to exact fraud that the returns are no longer worth it. “If it’s not a scalable attack, we’re winning.”

This story first appeared on our sister site, Inside Retail Asia.