The selfie is about to get serious.
Already ubiquitous at parties and
for capturing Instagram- worthy landscapes, the act of raising a phone
to your face and finding the perfect photo angle could take on a whole
new role in people's finances. Some banks, tax agencies and tech
companies are making the selfie an integral step for people checking
their bank accounts, shopping online and filing tax returns.
Forced
to find creative ways to guard against the rising threat of identity
theft, a growing number of companies are moving from a system that tests
people on what they know, such as a password. Now they want to ask
consumers to provide evidence of something that can't easily be changed
or copied: their face.
"In our opinion, the password is dying,"
said Tom Shaw, vice president of enterprise security at financial
services firm USAA. The company now lets customers use a selfie instead
of a password to log in to their mobile banking apps. Customers only
need to choose the facial recognition option when they open the app,
hold the phone up to their face and blink. It's much easier for some
consumers to take a quick picture than it is to ask them to remember yet
another username and password, Shaw says.
A photo also can serve
as a way for consumers to offer proof that it was indeed them - and not
an imposter - who made that purchase or submitted that form.
For
instance, MasterCard plans to roll out a service nicknamed "Selfie Pay"
this summer through its member banks. Through the program, consumers
would shop online as usual and after checking out, they would confirm
the purchase by taking a selfie with a MasterCard mobile app.
And
Georgia will roll out a pilot program for the next tax season at the end
of the year that gives taxpayers the option of creating a secure
account where they verify their identities by taking a photo. If there
is a match, taxpayers will be asked take a photo on their smartphones
before their tax returns can be processed, ensuring the return was not
submitted by a fraudster.
The growing use of facial recognition,
however, raises a series of security and privacy concerns. One obvious
vulnerability is that it is not that difficult to find out what someone
looks like.
"Everyone has your face," says Alvaro Bedoya, the
executive director of Georgetown Law's Center on Privacy and Technology.
"So it is a mode of authentication that is inherently public."
To
overcome that risk, the companies are requiring selfies that are a
little different than the ones you might see on Facebook. After finding
the right angle, consumers are asked to move around to confirm that the
camera is capturing a live person and not a photo.
In the
MasterCard and USAA programs, users are told when to blink. Georgia's
tax program will prompt people to position their faces a certain way and
scan for motion.
The photos are typically not the only safety
measure, serving instead as the second or third method of
authentication. USAA, for example, says that it checks not only the
photo, but also for the device being used to access the account. That
means a criminal should not be able to log in from another phone that
isn't already registered with their systems, Shaw said. For the tax
program, Georgia will compare the selfies consumers submit to the photos
it has in its database of state driver's licenses.
Privacy
advocates fear that if companies misuse the photos, it could lead to
situations where people are instantly identified when they walk into
stores or while they are walking down the street. Some of that is
already happening.
Several states allow law-enforcement agencies
to use facial recognition to search, or request searches, of driver's
license databases when they need help identifying people for
investigations. Some retailers have used the technology to recognize
regular or problematic shoppers.
"It is a basic human freedom to
be able to walk outside and be anonymous and be private," said Bedoya.
"If you can no longer be a face in the crowd, that's a problem."
But
some of the companies and agencies introducing facial-recognition
programs say they are only using the images to verify customers'
identities.
They also say they are protecting consumers by not
storing the images. MasterCard, for instance, said it converts the
initial photo users take when they set up their accounts into a series
of 1s and 0s that cannot be used to recreate a person's face. USAA says
the biometric information is encrypted and wiped if a customer hasn't
logged in for a while. And MorphoTrust USA, the company providing the
technology for the facial recognition pilot in Georgia and a potential
one in North Carolina, said that after a person's identity is confirmed,
the photos taken will not be stored on the state's servers.
Still,
some of the hiccups consumers may face are much more basic. For
example, it is not clear how well the apps will hold up in cases where
people's faces actually have changed - say because they gained weight,
started wearing glasses or grew a beard. USAA says their app has worked
after such minor changes, but reminds users that they could always
switch to another method of authentication. And MorphoTrust USA says
that its technology will scan for features that are unlikely to change
much over time, such as the shape of a person's eyes.
Whether most
consumers will go along with the new selfie programs has yet to be
seen. The parties introducing facial recognition and other biometric
options cite convenience and security when pitching the technology.
The
process relies on smartphones that many consumers already have in hand.
And because these apps are scanning only for the most basic
characteristics of a person's face, none of the typical traits required
of selfies - such as perfect hairstyles - are needed.
Some
consumers may welcome the added measure. Greater access to consumers'
personal details has made it easier for criminals to take out loans in
their names, go on shopping sprees or file fraudulent tax returns. About
17.6 million Americans were victims of identity theft in 2014, meaning
they had their bank account, credit card or other personal information
stolen, according to the most recent data from the Department of
Justice.
The selfie offers a simple way to help them combat that kind of fraud, the companies say.
In
some cases, taking a photo can also offer an alternative to a more
complicated process. For instance, Georgia says for some taxpayers who
need to provide more information before their tax refunds are paid,
taking a selfie could be easier and faster than calling or mailing in a
form.
"We're getting to a place where we can really start using
our identities as a key, or as a way to protect ourselves," said Mark
DiFraia, senior director of market development at MorphoTrust USA.
Consumers
may also find they have options beyond facial recognition when it comes
to confirming their identities. For instance, USAA customers who want
to use biometrics to log into the mobile app can either scan a
thumbprint - the most popular option - snap a photo or use voice
recognition. About 13 percent of its 11 million members have opted to
use the biometric log-in as of early April.
MasterCard users who do not want to take a photo can use the app to scan a fingerprint.
Those
alternatives may come in handy for people facing a potential security
threat from someone very close to them: their identical twin.
For
that subset of the population who knows someone with a face that looks
just like their own, it may be safer to pass on the selfie option and go
with fingerprint verification instead, says Catherine Murchie, senior
vice president of enterprise security solutions at MasterCard.
Otherwise, that twin could end up going on a nice shopping spree.
© 2016 The Washington Post
Realme 14 Pro+ Review: Plenty of Refinements28 March 2025
Search
![Gadgets 360 With Technical Guruji: News of the Week [March 29, 2025]](https://c.ndtvimg.com/2025-03/9cu1890s_news-of-the-week_160x120_29_March_25.jpg?downsize=180:*)
