-The emerging vulnerabilities of mCommerce are a serious threat, but there are viable multi-factor solutions, and sticking with archaic password systems is not a good option.-
In the wake of Alipay’s announcement that it is going to use facial recognition technology for user authentication in mobile payments, some are starting to ask if that kind of security is really enough. Dan Moren, in particular, says he has found a flaw in the system in a new Popular Science article.
Moren used what seems to be his phone’s Face Unlock feature to test out its security. Having tried to use an 8-by-10 printout of his face as a mask – with the eyes cut out so that he could blink through them – and failed, Moren proceeded to take a video of his face, eyes blinking, on his computer, and then held the phone to the screen. That worked; the Face Unlock feature was fooled by the video on his computer. “So much for high security,” he concludes.
Of course, in the real world, if someone were to steal a phone and try to make an mPayment by playing a video of someone else’s face at the retailer’s POS, that would raise some alarms. But Moren does have a point when it comes to mCommerce authentication outside of the retail environment. That’s where multi-factor authentication comes in: Combining facial recognition technology with, say, voice biometrics offers a much more secure solution, and in fact it’s already being used in practice via at least a couple of apps. Sensory’s AppLock system, for example, can be used to secure Android phones, while USAA’s mobile app uses a similar system and is available for Android and iOS. The emerging vulnerabilities of mCommerce are a serious threat, but there are viable multi-factor solutions, and sticking with archaic password systems is not a good option.