Mastercard’s facial recognition payment system raises concerns

Mastercard’s “smile to pay” system, announced to be launched last week, is meant to save customers time at checkout. It is being tested in Brazil, and future prototypes are planned for the Middle East and Asia.

Mastercard puts forward the following arguments: its contactless technology will speed up transactions, reduce queues in stores, and improve safety and hygiene in businesses. But this system raises concerns about privacy, data storage, criminality and potential “bias”.

How will it work?

Mastercard’s biometric payment system will give its customers the ability to use facial recognition to conduct financial transactions, by combining the biometric authentication systems of various third-party companies with its payment systems.

According to a Mastercard spokesperson, the company has already developed partnerships with NEC, Payface, Aurus, Fujitsu Limited, PopID and PayByFace. Others will be announced soon.

Mastercard has partnered with Fujitsu, an information and communication technology giant that offers many products and services.

“Suppliers must obtain certification from an independent laboratory, attesting that they meet the criteria of the program, before being considered,” explains Mastercard. However, the details of these criteria have not yet been made public.

According to some media, customers will have to install an application that will take their picture and save their bank details. This information will be backed up and stored on the servers of external providers.

At checkout, the customer’s face will be scanned and compared to the stored data. Once his identity has been verified, the funds will be automatically withdrawn from his account. The “pay with a wave” option is actually similar: when the customer waves their hand while looking at the camera, it is their face that is scanned, not their hand.

Read more: Facial recognition, from phone unlocking to mass surveillance

Similar authentication technologies are already integrated into smartphones (face ID) and have been implemented in many airports, including in Australia with “smartgates”.

China started using biometric payment systems as early as 2017. But Mastercard is among the first to launch this technology in Western markets. The company thus enters into competition with the “pay with your palm” system (pay with your palm) used by the automatic checkouts of Amazon Go and in the stores of the Whole Foods chain, bought by the juggernaut of e-commerce in United States.

What we still don’t know

There are still many gray areas regarding the exact operation of Mastercard’s system. How accurate will facial recognition be? Who will have access to the biometric databases?

According to the Mastercard spokesperson, customer data will be stored by one or other of its biometric technology providers in the form of encrypted files, and will be removed from the database as soon as the customer “expresses the wish to terminate his contract. But how to ensure the withdrawal of data if Mastercard does not have direct access to it?

Naturally, privacy is a central concern with this system, especially given the number of potential outside vendors.

Fortunately, Mastercard customers will have the choice whether or not to use the biometric payment system. However, retailers may decide not to offer this option or, conversely, to use it to the exclusion of any other payment method.

The facial recognition technologies used in airports and by the police, on the other hand, rarely leave users a choice.

Read more: For legal principles of liability adapted to artificial intelligence

Presumably, Mastercard and the company’s partner biometric data providers will seek consent from the customer, as required by most privacy laws. But will customers know what they allow?

Ultimately, the biometric technology providers Mastercard partners with will decide how the data will be used, how long it will be used, where it will be stored, and who can see it. Mastercard will only select “worthy” suppliers to be accepted as partners, and determine the minimum criteria they must meet.

Customers who want to use this method of payment must agree to all the conditions of use and protection of the corresponding data. And, as several sources have pointed out, Mastercard will be able to use the system by integrating it with its loyalty offers and making personalized recommendations to customers based on their purchases.

A precision problem

Although the accuracy of facial recognition technologies has been questioned in the past, best Biometric data authentication algorithms today have a margin of error of just 0.08%, according to tests conducted by the National Institute of Standards and Technology (NIST) in the United States. In some countries, even banks no longer hesitate to use this method to allow customers to connect to their accounts.

However, we don’t know how accurate the technologies used by Mastercard’s biometric payment system are. Algorithms that work almost perfectly in the lab are sometimes much less effective in the real world, where lighting, shooting angle and other parameters can vary.

A risk of bias

In a study published in 2019, NIST demonstrated that out of 189 facial recognition algorithms, the majority were biased. Results were less accurate for faces of non-white people.

Although the technology has evolved in recent years, it is not foolproof. And we do not know to what extent Mastercard has managed to overcome this difficulty.

If the software fails to recognize a customer at checkout, the person concerned may become upset or even angry, which would completely go against the company’s promises of speed and convenience. .

But if the system mistakes someone’s identity (mistaking Pierre for Jacques, for example – or confusing twins), the money risks being taken from the wrong account. How to remedy this situation?

There is no guarantee that the facial recognition system is infallible. These technologies can be biased and make misidentifications.

Is this system safe?

We often hear of pirated software and databases, even within supposedly ultra-secure institutions. Despite Mastercard’s efforts to ensure the security of this system, there is no guarantee that the databases of external suppliers – potentially containing millions of biometric identity cards – will not be hacked.

In the wrong hands, this data could lead to identity theft, ever-increasing crime, or financial fraud.

Do we really want this system?

Mastercard suggests that 74% of customers are in favor of using this technology, citing statistics from an internal study and reported by its partner Idemia, which markets biometric identification technologies.

But the quoted report is vague and brief. Other studies give completely different results. One, for example, suggests that 69% of consumers are reluctant to use facial recognition systems in stores. Another shows that only 16% trust this technology.

Not to mention that, if consumers really knew the risks of using facial recognition to authenticate payments, this percentage would probably be even lower.

Translated from English by Iris Le Guinio for Fast ForWord

Leave a Comment