Mastercard wants you to start paying with your face. CNBC Reports(Opens in a new window) that Mastercard’s new plan would allow consumers to link their credit cards to biometric identifiers: “At checkout, users will be able to authenticate their payment by showing their face or the palm of their hand instead of swiping their card.”
It’s a terrible idea. Facial recognition systems are neither particularly useful nor respectful of your privacy.
Less objectionable, but still crude, is the idea of effectively turning your body into a credit card. The credit system is predatory enough, but tying your debt to your body is deeply dehumanizing. Most reprehensible is the continued socialization and adoption of facial recognition, a technology inherently dangerous to society and useless to the individual, making it the worst idea in the history of consumer technology.
CNBC also reports that Mastercard’s scheme will somehow allow you to make payments in the metaverse and verify ownership of NFTs, the technology’s third and second worst ideas, respectively.
Don’t become a credit card
There are two big problems with facial recognition in general. First of all, there’s no good way to communicate intent with her. This is a real problem when using your face to unlock your phone, because just holding your phone (or someone else holding your phone) will unlock it, whether you want it to or not. It’s the same with shopping. Granted, the work has been done(Opens in a new window) to solve this problem, but there is a world of difference between choosing to enter a PIN or presenting your fingerprint than looking at a machine just like that.
Facial recognition is inherently dangerous to society and useless to the individual, making it the worst idea in the history of consumer technology.
To buy something with a credit card, you need to remove the card, let the POS machine interact with it in some way, then enter your PIN or sign a receipt. It is very difficult to accidentally swipe your card through a machine without intending to. Even assuming Mastercard’s process has a validation process, like entering a PIN or tapping a confirmation box, the fact that just showing your face to start a payment process is concerning. It’s not secure and, more than that, it’s bad design.
The second problem with facial recognition is abstract but more pressing: Widespread adoption of facial recognition will make people more comfortable with constant surveillance and large-scale tracking. We’ve seen this before, when a technology that people are unfamiliar with or distrustful of is adopted without valid concerns being addressed. At-home DNA testing is still popular despite the privacy implications, and while we’ve seen improved privacy controls for free apps and services, almost all of them still rely on collecting your personal data.
This also happens with facial recognition. Apple has (surprisingly) made it the default option for its flagship iPhones, and Microsoft for its Windows Hello login scheme. It is now common for travelers to be encouraged or even required to have their faces scanned at airports (although this is allegedly optional).
We should be concerned about its normalization, because facial recognition is particularly invasive. It allows to monitor many people simultaneously and without their knowledge. Fingerprinting a whole crowd of people is neither easy nor subtle. Yet powerful facial recognition would not only identify people without their knowledge, but also track their interactions with each other and the things around them.
It’s a problem with mass government surveillance, but it’s not much better when a company does it. We already know that retailers are keen on tracking customers in their stores. Imagine how much more data could be collected by tracking what shoppers are interacting with or building a social map based on who they interact with. I vividly remember a Google patent for a technology that track pupil dilation(Opens in a new window) interactions, trying to guess people’s reactions to the ad and each other. These ideas are not new, they are just waiting to be implemented.
Recommended by our editors
The widespread adoption of facial recognition will make people more comfortable with constant large-scale monitoring and tracking.
Nothing in the reports about Mastercard’s new system suggests this degree of monitoring, but there is mention of loyalty programs, which are often just a good way to tell you’re being followed. Again, excerpt from the CNBC article, referring to the desire for the biometric payment system to be usable worldwide.
The feature could integrate with loyalty programs and make personalized recommendations based on previous purchases, Mastercard said.
Stop trying to make facial recognition happen
For now, Mastercard’s facial payment system is only available in Sao Paulo, Brazil, but it is likely to spread. This means that there is a rare opportunity to postpone this effort. The facial recognition narrative is unsettled and, on the contrary, the caution with which it’s being deployed in consumer products suggests companies aren’t yet sure it’s a safe bet.
So say no to face sweeping. Pick up at the airport. Use your fingerprint or a password to unlock your phone. Avoid FaceID. Switch to Windows Hello and use a security key instead. When you see a company or government insisting that facial recognition is private and secure, make a lot of noise. If poor consumer adoption can bring BetaMax tape and MiniDisc to a standstill, surely we can make facial recognition so toxic that the mere mention of it will put people up in arms.
Do you like what you read ?
Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.