Billions of Smartphone Owners Will Soon Be Authorizing Payments Using Facial Recognition (zdnet.com) 104
An anonymous reader quotes a report from ZDNet: The next few years will see billions of users regularly using facial recognition technology to secure payments made through their smartphone, tablets or smartwatches, according to new analysis carried out by Juniper Research. Smartphone owners are already used to staring at their screens to safely unlock their devices without having to dial in a secret code; now, facial recognition will increasingly be deployed to verify the identity of a user making a payment with their handset, whether that's via an app or directly in-store, in wallet mode.
In addition to facial features, Juniper Research's analysts predict that a host of biometrics will be used to authenticate mobile payments, including fingerprint, iris and voice recognition. Biometric capabilities will reach 95% of smartphones globally by 2025, according to the researchers; by that time, users' biological characteristics will be authenticating over $3 trillion-worth of payment transactions -- up from $404 billion in 2020. [...] "All you need for software-based facial recognition is a front-facing camera on the device and accompanying software," Nick Maynard, lead analyst at Juniper Research, tells ZDNet. "In a hardware-based system, there will be additional hardware layers that add additional security levels. It's increasingly important to differentiate because hardware-based systems are the more secure of the two." Maynard's research shows that between now and 2025, the number of handsets using hardware-based systems will grow by a dramatic 376% to reach 17% of smartphones. Juniper expects the number of smartphone owners using [software-based facial recognition systems] to secure payments to grow by 120% to 2025, to reach 1.4 billion devices -- that is, roughly 27% of smartphones globally. "Hardware-based systems obviously have additional costs per device," adds Maynard, "but the reason it is growing well is really that Apple has been driving it forward. They've made the technology a part of their high-end devices, and shown that hardware-based facial recognition technology can be done and can be very secure."
"Software-based facial recognition is strong because it's very easy to deploy," Maynard continues, "but we are expecting a shift towards hardware-based systems as software becomes invalidated by fraudster approaches. Fraudster methods are always evolving, and the hardware needs to evolve with it."
In addition to facial features, Juniper Research's analysts predict that a host of biometrics will be used to authenticate mobile payments, including fingerprint, iris and voice recognition. Biometric capabilities will reach 95% of smartphones globally by 2025, according to the researchers; by that time, users' biological characteristics will be authenticating over $3 trillion-worth of payment transactions -- up from $404 billion in 2020. [...] "All you need for software-based facial recognition is a front-facing camera on the device and accompanying software," Nick Maynard, lead analyst at Juniper Research, tells ZDNet. "In a hardware-based system, there will be additional hardware layers that add additional security levels. It's increasingly important to differentiate because hardware-based systems are the more secure of the two." Maynard's research shows that between now and 2025, the number of handsets using hardware-based systems will grow by a dramatic 376% to reach 17% of smartphones. Juniper expects the number of smartphone owners using [software-based facial recognition systems] to secure payments to grow by 120% to 2025, to reach 1.4 billion devices -- that is, roughly 27% of smartphones globally. "Hardware-based systems obviously have additional costs per device," adds Maynard, "but the reason it is growing well is really that Apple has been driving it forward. They've made the technology a part of their high-end devices, and shown that hardware-based facial recognition technology can be done and can be very secure."
"Software-based facial recognition is strong because it's very easy to deploy," Maynard continues, "but we are expecting a shift towards hardware-based systems as software becomes invalidated by fraudster approaches. Fraudster methods are always evolving, and the hardware needs to evolve with it."
Payments approved by facial recognition? (Score:5, Funny)
Re: (Score:2)
Or "face crime"...I for one am already looking forward to the first post here about someone using a persons selfie to construct a visual model and a 3d printer to make a head that then fools face rec software ;)...
Re:Payments approved by facial recognition? (Score:4, Interesting)
Re:Payments approved by facial recognition? (Score:5, Interesting)
In Argentina we have an electronic identity validation system. It's a government provided API. It's used, for example, to open a bank account. The app uses this API. The government already has your photo in the identity database. So when you open an account you need to take one "normal" selfie and one "proof of life" selfie: it instructs you to make a weird face (such as: close your right eye, open your mouth, etc). It then validates your face and the required gesture.
So far I've used it only twice: to open an "app" bank account after i closed my "real" bank account, and to open an investment account.
Re: (Score:2)
Okay, hadn't considered that possibility. Good move on the part of whomever put that into the system....
Re:Payments approved by facial recognition? (Score:4, Funny)
Interestingly, I did just that when doing an on-line dating thing.
From this particular service, I'd get messages from women (well, that's not certain - one can never know), and check out their profile in response. If the conversation went on more than that one transaction, I'd ask for one photo of them touching their finger (didn't matter which one %^) to their nose, or similar, just to see if it was the likely the same person in the photo set. Don't know how well that tactic worked, but I'd never hear again from the ones that were likely scammers. It was funny in a sad, morose way.
Re: (Score:2)
Most of the big manufacturers claim to have some sort of attention detection so that face unlock doesn't work when you are asleep.
The bigger issue is that everyone is wearing masks now. Sunglasses don't help either. My wife's iPhone 11 never unlocks when she is wearing a mask so she never uses it to pay for stuff anymore. My Pixel 5 has a fingerprint reader which is more more convenient.
Re: (Score:2)
I remember one time we tested facial recognition by taking a picture of his face and just showing that smartphone image to the other phone to unlock it. Or was it a tablet? Some years ago, and one would hope that the software has improved.
How about adding eyeball tracking? Then the phone could show a dot on the screen and move it around, and your eyeballs would have to track the dot to unlock the phone. Of course, that just means the break-in software would need to be a bit more sophisticated to animate the
Re: (Score:2)
What about unconscious?
Re: Payments approved by facial recognition? (Score:2)
You're overcomplicating this. Probably can be done entirely in software.
Re: (Score:3, Insightful)
Apple pay? (Score:3)
I've been doing this the last couple years with Apple Pay. Is this something different?
Re: (Score:3)
Yes, the difference is that they journalist finally found out about it..
(And the fact that more and more android phones have such too, but..)
Re: (Score:2)
They aren't saying it isn't currently happening just that it is about to increase substantially.
users' biological characteristics will be authenticating over $3 trillion-worth of payment transactions -- up from $404 billion in 2020
Re:Apple pay? (Score:4)
I won't use any of the biometric stuff to open or authorize anything.
Re: (Score:1)
So do you pay in cash all the time, carrying large sums of money on you, which could be lost or stolen by a pickpocket?
Perhaps a you use a Credit/Debit Card which you often need to hand off to a person (who could memorize or copy the number) and or apply it against a normal terminal, which often has a network of crappy old infrastructure that will send you data to who knows where.
The Phone with a bio-metric authentication is probably the current best approach balancing security and convenience. As the phon
Re: (Score:2)
I do tend to pay in cash most of the time, whenever possible.
I won't own a debit card....if you get that compromised, your cash is gone from your account till you can prove it wasn't you. I know people that went through this horror story type scenario.
I use credit cards. No biometric needed. Most of the time, those are self serve terminals that I stick the card into. But at worse, if the
Re: (Score:2)
What happens if your biometrics change?
Is there a mechanism in place to change the biometric locks if that occurs?
If there are mechanisms for that what would stop someone that has stolen or found your phone using those mechanisms to reset the locks?
How is that any different from someone resetting a traditional password on the phone?
How is that better than two factor authentication?
If someone finds your phone and can just start "using to pay for stuff" I would assume that there is no lock on the phone. If th
Re: (Score:2)
So do you pay in cash all the time, carrying large sums of money on you, which could be lost or stolen by a pickpocket?
I use cash whenever possible. Its easy to use, the merchant gets the full amount paid out and does not forever tie the purchaser to every transaction they've ever made in their entire life.
As for carrying large sums of money which could be lost or stolen I carry what I want to carry on me which in aggregate is of way less value than most of your phones are worth new.
Perhaps a you use a Credit/Debit Card which you often need to hand off to a person
Now there is a blast from pre-covid past.
and or apply it against a normal terminal, which often has a network of crappy old infrastructure that will send you data to who knows where.
Why should anyone care? If something happens you dispute the charges and they issue another card.
The Phone with a bio-metric authentication is probably the current best approach balancing security and convenience. As the phone will send a different value every time preventing someone from copying the data and reusing it. As well while bio-metrics is not fool proof, it is much safer for the more common occurrence, someone finds you phone and starts using to pay for stuff, but being blocked due to invalid bio-metrics. Sure they can take your phone make a 3d model of your face to access it, or reproduce your fingerprints. But that will take time and effort, in which you may have already called your credit card company to report the theft and had that account deactivated.
Fun
Re: (Score:2)
Funny you list theft as a problem yet see fit to totally discount it here. All having valuable things on your person does is increase the risk of violence toward the victim.
There, FTFY.
Re: (Score:2)
There, FTFY.
You don't understand the problem.
It takes a moment to take something from someone and run off.
It takes far longer to force victim to unlock device and extract thing of value from it. This increases risk of violence toward the victim.
Re: (Score:2)
Not me. I won't use any of the biometric stuff to open or authorize anything.
Welcome to the boat. You get a great view on the port side. To many ways to by pass biometric locks, makes it way to insecure for me. A pin will at least take them some time if I lose my phone, or some cop decides my rights don't mean shit.
Biometrics are not secrets (Score:4, Informative)
https://www.schneier.com/essay... [schneier.com]
So why are companies and governments ignoring the experts and going full steam ahead into disaster? Communities and companies have started banning facial recognition:
https://www.nytimes.com/2020/0... [nytimes.com]
So no banking services for them? Biometrics can change (over time or due to accident or surgery) yet can also not be changed if they are compromised (a hacker steals the data that codes your face and you have to have surgery to get a new face?):
https://www.schneier.com/blog/... [schneier.com]
So you damage your face and you can no longer access your money? The above articles indicate there are some situations and hardware configurations where biometrics make some sense, but there are also many where they do not. Making payments via biometrics on a phone where the user may install any unsecure app which could compromise the phone seems like a very bad idea. What is the chain of trust here from the camera to the bank? How do you verify that the person the phone is taking a picture of _wanted_ that picture taken for biometric purposes? Any app can get camera permissions and take your picture, so any app can access your bank account?
"but we are expecting a shift towards hardware-based systems as software becomes invalidated by fraudster approaches. Fraudster methods are always evolving, and the hardware needs to evolve with it."
So they already expect it to be insecure but they are going to do it anyway. WTF? Are they that stupid? This sounds like multiple class action lawsuits waiting to happen.
Re: Apple pay? (Score:2)
Yeah, but that makes you a nutjob, and by your own choice not a person by yourself anymore, but a part of the swarm lifeform called Apple.
Please stay in your little dystopia, wherever that is. Most of the EU would be enemy territory for your data whoring mindset. (Even grandmas know and care about privacy and data protection here, and do things like avoid smartphones or Amazon.) The USA will hopefully soon be too.
Identical twins? (Score:5, Insightful)
Re: (Score:2)
Identical twins aren't identical. News @ 11.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: Identical twins? (Score:2)
Apple facial recognition can't even tell a mother from her son. Remember the article of a son unlocking his mom's phone?
Re: (Score:2)
Now you're getting down to retina and fingerprint scans. You want your credit card company to have those? Not me.
Re:Identical twins? (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: Identical twins? (Score:2)
No, actually, he is right and you ae the joke.
Also, you said you are dead now, so please stay quiet. (Slight rotting noises are allowed. ;)
Re: (Score:2)
Apparently most Slashdotters have had their funny bones removed, though they can sometimes simulate a sense of humor if the moderators pile on enough Funny mod points.
Re: (Score:2)
maybe mark-t doesn't know what hubcaps are, or the old joke. He could be differently abled.
Re: (Score:2)
Re: (Score:2)
They also can't pull off conventional fraud when access is protected by a placenta. 8^)
Re: (Score:2)
Re: (Score:3)
What is to stop Identical Twins from just taking each others credit card. Heck they will often know enough about each other to properly call the credit card company and send them over an other copy of that card. Or just going to the bank and pretending to be the other person.
Sure as Twins become adults their differences are much more noticeable, but often not enough to compare against a drivers license photo, or the casual person (say a bank teller who sees this person once every couple week, in a mist of
Re: (Score:2)
Well with any technology that seemed to have a Science Fiction story about this technology that ran amuck causing all sorts of chaos, for our hero to overcome.
Bio-metrics bypassing is nearly a trope now. A guy gets his eye ripped out, a finger cut off, A 3d model of the body part is created. Taking the CEO portrait from a cubical door, making a color copy of it (Space Quest 3 (Heck Space Quest 3 had 2 factor authentication, you had to take the CEO Key Card and his photo) ).
Self Driving cars going amuck i
Re: (Score:2)
No, the problem is, how do we figure out if you are who you say you are.
That has been a problem for a long time.
We have Passwords, physical keys, cards with a photo ID (which is a type of bio-metric)
We have problems where when we buy stuff they may be using our money and just pretend to be us.
Complicated 2nd factor for payment (Score:2)
You reminded me of another aspect of the problem with two-factor authentication, but this is one of those that I'm almost hesitant to discuss in public because it might give someone bad ideas... On the flip side, it involves a problem, and maybe someone on Slashdot has a solution approach (that isn't a vulnerability for the bad guys to exploit).
Some of you must be familiar with Symantec's VIP Access app. My summary may be inaccurate, but I think it works by establishing a secure connection with the financia
Re: (Score:2)
Re: Identical twins? (Score:2)
Re: (Score:2)
Re: (Score:2)
I've not ever run into a situation where cash would not work.
Re: (Score:2)
You should visit Sweden when Covid is under control. Cashless with card or mobile works super smooth almost all the time, both in shops and person-to-person.
But more and more establishments don't accept cash. And if you go to a bank and want to deposit cash into your own account, you have to show them a receipt for how you got the money. Same if you want to buy an expensive watch with cash.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
So THAT'S what the little slot on the side is for...
Re: (Score:2)
... cash is freedom.
Nah, cash is the Man's chains around your neck. Fiat currency! Fuck that. I carry gold, scales, and a knife.
Re: (Score:1)
When gold was acutally in use as a currency... it wasn't the intrinsic value that gave it value any more than zinc does a penny... it was a fiat currency. Gold is valuable today because of vast number of applications and if we switched to a gold back currency industry would collapse due to the run on gold.
Not quite (Score:1, Informative)
Re: Not quite (Score:3)
Yeah, no. That is not a separate factor. It is the same device. (And even a different device does not count if they are both "something you know" or both "something you are" or both "something you have".)
Re: (Score:1)
Re: (Score:3)
Re: (Score:2)
Sadly, you're absolutely right.
Re: (Score:2)
Re: One word (Score:2)
Fun fact: The enemy is not the main factor controlling the outcome of this battle.
The main factor is people, supposedly on our side, who declare the enemy the winner, like you just did, and flop like a spineless mollusc before the fight even begins.
Seriously! You are like those people who made Justin Bieber famous by hating him.
Like the Streisand effect.
Please don't side with me. You hurt my side.
Side with them. You speaking for the dystopia is the best way for the dystopia to lose.
Expect this feature to be poorly implemented (Score:2)
This feature probably works better on high-end phones, especially those with the additional hardware described in the description. The feature will be, however, be highly available, and be mimicked by every company that authorizes transactions. This will result in scenarios similar to me using the Rently app recently, where I spent the better part of an hour trying to hold a camera perfectly still in my hand while adjusting my face's alignment with the phone and trying to get a good light source on my face
Re: (Score:2, Insightful)
Look forward to the day processors will be powerful enough, and payment companies brazen enough, that they'll also require you to "look right" to authorize a payment - i.e. not drunk, not stoned, not in a particular setting, etc... This is just the beginning of that zero-friction slope.
Re: (Score:2)
Just wait until processors are powerful enough to scan your social media history before the app decides whether it wants to authorize your transaction or not based on "company values."
Re: (Score:2)
Look forward to the day processors will be powerful enough, and payment companies brazen enough, that they'll also require you to "look right" to authorize a payment - i.e. not drunk, not stoned, not in a particular setting, etc... This is just the beginning of that zero-friction slope.
Let's not forget that facial recognition is terrible at recognizing black faces.
Re: (Score:2)
I'm sure that's why your mom always told you to wash your face and especially behind your ears.
Re: Expect this feature to be poorly implemented (Score:2)
Re: Expect this feature to be poorly implemented (Score:2)
It doesn't even work well on Apple in the first place.
It confuses sons with moms, twins, and has way too many caveats and complications that make it worse than something I could design in 5 minutes.
Looking For Mark On Forehead (Score:1)
This is just a warm up for the phone looking for the mark of the Beast soon.
Such exciting times!
Re-issuance might be a problem (Score:5, Funny)
The only face ... (Score:2)
2FA Comparison (Score:3, Insightful)
I'm trying hard to understand why this is good. Right now you have a payment card. It's something you have. Everywhere (except the backwards US) you use a PIN code to authenticate a payment. Combine this and it acts like 2FA for your payment. (Yeah, I know you can read off the card number.. for this conversation lets assume we're just focusing on using a phone for RFID in-person payments).
So we're going to take the something you have part (card) and replace it with a hardware token (phone) that requires your face to use. Was cloning cards/phones something that susceptible to fraud in the first place?
Is the US is still not going to require a PIN or anything else to authenticate the payment? Am I the only one that thinks that we should be focusing efforts more on the something-you-know part of payment security? I'd love to have an 8 digit PIN on my card. I'd love the ability to change it without having to use touch tones on a phone or visit a bank branch. Lets go further and make it a combination OTP + PIN to authenticate a payment.
Re: (Score:2)
You canâ(TM)t do that already? In Australia, most cards allow you to change your PIN to any 4-8 digit sequence at an ATM.
Uh-oh... (Score:2)
Do you even blink while lying this blatantly? (Score:3)
You literally made that bullshit up.
Almost nobody will use this stupid fad of the decade.
It will be a shadow of its former self, at the fringes of the industry, like the tablet already is (go find a tablet with an acceptable amount of RAM, I dare you), or phone anorexia will be too, edge displays or "wireless" charging (that leaves you with less freedom to move than a cable! such wireless! much progress! wow!).
It's all just employees and corporations desperately trying to justify their employment and giving them money... in a fully saturated market with a product that didn't need improvement anymore, several years ago, passed that point, and only devolved again from there.
This is the opposite of the problem of lack of innovation in a monopoly: The unnecessary competition and greed for profit makes them come up with shit that nobody needs and makes everythinf worse.
Typos proudly sponsored by touchscreens. (Score:2)
Case in point for "everything worse".
Re: (Score:2)
It will be a shadow of its former self, at the fringes of the industry, like the tablet already is
But but but "The PC died!"
Re: (Score:1)
You literally made that bullshit up.
Almost nobody will use this stupid fad of the decade. It will be a shadow of its former self, at the fringes of the industry, like the tablet already is (go find a tablet with an acceptable amount of RAM, I dare you),
Every iPad we've owned has had an acceptable amount of RAM. Maybe you just haven't used a good tablet (iPad)?
I can't wait for this wonderful innovation (Score:2)
I can't call this a bug when I intend to use it as a core functionality:
First, I drop trou and take a nice, high definition image of ol' Darth Veiner. That should give me access to the bank account of any member of the House of Representatives who links their bank account to their face. Then I turn around and take a classic "redeye" close-up. A few minutes later, I'll be buried to the hilt in the bank account of any member of the Senate who uses it.
Next step: PROFIT!!! This lad's gonna be livin' large!
Hi, my name is Werner Brandes. My voice is my pass (Score:2)
Hi, my name is Werner Brandes. My voice is my passport. Verify Me.
Not secure enough for a lock screen... (Score:2)
...but completely fine for authorizing payments?
This Product is in need of a Problem! (Score:2)
The normalization of facial recognition (Score:1)
Re: (Score:2)
Only if it's not got flouride in it.
Re: (Score:2)
fluoride. My bad.
This has been going on for years (Score:2)
free money (Score:2)
I wonder how well face recognition works when the person is sleeping. Sounds like something that can be abused
Facial recognition with face masks? (Score:2)