MasterCard's decision to do a 500-person trial of facial recognition for payment authentication next month may seem like a bold move in security, but it's really taking aim at friction.
For mobile payments to succeed, consumers must be comfortable with the payment method. And for millennials, few behaviors are more familiar than taking a selfie.
Other payment companies have dipped a toe in these waters before, with PayPal and Square asking users to take a self-portrait while setting up a mobile wallet. In those cases, the wallet providers relied on store clerks to compare the portrait in the wallet app to the shopper standing in front of them; the alternative of recognizing a face through software is far more complex. Factors such as facial hair, makeup and even sun tans can sharply change the way a face looks to a computer program.
Those factors can be addressed by looking for an approximate match rather than an exact match, but then the system is open to spoofing by lookalikes such as siblings. But none of this matters if consumers aren't willing to use the system in the first place.
"The complexity doesn't bother me much. It's all about adoption," said Seth Ruden, senior fraud consultant for banking vendor ACI Worldwide. "If we don't get people to get the core image in place, then we're not going to be able to do anything to authenticate them. If we don't get the adoption right, the whole solution fails."
Put another way, if security is the top priority, the technology becomes too complex and burdensome to attract users. If convenience and speed are prioritized, security can be fine-tuned later, and consumers are not likely to mind.
"Consumers have no skin in the game with payments security," argued Julie Conroy, a research director at the Aite Group, referring to zero liability shielding consumers from the pain of fraud. Shoppers "simply aren't willing to put up with a huge amount of friction because somebody else is paying the price. I view (Apple's) Touch ID as much about convenience as it is about security. It doesnt exactly have state of the art fingerprint readers."
With a goal of increasing adoption, facial recognition has another big advantage of other biometric approaches, especially fingerprint scans: Virtually all modern smartphones have built-in cameras with sufficient resolution to support facial recognition. Fingerprint scanners are still relatively new to handsets, including Apple devices.
From an acceptance standpoint, Conroy sees facial recognition as powerful. "It's pretty user-friendly for a certain group of consumers: Your millennials, who are selfie addicts," she said. "It's part of our new reality."
Indeed, MasterCard's move, reported first last week by CNN Money, struck her as more of a test of marketing than a test of security.
Richard Crone, of Crone Consulting, sees the MasterCard interest in facial recognition going well beyond authentication and entering the marketing-friendly world of emotion interpretation.
"Facial recognition is hard, but hard is good, especially for the companies that are developing the neural networks," he said. "The holy grail is not in the authentication, but it is in the interpreting of the emotional state of that customer. (Predicted emotions are) the next big data feed, as it will be anticipating what your next need might be."
That is something that facial recognition can deliver that other biometric traits cannot.
MasterCard has shared almost no specifics about its facial recognition mechanism, but it's widely suspected that it will use facial recognition as one of several choices in a multi-factor authentication system. The facial recognition data would likely be paired with geolocation data.
Ultimately, Crone said, geolocation won't consider just the current location of the phone, but the history of locations to determine the probability of the person carrying the phone being the cardholder.