Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Security Technology

Billions of Smartphone Owners Will Soon Be Authorizing Payments Using Facial Recognition (zdnet.com) 104

An anonymous reader quotes a report from ZDNet: The next few years will see billions of users regularly using facial recognition technology to secure payments made through their smartphone, tablets or smartwatches, according to new analysis carried out by Juniper Research. Smartphone owners are already used to staring at their screens to safely unlock their devices without having to dial in a secret code; now, facial recognition will increasingly be deployed to verify the identity of a user making a payment with their handset, whether that's via an app or directly in-store, in wallet mode.

In addition to facial features, Juniper Research's analysts predict that a host of biometrics will be used to authenticate mobile payments, including fingerprint, iris and voice recognition. Biometric capabilities will reach 95% of smartphones globally by 2025, according to the researchers; by that time, users' biological characteristics will be authenticating over $3 trillion-worth of payment transactions -- up from $404 billion in 2020. [...] "All you need for software-based facial recognition is a front-facing camera on the device and accompanying software," Nick Maynard, lead analyst at Juniper Research, tells ZDNet. "In a hardware-based system, there will be additional hardware layers that add additional security levels. It's increasingly important to differentiate because hardware-based systems are the more secure of the two." Maynard's research shows that between now and 2025, the number of handsets using hardware-based systems will grow by a dramatic 376% to reach 17% of smartphones. Juniper expects the number of smartphone owners using [software-based facial recognition systems] to secure payments to grow by 120% to 2025, to reach 1.4 billion devices -- that is, roughly 27% of smartphones globally.
"Hardware-based systems obviously have additional costs per device," adds Maynard, "but the reason it is growing well is really that Apple has been driving it forward. They've made the technology a part of their high-end devices, and shown that hardware-based facial recognition technology can be done and can be very secure."

"Software-based facial recognition is strong because it's very easy to deploy," Maynard continues, "but we are expecting a shift towards hardware-based systems as software becomes invalidated by fraudster approaches. Fraudster methods are always evolving, and the hardware needs to evolve with it."
This discussion has been archived. No new comments can be posted.

Billions of Smartphone Owners Will Soon Be Authorizing Payments Using Facial Recognition

Comments Filter:
  • by K. S. Kyosuke ( 729550 ) on Tuesday April 13, 2021 @08:04AM (#61268042)
    That gives the phrase "money shot" a completely new meaning...
    • by dyfet ( 154716 )

      Or "face crime"...I for one am already looking forward to the first post here about someone using a persons selfie to construct a visual model and a 3d printer to make a head that then fools face rec software ;)...

      • by CrimsonAvenger ( 580665 ) on Tuesday April 13, 2021 @09:10AM (#61268316)
        I'm wondering if a DEAD face works for facial recognition software. Can you kill a guy (carefully avoiding shooting him in the head), then use his corpse to authorize a withdrawal from his bank account?
        • by hjf ( 703092 ) on Tuesday April 13, 2021 @09:25AM (#61268384) Homepage

          In Argentina we have an electronic identity validation system. It's a government provided API. It's used, for example, to open a bank account. The app uses this API. The government already has your photo in the identity database. So when you open an account you need to take one "normal" selfie and one "proof of life" selfie: it instructs you to make a weird face (such as: close your right eye, open your mouth, etc). It then validates your face and the required gesture.

          So far I've used it only twice: to open an "app" bank account after i closed my "real" bank account, and to open an investment account.

          • So when you open an account you need to take one "normal" selfie and one "proof of life" selfie: it instructs you to make a weird face

            Okay, hadn't considered that possibility. Good move on the part of whomever put that into the system....

          • by DesertNomad ( 885798 ) on Tuesday April 13, 2021 @01:55PM (#61269654)

            Interestingly, I did just that when doing an on-line dating thing.

            From this particular service, I'd get messages from women (well, that's not certain - one can never know), and check out their profile in response. If the conversation went on more than that one transaction, I'd ask for one photo of them touching their finger (didn't matter which one %^) to their nose, or similar, just to see if it was the likely the same person in the photo set. Don't know how well that tactic worked, but I'd never hear again from the ones that were likely scammers. It was funny in a sad, morose way.

        • by AmiMoJo ( 196126 )

          Most of the big manufacturers claim to have some sort of attention detection so that face unlock doesn't work when you are asleep.

          The bigger issue is that everyone is wearing masks now. Sunglasses don't help either. My wife's iPhone 11 never unlocks when she is wearing a mask so she never uses it to pay for stuff anymore. My Pixel 5 has a fingerprint reader which is more more convenient.

        • by shanen ( 462549 )

          I remember one time we tested facial recognition by taking a picture of his face and just showing that smartphone image to the other phone to unlock it. Or was it a tablet? Some years ago, and one would hope that the software has improved.

          How about adding eyeball tracking? Then the phone could show a dot on the screen and move it around, and your eyeballs would have to track the dot to unlock the phone. Of course, that just means the break-in software would need to be a bit more sophisticated to animate the

        • by antdude ( 79039 )

          What about unconscious?

      • You're overcomplicating this. Probably can be done entirely in software.

    • Re: (Score:3, Insightful)

      by KingBenny ( 1301797 )
      at the risk of deja vu : "what could go wrong" ...
  • by Dan East ( 318230 ) on Tuesday April 13, 2021 @08:04AM (#61268046) Journal

    I've been doing this the last couple years with Apple Pay. Is this something different?

    • Yes, the difference is that they journalist finally found out about it..

      (And the fact that more and more android phones have such too, but..)

      • by Rhipf ( 525263 )

        They aren't saying it isn't currently happening just that it is about to increase substantially.

        users' biological characteristics will be authenticating over $3 trillion-worth of payment transactions -- up from $404 billion in 2020

    • by cayenne8 ( 626475 ) on Tuesday April 13, 2021 @08:26AM (#61268150) Homepage Journal
      Not me.

      I won't use any of the biometric stuff to open or authorize anything.

      • So do you pay in cash all the time, carrying large sums of money on you, which could be lost or stolen by a pickpocket?
        Perhaps a you use a Credit/Debit Card which you often need to hand off to a person (who could memorize or copy the number) and or apply it against a normal terminal, which often has a network of crappy old infrastructure that will send you data to who knows where.
        The Phone with a bio-metric authentication is probably the current best approach balancing security and convenience. As the phon

        • So do you pay in cash all the time

          I do tend to pay in cash most of the time, whenever possible.

          Perhaps a you use a Credit/Debit Card which you often need to hand off to a person

          I won't own a debit card....if you get that compromised, your cash is gone from your account till you can prove it wasn't you. I know people that went through this horror story type scenario.

          I use credit cards. No biometric needed. Most of the time, those are self serve terminals that I stick the card into. But at worse, if the

        • by Rhipf ( 525263 )

          What happens if your biometrics change?
          Is there a mechanism in place to change the biometric locks if that occurs?
          If there are mechanisms for that what would stop someone that has stolen or found your phone using those mechanisms to reset the locks?
          How is that any different from someone resetting a traditional password on the phone?
          How is that better than two factor authentication?

          If someone finds your phone and can just start "using to pay for stuff" I would assume that there is no lock on the phone. If th

        • So do you pay in cash all the time, carrying large sums of money on you, which could be lost or stolen by a pickpocket?

          I use cash whenever possible. Its easy to use, the merchant gets the full amount paid out and does not forever tie the purchaser to every transaction they've ever made in their entire life.

          As for carrying large sums of money which could be lost or stolen I carry what I want to carry on me which in aggregate is of way less value than most of your phones are worth new.

          Perhaps a you use a Credit/Debit Card which you often need to hand off to a person

          Now there is a blast from pre-covid past.

          and or apply it against a normal terminal, which often has a network of crappy old infrastructure that will send you data to who knows where.

          Why should anyone care? If something happens you dispute the charges and they issue another card.

          The Phone with a bio-metric authentication is probably the current best approach balancing security and convenience. As the phone will send a different value every time preventing someone from copying the data and reusing it. As well while bio-metrics is not fool proof, it is much safer for the more common occurrence, someone finds you phone and starts using to pay for stuff, but being blocked due to invalid bio-metrics. Sure they can take your phone make a 3d model of your face to access it, or reproduce your fingerprints. But that will take time and effort, in which you may have already called your credit card company to report the theft and had that account deactivated.

          Fun

          • Funny you list theft as a problem yet see fit to totally discount it here. All having valuable things on your person does is increase the risk of violence toward the victim.

            There, FTFY.

            • There, FTFY.

              You don't understand the problem.

              It takes a moment to take something from someone and run off.

              It takes far longer to force victim to unlock device and extract thing of value from it. This increases risk of violence toward the victim.

      • Not me. I won't use any of the biometric stuff to open or authorize anything.

        Welcome to the boat. You get a great view on the port side. To many ways to by pass biometric locks, makes it way to insecure for me. A pin will at least take them some time if I lose my phone, or some cop decides my rights don't mean shit.

      • by rapjr ( 732628 ) on Tuesday April 13, 2021 @11:36AM (#61269032)
        The security community has been saying that biometrics are a bad idea for many types of applications because they are not replaceable and they are not secret:

        https://www.schneier.com/essay... [schneier.com]

        So why are companies and governments ignoring the experts and going full steam ahead into disaster? Communities and companies have started banning facial recognition:

        https://www.nytimes.com/2020/0... [nytimes.com]

        So no banking services for them? Biometrics can change (over time or due to accident or surgery) yet can also not be changed if they are compromised (a hacker steals the data that codes your face and you have to have surgery to get a new face?):

        https://www.schneier.com/blog/... [schneier.com]

        So you damage your face and you can no longer access your money? The above articles indicate there are some situations and hardware configurations where biometrics make some sense, but there are also many where they do not. Making payments via biometrics on a phone where the user may install any unsecure app which could compromise the phone seems like a very bad idea. What is the chain of trust here from the camera to the bank? How do you verify that the person the phone is taking a picture of _wanted_ that picture taken for biometric purposes? Any app can get camera permissions and take your picture, so any app can access your bank account?

        "but we are expecting a shift towards hardware-based systems as software becomes invalidated by fraudster approaches. Fraudster methods are always evolving, and the hardware needs to evolve with it."

        So they already expect it to be insecure but they are going to do it anyway. WTF? Are they that stupid? This sounds like multiple class action lawsuits waiting to happen.

    • Yeah, but that makes you a nutjob, and by your own choice not a person by yourself anymore, but a part of the swarm lifeform called Apple.

      Please stay in your little dystopia, wherever that is. Most of the EU would be enemy territory for your data whoring mindset. (Even grandmas know and care about privacy and data protection here, and do things like avoid smartphones or Amazon.) The USA will hopefully soon be too.

  • Identical twins? (Score:5, Insightful)

    by fluffernutter ( 1411889 ) on Tuesday April 13, 2021 @08:08AM (#61268052)
    Just wondering, what prevents identical twins from accessing each other's bank accounts?
    • Identical twins aren't identical. News @ 11.

    • by h33t l4x0r ( 4107715 ) on Tuesday April 13, 2021 @08:19AM (#61268098)
      Nothing, but they will telepathically know when the other one ripped them off.
    • Identical twins can pull off conventional fraud against each other too. My Puerto-Rican sister-in-law had twins. They were stealing each other's hubcaps while still in the womb.
      • by mark-t ( 151149 )
        identical twins can't pull off conventional fraud when access is protected by an appropriately secured passcode. Which I think is the point.
        • You're killing me, man. Security questions, access to the phone, having the right face... I don't even want to argue this, my reply was a joke and I'm still righter than you.
          • No, actually, he is right and you ae the joke.

            Also, you said you are dead now, so please stay quiet. (Slight rotting noises are allowed. ;)

          • by shanen ( 462549 )

            Apparently most Slashdotters have had their funny bones removed, though they can sometimes simulate a sense of humor if the moderators pile on enough Funny mod points.

          • maybe mark-t doesn't know what hubcaps are, or the old joke. He could be differently abled.

            • by mark-t ( 151149 )
              I was addressing the first sentence in the comment I replied to, not the joke about twins.
        • by Rhipf ( 525263 )

          They also can't pull off conventional fraud when access is protected by a placenta. 8^)

    • Or the use of deepfakes ?
    • What is to stop Identical Twins from just taking each others credit card. Heck they will often know enough about each other to properly call the credit card company and send them over an other copy of that card. Or just going to the bank and pretending to be the other person.

      Sure as Twins become adults their differences are much more noticeable, but often not enough to compare against a drivers license photo, or the casual person (say a bank teller who sees this person once every couple week, in a mist of

      • by mark-t ( 151149 )
        I would argue that an appropriately secured pass code is the hardest thing to steal because the only means by which you can actually acquire it involves inflicting harm (perhaps only temporarily, but causing harm nonetheless) on the person that knows it.
    • Identical twins don't have the same fingerprints, not do they have identical irises. For now I guess manufacturers should add the option of using face recognition and or fingerprints.
  • Not quite (Score:1, Informative)

    They are not authorizing payments using facial recognition. They are authorizing payments using facial recognition and and a hardware token (their smart phone).
    • Yeah, no. That is not a separate factor. It is the same device. (And even a different device does not count if they are both "something you know" or both "something you are" or both "something you have".)

      • If you want to be more exact, you're authenticating with "something you have" that's enabled by "something you are". You can't use a random smart phone to authenticate anything with your face.
  • This feature probably works better on high-end phones, especially those with the additional hardware described in the description. The feature will be, however, be highly available, and be mimicked by every company that authorizes transactions. This will result in scenarios similar to me using the Rently app recently, where I spent the better part of an hour trying to hold a camera perfectly still in my hand while adjusting my face's alignment with the phone and trying to get a good light source on my face

    • Re: (Score:2, Insightful)

      Look forward to the day processors will be powerful enough, and payment companies brazen enough, that they'll also require you to "look right" to authorize a payment - i.e. not drunk, not stoned, not in a particular setting, etc... This is just the beginning of that zero-friction slope.

      • Just wait until processors are powerful enough to scan your social media history before the app decides whether it wants to authorize your transaction or not based on "company values."

      • Look forward to the day processors will be powerful enough, and payment companies brazen enough, that they'll also require you to "look right" to authorize a payment - i.e. not drunk, not stoned, not in a particular setting, etc... This is just the beginning of that zero-friction slope.

        Let's not forget that facial recognition is terrible at recognizing black faces.

      • I was thinking it would be cool if it would detect if one is under duress and both seemingly do the requested transaction as well as inform a person you've selected as trustworthy fall back / support...
    • It doesn't even work well on Apple in the first place.

      It confuses sons with moms, twins, and has way too many caveats and complications that make it worse than something I could design in 5 minutes.

  • This is just a warm up for the phone looking for the mark of the Beast soon.

    Such exciting times!

  • by sinij ( 911942 ) on Tuesday April 13, 2021 @09:19AM (#61268356)
    Before you sign up for this service, consider how expensive re-issuance going to be when your biometric data leaks and you will have to get a new face.
  • ... I'm going to show for a payment is Benjamin Franklin.

  • 2FA Comparison (Score:3, Insightful)

    by Bobberly ( 1677220 ) on Tuesday April 13, 2021 @09:36AM (#61268436)

    I'm trying hard to understand why this is good. Right now you have a payment card. It's something you have. Everywhere (except the backwards US) you use a PIN code to authenticate a payment. Combine this and it acts like 2FA for your payment. (Yeah, I know you can read off the card number.. for this conversation lets assume we're just focusing on using a phone for RFID in-person payments).

    So we're going to take the something you have part (card) and replace it with a hardware token (phone) that requires your face to use. Was cloning cards/phones something that susceptible to fraud in the first place?

    Is the US is still not going to require a PIN or anything else to authenticate the payment? Am I the only one that thinks that we should be focusing efforts more on the something-you-know part of payment security? I'd love to have an 8 digit PIN on my card. I'd love the ability to change it without having to use touch tones on a phone or visit a bank branch. Lets go further and make it a combination OTP + PIN to authenticate a payment.

    • by _merlin ( 160982 )

      You canâ(TM)t do that already? In Australia, most cards allow you to change your PIN to any 4-8 digit sequence at an ATM.

  • This will not end in a happy place.
  • by BAReFO0t ( 6240524 ) on Tuesday April 13, 2021 @09:53AM (#61268494)

    You literally made that bullshit up.

    Almost nobody will use this stupid fad of the decade.
    It will be a shadow of its former self, at the fringes of the industry, like the tablet already is (go find a tablet with an acceptable amount of RAM, I dare you), or phone anorexia will be too, edge displays or "wireless" charging (that leaves you with less freedom to move than a cable! such wireless! much progress! wow!).

    It's all just employees and corporations desperately trying to justify their employment and giving them money... in a fully saturated market with a product that didn't need improvement anymore, several years ago, passed that point, and only devolved again from there.

    This is the opposite of the problem of lack of innovation in a monopoly: The unnecessary competition and greed for profit makes them come up with shit that nobody needs and makes everythinf worse.

    • Case in point for "everything worse".

    • It will be a shadow of its former self, at the fringes of the industry, like the tablet already is

      But but but "The PC died!"

    • You literally made that bullshit up.

      Almost nobody will use this stupid fad of the decade. It will be a shadow of its former self, at the fringes of the industry, like the tablet already is (go find a tablet with an acceptable amount of RAM, I dare you),

      Every iPad we've owned has had an acceptable amount of RAM. Maybe you just haven't used a good tablet (iPad)?

  • I can't call this a bug when I intend to use it as a core functionality:

    First, I drop trou and take a nice, high definition image of ol' Darth Veiner. That should give me access to the bank account of any member of the House of Representatives who links their bank account to their face. Then I turn around and take a classic "redeye" close-up. A few minutes later, I'll be buried to the hilt in the bank account of any member of the Senate who uses it.

    Next step: PROFIT!!! This lad's gonna be livin' large!

  • Hi, my name is Werner Brandes. My voice is my passport. Verify Me.

  • ...but completely fine for authorizing payments?

  • Top Down product design in full effect. Someone said "would it be cool if...." and suddenly SlashDot editorial is pushing something no one is asking for. Looking pretty sus
  • I don't like where this is going, not at all.
  • MercadoLibre which is a large fin-tech in latin america (I would say it's dominant) has been doing this for years. It actually has reduce the use of cash in many countries. You can use it to pay or send money like Venmo. What's truly brilliant is paying by QR code. Contactless, cheap, and effective.
  • I wonder how well face recognition works when the person is sleeping. Sounds like something that can be abused

  • I was shopping with my daughter the other day, and I noticed she was constantly unlocking her iPhone via the PIN number whenever she wanted to check it. I asked why she was doing that, and she told me that her new phone had no fingerprint sensor, and used facial recognition instead. However, that facial recognition doesn't work very well when she is wearing her face mask (as almost ever store currently requires). I wonder how well facial recognition is going to work in the new reality of wearing face masks

To be awake is to be alive. -- Henry David Thoreau, in "Walden"

Working...