MasterCard’s “Smile to Payment” system, announced last week, is supposed to save customers time at checkout. It is being tested in Brazil, with future pilots planning for the Middle East and Asia.
The company argues that touch-free technology will help speed up transactions, shorten store lines, increase security and improve business hygiene. But it also raises concerns about customer privacy, data storage, crime risk and bias.
How will it work?
MasterCard’s biometric checkout system will provide customers with face-to-face recognition-based payments, linking several third-party companies’ biometric authentication systems to MasterCard’s own payment system.
A MasterCard spokesperson told the conversation that it has already partnered with NEC, Payface, Aurus, Fujitsu Limited, PopID and PayByFace, whose names will be released.
They said that “providers must go through independent laboratory certification as opposed to the program’s criteria for consideration” – but details of these criteria are not yet publicly available.
According to media reports, customers need to install an app that will take their pictures and payment information. This information will be stored and stored on the server of the third party provider.
At checkout, the stored data will match the customer’s face. And once their identities are verified, funds will be automatically deducted. The “wave” option is a bit of a tactic: when the customer sees the camera swinging, the camera still scans their face – not their hand.
Similar authentication technology is used on smartphones (Face ID) and at many airports around the world, including Australia’s “SmartGates”.
China started using biometrics-based checkout technology in 2017 But MasterCard is the first to launch such a system in the Western market – competing with the “pay with your palm” system used in cashier-less Amazon Go and Whole Foods Brick & Mortar. In the United States.
Which we do not know
Not much is clear about the specific functionality of the MasterCard system. How accurate will facial recognition be? Who will have access to the biometric data database?
A MasterCard spokesperson said customer conversations will be stored in the form of encrypted information with the relevant biometric service provider and will be removed when the customer “indicates they want to end their enrollment”. But if MasterCard itself can’t access it, how can data removal be implemented?
Clearly, privacy protection is a major concern, especially when many potential third-party providers are involved.
On the bright side, MasterCard customers will have a choice about whether to use the biometrics checkout system. However, it will be up to the retailers to consider whether they will offer it or whether they will offer it as the only payment option.
Similar face-recognition technologies used at airports and by the police often offer no alternative.
We can assume that the MasterCard and Biometrics providers they partner with will require the consent of the customer in accordance with most privacy laws. But do customers know what they are agreeing to?
Ultimately, MasterCard teams providing biometric services will decide how they will use the data, for how long, where they will store it and who will be able to access it. MasterCard will only decide which providers are “good enough” to accept as partners and adhere to their minimum standards.
Customers who wish to benefit from this checkout service must agree to all relevant data and privacy terms. And as mentioned in the report, MasterCard has the potential to integrate the feature with loyalty schemes and make personalized recommendations based on purchases.
Accuracy is a problem
The accuracy of face recognition technology has been challenged before, current The best According to tests conducted by the National Institute of Standards and Technology, the error in facial authentication algorithms is only 0.06%. In some countries, even banks have made it easier for users to rely on it to log in to their accounts.
However, we do not know how accurate the technologies used in MasterCard’s biometric checkout system will be. Underpinning algorithms of a technology can work almost perfectly when trailing in the lab, but work poorly in real life settings, where lighting, angles and other parameters are varied.
Prejudice is another problem
In a 2019 survey, NIST found that most of the 189 facial recognition algorithms were biased. In particular, they were less appropriate for people belonging to ethnic and racial minorities.
Even with the advancement of technology in the last few years, it is not foolish. And we don’t know how far MasterCard’s system has overcome this challenge.
If the software fails to recognize a customer at checkout, they may be frustrated, or even angry – which will completely undo any promise of speed or convenience.
But if technology mistakenly identifies a person (for example, John is recognized as Peter – or twins are confused for each other), money can be taken from the wrong person’s account. How will such a situation be dealt with?
Is technology safe?
We often hear of software and databases being hacked, even in the case of very “secure” organizations. Despite Mastercard’s efforts to ensure security, there is no guarantee that third-party providers’ databases – including the biometric data of millions of potential people – will not be hacked.
With the wrong hands, this data can lead to identity theft, the fastest growing type of crime and financial fraud.
Do we want it?
MasterCard suggests that 74% of consumers use this type of technology, citing a status from its own research – it is also used by business partner Idemia (a company that sells biometric identification products).
But the cited report is vague and concise. Other studies show completely different results. For example, this survey suggests that 69% of consumers do not feel comfortable using face recognition technology in retail settings. And only 16% believe in such technology.
Also, if consumers knew the risks of the technology, the number of people willing to use it could be further reduced.
(Author: Rita Matulionite, Senior Lecturer in Law, Macquarie University)
Statement: Rita Matulionyte received funding from the Lithuanian Research Council for the research project ‘Official Use of Oral Recognition Technology: Legal Challenges and Possible Solutions’ (2021-2023). He is affiliated with the Australian Society for Computers and Law (AUSCL).
This article has been republished from Conversations under a Creative Commons license. Read the original article.
(Except for the title, this story was not edited by NDTV staff and was published from a syndicated feed.)