Selfies May Boost Security for Mobile Payments
Selfies, or self-portraits typically taken with a smartphone's camera, are an all-too-common consumer habit. And the practice is now migrating to formal business use, such as for authentication.
"We hold the bag for fraud, and we have to be able to identify, detect and prevent it from happening," said Ron Herman, CEO and founder of Sionic Mobile, an Atlanta-based mobile commerce company that assumes fraud and chargeback risk management on behalf of its clients. "That protects not only us, but the consumers, the merchants and the banks downstream. That is why we're doing it."
Sionic is using selfies, which generally refer to people using a mobile phone to take a photo of themselves, as part of a broad security scheme.
For young people, selfies have become the most popular type of photo and the most commonly shared content on social networks. By using selfies as part of a security strategy, Sionic Mobile is testing consumer appetite for taking their own photos as they shop. It's a risky move, considering a growing backlash against selfies, particularly in museums and other tourist locations.
Herman admits some people do not like taking their own portraits for security purposesabout 25% of consumers in a market test were "really uncomfortable" with using selfies or drivers licenses as part of identity checks. "We're OK with those odds. For us it's a matter of securing people," Herman said.
As a way to ease people into using selfies, Sionic offers consumers the option to try its rewards and loyalty service for small purchases of up to $25, which bypass the authentication protocol.
"This allows them to feel our service out and find out if it's worthwhile," Herman said. "Then they go through the authentication."
Sionic is working with AuthenticID, an Atlanta-based identity technology company, to integrate AuthenticID's catfishAir security system into upcoming versions of the ION Rewards and Shop2Give consumer apps. Shop2Give allows users to make purchase at retail locations, with 2% of each transaction donated to a nonprofit. ION Rewards uses Sionic's virtual currency like cash at a network of merchants.
On sign-in, users select a "verified account feature" and present a state-issued driver's license, then hold the phone over the ID to capture an image and flip to the back of the license when prompted. The user then takes a selfie when prompted. The catfishAir technology captures the images, then verifies and confirms the user's identity.
"Once the ID is secured, that process is done up front," preventing the user from having to go through the process each time he or she makes a payment, Herman said. The mobile photo IDs are combined with other security measures such as network analysis and a 15-point fraud detection system to protect users and payments. Sionic enhanced its system after noticing spikes in fraud that accompanied the major retail data breaches over the past 18 months.
Other companies dabbling in selfies as part of identity security include Digital Insight, a bank technology company owned by NCR, which partnered with EyeVerify to add eye vein recognition technology to mobile banking platforms. Self-portraits are used to capture the eye vein patterns.
Selfies are part of a broader trend to use biometrics as part of identity risk. After languishing for years, biometrics is gaining traction, buoyed in part by Apple and Samsung's use of the technology for authentication in their smartphones.
"Facial recognition is not yet widely used for payments, but the interest is growing," said Zil Bareisis, a senior analyst at Celent.
There are different approaches, Bareisis said, noting the defunct Square Wallet used to present a shopper's photo to a cashier for visual confirmation of the person's identity.
Alibaba's "smile to pay" technology uses facial recognition to authenticate customers, and Jumio's biometric system distinguishes between facial recognitionor scanning the face to identity a user and facial matching, which compares a person's face to a photo from an ID document in near real time, Bareisis said.
"As with all new approaches, particularly those that make use of sensitive private information, consumers need to be educated and have an explanation on how it works and how the data they share will be used," Bareisis said.