Mastercard rolls out pay-by-selfie across Europe

Wednesday 5th October 2016 09:08 GMT Dan 55

"Banks have typically been good about walking the line between convenience and security.”

No, they are effing useless. Buy a train ticket then when you get the card back buy another one, because, I don't know, a friend doesn't have change or something (i.e. two transactions within a short time) and your card gets blocked. If a merchant in Outer Mongolia where you've never been or have any intention of going charges your card they wave it through.

And if your contactless card gets stolen and you get it cancelled, it can still be used by the thief for contactless payments until the expiry date.

14 2 Reply
1. Wednesday 5th October 2016 10:54 GMT Voland's right hand
  
  Re: "Banks have typically been good about walking the line between convenience and security.”
  
  You use HSBC, don't you?
  
  They blocked my card every time I booked a holiday because I book flight, hotel, car and parking within 15 minutes separately (to ensure I have all the pieces of the puzzle). After having to pay "demand driven" price increases twice because of the cretinous clueless HSBC fraud detection, I gave them a final warning - unless they get a clue and can recognize a standard travel purchase pattern they will be fired.
  
  They did not get a clue. And got fired.
  
  Just switch to a bank which has bought some proper fraud detection software instead of a call center full of clueless people in a hot and humid location (I know guys who develop it in Eastern Europe and who has bought it from them).
  
  2 1 Reply
  1. Wednesday 5th October 2016 23:30 GMT scrubber
    
    Re: "You use HSBC, don't you?”
    
    Do I look like a Mexican drug cartel?
    
    1 0 Reply
    1. Thursday 6th October 2016 06:58 GMT Voland's right hand
      
      Re: "You use HSBC, don't you?”
      
      Do I look like a Mexican drug cartel?
      
      Like a whole cartel? No. Like an individual drug lord? Maybe... You never know...
      
      0 1 Reply
Wednesday 5th October 2016 09:11 GMT allthecoolshortnamesweretaken

That's it. I'm going back to cash.

4 0 Reply
1. Wednesday 5th October 2016 09:14 GMT Bumpy Cat
  
  Technically Her Majesty is using pay-by-selfie when paying by cash.
  
  15 0 Reply
  1. Wednesday 5th October 2016 12:16 GMT Anonymous Coward
    
    What about Princes William or Charles?
    
    "My mom's good for it."
    
    3 0 Reply
Wednesday 5th October 2016 09:53 GMT Cab

Erm...

“Passwords remain very common because they always work, but of course can be stolen or discovered..." Fortunately my face remains entirely secret at all times.

16 0 Reply
Wednesday 5th October 2016 10:28 GMT Richard Jones 1

Challenge time? Or Crafts Moment?

Nice picture of someone, carefully crafted eye shaped cut outs, match the old eye subject with a new one, now blink please. It cannot possibly go wrong can it?

1 0 Reply
1. Wednesday 5th October 2016 10:43 GMT MOH
  
  Re: Challenge time? Or Crafts Moment?
  
  Or just a short video of someone blinking?
  
  3 0 Reply
Wednesday 5th October 2016 10:44 GMT wikkity

revolut do a good job

Whilst on holiday this year I took a revolut card with me, the security options are good. You can set an options to disable/enable ATM withdrawals, online/card not present purchases or magstripe payments. Plus you can tie it to your phone to allow location based security, it does work as I forgot I had that set up and left my phone in the hotel (work kept ringing me) and couldn't withdraw any cash.

Of course if someone steals your phone and card it could be circumvented but you need a pin to access the app to enable any disabled options..

1 0 Reply
Wednesday 5th October 2016 11:13 GMT Yugguy

Round of applause

For the first person to try using a picture of their dick.

3 0 Reply
1. Wednesday 5th October 2016 11:28 GMT Dan 55
  
  Re: Round of applause
  
  What, you mean they get the round of applause when they try to pay in Subway?
  
  Just a coat, obviously.
  
  3 0 Reply
2. Wednesday 5th October 2016 11:51 GMT macjules
  
  Re: Round of applause
  
  For the first person to try using a picture of their dick.
  
  Kim tried that and it rejected Kanye's face.
  
  5 0 Reply
Wednesday 5th October 2016 11:26 GMT adam payne

What would happen if you photobombed someone?

0 0 Reply
Wednesday 5th October 2016 11:43 GMT Anonymous Coward

ALL YOUR FACES...

... ARE BELONG TO US!!!

5 0 Reply
Wednesday 5th October 2016 11:49 GMT adam payne

What would happen in the case of twins?

3 0 Reply
1. Wednesday 5th October 2016 12:04 GMT lglethal
  
  Well that depends on which one happens to be the Evil twin...
  
  4 0 Reply
  1. Thursday 6th October 2016 20:55 GMT Trigonoceps occipitalis
    
    As some identical twins are mirror images of each other, it would be the one with the mirror.
    
    0 0 Reply
Wednesday 5th October 2016 12:07 GMT Pen-y-gors

Security?

From a security viewpoint, financial fraud will never be completely eradicated,

...and we'll make sure it isn't by regularly coming up with stupid new ways for security to be compromised.

2 0 Reply
Wednesday 5th October 2016 12:43 GMT Valerion

Got it

Step 1 - Steal Simon Cowell's credit card

Step 2 - Go to party shop, buy hilarious cardboard Cowell mask.

Step 3 - Profit!

1 0 Reply
Wednesday 5th October 2016 13:11 GMT Mahhn

next up

Malware (from google play of course) is used to capture your data during purchases on your phone. Data is sent to crook that uses an emulator to relay the captured data as if it was a live transaction. (even full android, iphone emulation) Ka Ching ka ching, ka ching.

If it's data, it can and will be stolen.

0 1 Reply
Wednesday 5th October 2016 13:47 GMT Alister

This is all going to end in tears

1 0 Reply
Wednesday 5th October 2016 18:39 GMT Deltics

I'll just leave this here

Identity <> Authorization (or if you prefer: Identity != Authorization)

4 0 Reply
Wednesday 5th October 2016 21:27 GMT israel_hands

My Face Is Not A Password

My face is just my face. It's the "who I am". Equivalent my username, and while it may be slightly more secure than an alphanumeric username*, if it's compromised once, it's compromised forever. Which is exactly why it should never be used as a password analogue.

What they're doing is just utterly fucking clueless. They need to at least couple it with a password to provide some level of actual security, instead of binning security completely and saying "Hey, at least now you don't need to remember a password."I wonder how their customers would feel if they did just that, told them not to worry about a password or PIN, just enter your name into any cashpoint then tell it how much you want to out. And if they did the sensible thing, and coupled it with a password/PIN/other authentication factor, then what would be the point of using a photo in the first place? It's gimmicky shit that is actively making the world a worse place. A pox on the fuckwit who devised it.

*And I'm not at all convinced it is because of the whole single-factor lose-it-once/lose-it-forever thing.

2 0 Reply
Thursday 6th October 2016 00:45 GMT Anonymous Coward

Identical twins?

Evidently the imbecile's at Mastercard didn't think this through at all did they?

Although it will be the preferred app terrorists will use to collect their ransom demand from the captive card holder (of course getting themselves on the selfie too). Means they can complete the transaction without having to put their gun down for even a moment.

1 0 Reply
Thursday 6th October 2016 09:20 GMT ultrastarx1

the obvious problem here is the required blink, it should be a wink, would make working retail a much more flirty environment..

Me thinks shurely shome solution could be considered involving nipple tassles??

Visa could take clockwise

Amex could involve a trampoline

3 0 Reply
Friday 7th October 2016 01:32 GMT Jin

Criminals would be delighted

“User passwords are typically the easiest point of attack", so it is recommended to use your face with the user password as a fallback means against false rejection so that you/criminal can log in either by your face (videoed face) or your password. Is this a wise idea?

This video explains how biomerics makes a backdoor to password-protected information.

https://youtu.be/5e2oHZccMe4

0 0 Reply