Consumer Security

Amazon May Let You Pay With a Wink and a Nod

Amazon has applied for a patent for selfie-based authentication for online purchases, according to a patent application published last week.

Using the technology, a prospective purchaser would take a selfie, and the image would be authenticated against an image database using facial recognition software.

The buyer then would perform a requested action, such as winking, to verify that the image is of a live human being. That would trigger completion of the transaction.

The technology isn’t limited to smartphones, tablets or mobile devices; notebook computers, personal data assistants, video gaming consoles or controllers, and portable media players also can be used.

Selfie authentication is more secure than passwords, which can be stolen or misused, according to Amazon.

Further, entering passwords on portable devices is difficult because their keyboards and screens are small, the company contended. Also, shoppers employ unsafe practices such as storing passwords on their devices and selecting insufficiently strong passwords.

Safe Shopping

“We’re very excited to see biometrics and increased payment security getting such attention and welcome developments to the technology that this announcement may bring to help our members stay safe while shopping online,” Brian Ziff-Levine, director of cards and payments atFirst Tech Federal Credit Union, told the E-Commerce Times.

MasterCard last year launched a closedbiometric payments pilot project with First Tech Federal Credit Union. About 200 First Tech employees used smartphone apps to make virtual donations to the Children’s Miracle Network Hospitals. The transactions were authenticated by facial recognition or fingerprints.

Easy Peasy, With a Catch

“After their success with the one-click patent in the United States 10 years ago, it seems logical that Amazon would make a similar play with facial recognition,” remarked John Gunn, vice president atVasco Data Security.

Selfie authentication is “incredibly simple for the user, and most people now have smartphones, tablets or PCs with a camera,” he told the E-Commerce Times.

While the technology is “not likely to become a requirement” for standard authentication methods, “Amazon could present it to the user as an additional method to help reduce fraud,” Gunn said.

However, the company may need to provide an incentive for customers to start using it, “since it’s an extra step beyond one-click” and “the adoption could be very low after the novelty wears off,” he cautioned.

What, Me Too?

Amazon is a latecomer to the selfie authentication approach.

MasterCard this summer will bring its Identity Check biometrics program to banks in the United States, Canada, the UK and parts of the EU, said Catherine Murchie, MasterCard’s senior VP of North America processing, enterprise security and network solutions.

“The advantages of using the technology include convenience and security,” she told the E-Commerce Times. “We don’t see drawbacks to the technology.”

On Monday,Samsung announced it would integrate facial recognition technology fromMorpho to complement its suite ofFast Identity Online Alliance-compliant methods. Samsung already uses fingerprint biometrics.

Vasco is presenting its selfie authentication technology atCEBIT this week.

Amazon, Vasco and MasterCard are all FIDO Alliance members.

Potential Problems

Selfie authentication “will be big,” Vasco’s Gunn predicted. Having an extra layer of security similar to the way device ID and geolocation work is a nonintrusive way of reducing fraud.

That said, the U.S. Government Accountability Office listed concerns about selfie technology in a report filed in July with the U.S. Senate Subcommittee on Privacy, Technology and the Law.

They include privacy issues, as individuals could be identified and tracked in public without their knowledge; data security concerns, because, since facial features are unique, they are by definition personally identifiable information, and a breach of image databanks would have more severe consequences than other data breaches; misidentification; and profiling.

Richard Adhikari

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Richard Adhikari
More in Consumer Security

E-Commerce Times Channels