Financial Biometrics Month: Amazon and Mastercard are Taking Different Approaches to Naked Payments, and the Stakes are High

November 10, 2022

When you’re making a purchase in-person (rather than online), you’re probably using a payment card. And when you’re verifying that you actually mean to make the purchase, you’re probably not signing a receipt at this point – instead, it’s likely that you’re entering a PIN. Everyone used to verify their payments with a signature, and now everyone understands that a PIN is just as good, if not better.

If you’re paying for something online, however, using a relatively new smartphone, there’s a good chance you’re not entering a payment card number and a PIN, but instead using your phone’s biometric authentication mechanism – Face ID, for example, or a fingerprint scan. Everyone used to shop in person and enter a PIN, and now sometimes people shop online and confirm their purchases with biometrics, and everyone understands that most smartphone-based biometrics are just as good as a PIN, if not better.

And if you’ve gone the next step in payment innovation and loaded a virtual version of your payment card onto your phone, and now you’re using your phone to pay for things in-person, you’re probably using biometric authentication to verify the purchase there, too. Because the phone’s biometric authentication is just as good as a PIN (if not better), everyone understands that there’s no need to require a physical payment card and a PIN for in-store payments. A face or fingerprint-scanning phone is just as good, if not better.

To some, the next logical step from here is obvious: if your biometrics are now linked to your payment card, why should you even need your phone? A few years ago, this would have struck a lot of people as a radical concept – that you might pay for something with just a biometric scan, and no physical token of any kind, other than your own biometrics. But innovation in these kinds of biometric payments – also known as ‘naked payments’ – has been rapid, and 2022 has delivered some indications that this nascent payment technology may be on the cusp of going mainstream.

Amazon Blazes a Trail

One of the most high-profile pioneers of biometric payments so far has been Amazon, which has been gradually rolling out a Point-of-Sale system designed to scan a customer’s palm biometrics – the pitch being that you can make a purchase with a wave of the hand. The company officially unveiled its Amazon One system in September of 2020, and went on to announce that it would be deployed at select Whole Foods stores in Seattle the following spring.

Since then, Amazon One has been implemented in Whole Foods stores in New York City, Los Angeles, and Austin, as well as in certain Amazon Fresh, Go, and Style stores. And this past August, Amazon announced that it would roll out the biometric payments system across 65 Whole Foods locations in California.

Amazon hasn’t disclosed how popular (or unpopular) its naked payments system is. But the expanding rollout suggests that Amazon has detected a certain appetite for this kind of innovation. It’s also worth noting Amazon’s focus on introducing the system in high-profile, trend-setting urban centers like Seattle, Los Angeles, New York City, and Austin. The company’s leadership may be banking on ripple effects from early adopters.

Of course, Amazon is itself an early adopter of this technology, and that’s by its nature. The company is a disruptor, and has been unafraid to “move fast and break things”, as the Silicon Valley motto goes. So this year’s other major development in the emerging naked payments sector is all the more noteworthy for coming from a relatively conservative institution.

A Payments Giant Surveys the Frontier

Join Facephi and FaceTec for an expert conversation on biometrics and finance.

Mastercard announced its Biometric Checkout Program in May of this year. It was a tentative yet bold step: the global payments giant had not yet settled on any one particular approach, but was partnering with a number of FinTech innovators to experiment with the technology in various markets.

First up would be Payface, a Brazil-based startup specializing in linking consumers’ face biometrics to their payment accounts, which would deploy its solution across five stores belonging to the St Marche supermarket chain. But at the Biometric Checkout Program’s outset, Mastercard revealed that it had also partnered with NEC, Aurus, Fujitsu Limited, PaybyFace, and the growing Silicon Valley startup PopID.

Setting aside Aurus, which handles payment processing, three of Mastercard’s other four biometrics partners specialize in face-based technologies. PopID and PaybyFace have built naked payments solutions around face biometrics, and NEC is renowned for its highly accurate NeoFace solution, which offers applications in a number of areas including naked payments. Fujitsu stands out for its historical focus on a different modality, palm vein biometrics; but the company’s more recent efforts to explore naked payments combined that technology with facial recognition, a new area of interest for Fujitsu. All of which suggests that Mastercard is strongly leaning toward face biometrics as the modality of choice for biometric payments.

It makes sense. Selfie-based authentication is probably the most popular means of biometric authentication on smartphones today, and a large cohort of consumers are now used to confirming mobile-based transactions with a face scan. It’s convenient, contactless, and does not necessarily require any particular action from the consumer at the Point of Sale other than facing a self-service kiosk.

You Can’t Cancel Your Face

The problem is that it might be too convenient. If all that is needed for a payment to be authorized is an image of the buyer’s face, all sorts of fraudulent and criminal shenanigans become conceivable, and maybe even expected. Hypothetically, someone could make a purchase using a printout of a registered consumer’s face; maybe they could even download a retail store’s mobile app and aim their phone’s camera at a customer in order to put a payment through.

None of this is necessarily likely, but it’s conceivable, and its plausibility depends on the quality of the biometric technology being used. In the world of mobile payments, for example, Apple doesn’t need to worry about letting users authorize payments with a selfie at least in part because its $1000+ smartphones feature highly sophisticated laser grid technology that creates a three-dimensional map of the user’s face. It is very difficult to spoof. Google, on the other hand, is pointedly refusing to let users of its new Pixel 7 use its facial recognition technology for online payments, presumably because the company is not confident that its new face scanning system is as resilient against spoofing attacks as its fingerprint authentication mechanism.

For naked payments, the facial recognition technology that Mastercard deploys will probably need to be sophisticated enough to spot a 2D printout when it sees one, if it’s going to successfully persuade a sizeable chunk of consumers to give it a try. And that will probably entail convincing merchants to install new hardware that is fit for purpose. Amazon, meanwhile, doesn’t need to convince merchants of anything: the company is deploying its palm scanning solution at its own stores, from the top down.

But both companies will have to convince consumers to opt into their systems, and that will require addressing the security of their biometrics. If your payment card gets stolen – or if your phone gets stolen, and your card is on it – you can call your bank and cancel it; you cannot cancel your face or palm. Ultimately, both Amazon and Mastercard – and the many other, smaller players that are busy pioneering the biometric payments frontier – will need to persuade customers that their systems are both convenient and safe, with no risk of having their biometric payment credentials permanently compromised. If they can do that, there may come a time when everyone understands that for in-store payments, your biometrics are just as good as a payment card or a phone, if not better.

–

November 10, 2022 – by Alex Perala

Financial Biometrics Month is made possible by our sponsors:

Related News

FaceTec’s patented, industry-leading 3D Face Verification and Reverification software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ finally make trusted, remote identity verification possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for 3D Liveness and Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

AuthenticID provides 100% automated identity verification and fraud detection solutions that are leveraged by companies worldwide, including 2 of the top 3 U.S. Banks, 8 out the top 10 wireless providers in North America, and 2 of the 3 credit bureaus. Using proprietary computer vision and machine learning technology, these solutions help companies accurately verify the identity of their users across retail, digital and call center environments for onboarding and ongoing re-authentication events; KYC, IAM, and more. The solutions are easy to integrate and provide customers a large ROI by stopping fraud losses, increasing customer conversion at onboarding, reducing operational costs and allowing quick and cost-effective operational scalability, all while ensuring global privacy regulations are complied with. https://www.authenticid.com/

Anonybit is a privacy-focused technology platform that provides decentralized solutions for securing personal data, particularly biometric information. Rather than storing sensitive data in centralized repositories, which are vulnerable to breaches, Anonybit uses a distributed architecture that breaks data into smaller encrypted bits and stores them across a network of decentralized nodes. This approach ensures that no single entity has access to the full dataset, enhancing privacy and security, even preventing insider threats. Anonybit is used by leading banks, fintechs and other enterprises for critical biometric identity functions like deduplication and blocklist checks, step up authentication, passwordless login and account recovery https://anonybit.io/

Identity Week aims to be a significant identity industry catalyst. It’s our mission is to help accelerate the move towards a world where trusted identity solutions enable governments and commercial organisations to provide citizens, employees, customers and consumers with a multitude of opportunities to transact in a seamless, yet secure manner. All the while preventing the efforts of those intent on doing harm. https://identityweek.net/

The Biometric Digital Identity Prism is a market landscape framework designed to help influencers and decision makers understand, innovate, and implement digital identity technologies and solutions. This innovative framework for understanding and evaluating the rapidly evolving biometric digital identity marketplace is the only market model that is truly biometric-centric based on the foundational conviction that in the age of digital transformation the only true, reliable link between humans and their digital data is biometrics. https://www.the-prism-project.com

ID R&D is an innovator of biometric facial liveness, document liveness, and voice biometrics. Ranked #1 by NIST, our patented passive approach to liveness, and specialized detection of voice clones, injection attacks and deepfakes, empowers KYC and authentication systems with fast, accurate and secure biometric verification technologies. Over 140 partners in more than 70 countries are collectively processing hundreds of millions of identity checks per year. ID R&D solutions easily integrate with mobile, web, messaging, smart speakers, set-top boxes, and IoT devices. Learn more: www.idrnd.ai