Friday, 9 August 2013
PayPal's 'Pay with your face' Creepy Privacy Concern
PayPal launched a new smartphone payment service in the UK, where the customer pays using their smartphone. The merchant (shopkeeper) receives the customer's name and a photo of the customer's face, and then verifies the customer is the owner of the smartphone and PayPal account, by comparing the PayPal sent photo of the customer on the shop's smartphone, with the face of the person stood in front of the till. This is a passport control type facial recognition authentication, in other words biometric verification.
There is a video of it in action on the BBC website - http://www.bbc.co.uk/news/business-23605025
The fly in the ointment which the BBC report neglected to mention is privacy. A lot of people who value their right to privacy and personal information, will simply not want to have a photo of their face together with their full name sent to shopkeepers mobile phones. There is also the age old problem with any biometric verification, it just tends to creep people out. People just do not like the intrusive feel of biometric verification, which is why it has never taken off in any customer focused industries. This is why the security concious payments industry sticks with other non-biometric factors of verification, such as 'something you have' i.e. the credit card or smartphone, or/and 'something you know', i.e. passwords, as friendly factors of authenticating customers.