MasterCard is partnering with Bank of Montreal (BMO) on a pilot project for the first biometric corporate credit card program in Canada and the U.S. with a rollout to consumers and other banks expected this summer.
Dubbed “Selfie Pay” by MasterCard, the process is designed to add another layer of security to digital payments. It has no bearing on face-to-face transactions at a physical point-of-sale — it’s purely aimed at e-commerce.
The gist of how it works is through the free MasterCard Identity Check mobile app for iOS and Android. In the checkout process, the app sends a notification to confirm the transaction. The user taps it, and is taken directly to the app, where they are then prompted to scan a fingerprint or take a selfie to verify identity. Once approved, they are taken back to the merchant site to proceed with the sale.
The Identity Check app does require registering a fingerprint or selfie first, of which the former is stored on the device itself because it piggybacks off of Apple’s Touch ID or the various ones used on Android, like Samsung’s sensor or Nexus Imprint, for example. The latter face recognition is stored on MasterCard servers, not the bank’s, ensuring that only verification — not actual data — is passed from one to the other.
The facial recognition primarily focuses on the orbital bone structure around the eyes, so facial hair, hair styles and tans probably won’t throw it off. Glasses could be an issue, whereas coloured contact lenses wouldn’t be, according to MasterCard.
In focusing on e-commerce, the app can be used for purchases made on a mobile device or computer. In either case, the biometrics must be used on a mobile device, meaning that there’s no way to do it with a fingerprint reader or front-facing camera on a laptop, for instance.
Part of the purpose in launching this is to avoid instances where a transaction is denied because it falls out of the normal spending habit. That fraud-prevention method sometimes has the unintended consequence of spoiling a sale, requiring customers contact their bank or credit card company to negate any further restrictions. The idea is that travelling abroad shouldn’t have to include a heads-up phone call to let MasterCard know that upcoming foreign transactions are to be expected, and shouldn’t be blocked.
In that respect, this is not so much a mobile payment platform, but rather a form of two-factor authentication to validate the user. And the only way it can work is with merchants who use MasterCard’s SecureCode, a private code that encrypts a transaction at checkout. The company says 8,000 merchants in Canada are currently offering it for e-commerce.
That means it has nothing to do with any of the physical mobile payment platforms that are either already operating in Canada, or coming up, like Apple Pay and Samsung Pay, among others.
It’s also limited to corporate credit cards with BMO, at the moment, as the “soft launch” continues until a planned expansion to consumers and small businesses in the summer — probably July. It’s unknown what other banks might jump onboard to offer this, but it is highly likely that each bank will brand this in some way to help promote it.
The longer-term vision is to give banks the leeway to incorporate the technology into other banking activity, like wiring or transferring money to friends and family or managing investments. Little detail was offered as to how and when that might play out, but it is interesting that it could be leveraged to services that have nothing to do with MasterCard, or credit cards, in general.
While Android support is confirmed, which version of the operating system compatibility starts with wasn’t revealed. We will update this story once we receive those details. BlackBerry 10 and Windows Phone won’t be supported.
If you happen to have a BMO corporate card, you can contact the bank to try out the new Selfie Pay now.