October 5, 2016 — Mastercard Rolls Out Selfie Payments Across Europe
Robert Capps, VP at NuData, comments on the news that Mastercard is allowing online shoppers to take a selfie to verify their identity for payments.
The username and password authentication framework is still the sole method of verifying consumer identity in many non-face to face transactions. The problem with it is that it’s proven to be about as waterproof as an open window. Multiple ongoing breaches, with tens, no hundreds of millions of lost records should be enough to give question to its validity as a valid authentication method.
As consumers, we’ve essentially put ourselves in the situation of giving multiple copies of our front door key to complete strangers, and asking them to protect them, with the full knowledge that some can’t, or won’t. We play this game, one with horrible odds, every time we give our keys away using single-point authentication. Even attempts to fix this archaic system have been lacklustre, with weak auxiliary authentication schemes being duct taped over the top of a weak framework, such as SMS challenges, and secret questions and answers, it’s no wonder that consumer authentication is a mess.
Where these techniques fail is that they are just as prone to being stolen via phising attacks, breaches, malware, social engineering, and a cornucopia of methods, in just the same way as passwords.
For most banks, traditional online authentication boiled down to a choice between “effective”, “easy” and “low friction”, where you can only pick two options. The option usually left out of the mix, was customer experience. Banks, in particular, need to provide customers with security reassurance, the security guard at the front door, if you will. Username and password authentication, layered with varieties of 2FA provide some of this visual reassurance, but do little in the way of actual security – and banks know that customers also require real protection too.
For the complete article, go here.