Hacker News new | past | comments | ask | show | jobs | submit login
Mastercard Launches Its Biometric Retail Payment System in Europe (nakedcapitalism.com)
49 points by hackandthink 10 days ago | hide | past | favorite | 47 comments

Don't worry, I'm sure they'll give you a free three month subscription to a new pair of eyes every time they leak your iris scans.

Are they keeping the scans, or just a hash of the scan?

Does that even matter when the same set of eyeballs theoretically produce the same hash? It leaking has the same effect, what more benefit would having the “real” eye scan have to an attacker that just wants to use your bank account?

I guess if every PoS that supports bio also required a camera and human verification, then you couldn’t just pass the hash to some API

Just wait until they system can be exploited with a picture of the scan of a person's eye.

If I won’t give Amazon my palm print to pay at Whole Foods, why the f would I give Mastercard a pair of retinal scans?

Seems like MC executives grew up on “Minority Report” and thought, damn this is a good idea!

Are retinal scans a big deal?

It requires a decent camera with very good optics or short distance from your eyes to get a meaningful identification, so your casual CCTV mass surveillance isn't a problem. If I want anonymity, irises are going to be very low on my list of potential worries.

Also, I consider those to be public data (just like my face, fingerprints, overall appearance, voice or DNA), because anyone willing within a reasonable proximity can get this data anyway and there's no stopping it. So, if some company wants to use that as an authenticator... well, that's a stupid idea that I would protest for anything sensitive (unauthorized access to which could actually cause me some griefs), but as long as it's not my liability (and for a credit card it is not - fraud disputes aren't fun but it's not my money either) they can do... whatever, I guess.

Or am I missing something?

> Or am I missing something?

The security issue.

I.e., Mastercard treats their technology as infallible and the people who find an exploit select you as the victim. Mastercard fails to take responsibility and continues to allow you to be exploited with absolutely no mechanism to defend yourself.

Credit card numbers can be changed a lot easier than eyeballs can be.

> Mastercard treats their technology as infallible

They're not unlikely to claim that it was me because machine reports seeing my eyes (because it doesn't hurt them to try to deny the claim), but generally industry is well aware that fraud exists.

> Mastercard fails to take responsibility and continues to allow you to be exploited

True for debit, but for credit the idea is that it's card issuer's problem if they still authorize those biometrics-authenticated transactions afterwards. The most probable scenario is that they'll immediately block the card and ability to use biometric payments after receiving the fraud report. Then start figuring out what happened.

So, I guess, as long as I don't have all eggs in one basket (MasterCard), I will be inconvenienced but not really exploited.

And given that it's not exactly trivial to quietly steal then impersonate someone's eyes and face, until that actually happens (low-probability event) it seems convenient to pay (high-frequency event) without reaching for a wallet or device.

> it's card issuer's problem if they still authorize those biometrics-authenticated transactions afterwards.

Isn't it the reverse, with the issuer declining fraud allegations as they can "prove" you originated the transaction ?

That's the building block of 3DSecure and other additional authentication, where the merchant is protected from chargebacks in exchange for pushing stronger check on the customer.

If it wasn't me who made the transaction, they won't be able to prove it because such proof cannot exist by definition. They can (and most likely will) try to claim otherwise, but best they can do is say that they've scanned something that resembled my eyes to them. It's like with cloned cards (or even EMV proxy attacks) - yea, they've read the magstripe that read as my card, but they can't counter the fact that I was not physically present in that store paired with a statement that I haven't made that transaction.

Also, in my experience, when a fraudulent transaction happens, banks tend to not challenge it much. When someone impersonated my card (I'm not sure but I suspect it was a BIN stuffing attack, since it was a sock drawer card) they just handled it without any issues.

3-D Secure shifts the risk/convenience balance and adds additional security checks, but it doesn't make customers liable for fraud.

You nailed it, we should not use public data for important things like this that could result in fraud.

Totally! Like I said - biometrics is a very bad idea for anything actually sensitive. I wouldn't let my door lock open upon seeing my face - high convenience but high risk. But I don't mind a PAM module on a non-portable desktop computer that would let me passwordless sudo when camera sees me - low risk, high convenience.

And if some credit organization or airport security says they're fine with using it - I see this as their risks, not mine. And giving them my biometrics isn't hurting me because I won't use it for anything I care about. Unless, of course, I'll be forced to, somehow - but I doubt that's likely.

I see MasterCard doing this as they estimated a risk-to-profit factor to be satisfactorily low. My overall impression of banking/finance industry is that they're very different when it comes to security - they tend to have what we'd call poor security practices, but they compensate this by taking responsibility for when things fail, swallowing the losses (cheaper than upgrading everyone and everything) and just making sure they earn more than they lose. It's more prominent in US (where half of the industry relies on knowing last four of secret SSN number that you have to share-not-share with a lot of companies, and some very "secret" questions like my birthday - and the economy still works somehow!) than in EU, though.

People willingly do this for the minor convenience of saving 30 minutes in TSA lines. And I imagine the MC executives picture themselves as part of the cosseted ruling class depicted in 'Minority Report'.

With TSA precheck, you are just giving the one government agency permission to have data another government agency already has. I wouldn't willing give MasterCard any information about me.

They aren’t referring to TSA precheck, they are referring to Clear PLUS.

With TSA precheck, you have to be fingerprinted, no?

Yes. State Dept already has my photo from my passport, fingerprints stored by DHS aren’t that much more (Global Entry specific).

I trust federal agencies more than private corporations, having seen the inside of both.

Am I missing something? Aren't fingerprints a form of PII that everyone just leaves lying around on everything they touch? And that the government isn't really permitted to collect & catalog except as part of a criminal investigation (or a few other minor licensing hurdles like selling alcohol)?

Yes you do.

30 seconds. TSA has the stereo 3d cameras at a lot of ID/boarding pass checkpoints now, but all you have to do is say "no camera thanks" (and hold some paper over the lens if you want) and they will check you the regular way

or got FOMO regarding Worldcoin.

I don't really see how this is a drastically better experience than tap to pay, NFC, Apple Pay, etc. It would feel odd to provide eye scans to everyday retailers, and then at some point, you have to worry about your eye scan being stolen, and you can't (easily) get a new eye afterwards, but you can replace all the payment methods that aren't your eyes.

Attempt to remain relevant in a cheap instant payment world. People are happy with their card and phone NFC tap to pay, as well as QR codes. It’s all about cutting out the parasitic rails now.

My guess - Poland is hint to this question. Poland was a little behind on the integrating Google/Apple Pay, so they have invented (via MC tech) a tokenized payments (BLIK). I guess because of its prevalence there are not too many people using NFC payments via phone, so MC wants to convince BLIK users to "upgrade" to this insecure atrocity (insecure because source image is generated by a simple selfie, proven to be insecure years ago). The advertisement for this crap is all over social networks.

The bottom line for MC is how quickly can they part you from your money? The core of their profit is still the transaction fee. It is to their advantage to reduce any impediment to you spending money. Even if 'fumbling with your card' is an awkward way to put it, those few seconds are still a moment when you could think, I'm not going to spend that money. You might decide to not get your card out.

> I don't really see how this is a drastically better experience than tap to pay, NFC, Apple Pay, etc.

I do, but I don't see how those methods are better than a chip and pin. Waiting in line at a checkout or getting on a bus behind somebody hopelessly futzing with their phone to mess with the app is the new waiting for someone to write a check. The eye thing is dystopian, but it'll be fast.

Not saying it's a good thing to have the Apple/Google duopoly, but I find that once people tried it a few times, phone payments are much faster than fiddling with the wallet and finding the right card. The phone is a larger and more distinct item in your pocket than the wallet, and choosing the right card is faster than going through them in the physical wallet. And you're rarely asked for pin

I'm guessing MasterCard is viewing this as a payment mechanism that only needs the physical customer as the payment authentication. If it's 0 friction (which I doubt), I could see people opting to just look at a camera to pay rather than fumbling to get your phone out.

Fumbling with your phone sounds like a silly statement but so did fumbling with your wallet.

> Fumbling with your phone sounds like a silly statement but so did fumbling with your wallet.

I don't think people want to look away from their phones to do anything, least of all pass a retina scan. You don't even need to swipe away from TikTok to use Apple Pay.

> I don't really see how this is a drastically better experience than tap to pay

Your wallet and phone are lost/stolen. I wish the ATM would take my bank username and password but this is a close second in that situation. Wouldn't use it otherwise.

It's probably better for MasterCard somehow, not the consumer.

Perhaps selling this collected data to third parties? I'd imagine optometrists would want it to push mail in fliers.

I've found that face/retina scans are usually bad UX, especially if you need to use a viewfinder or a statically positioned device. Apple's Face ID works well because it's on a mobile device and you don't have to align your face in a box.

I don't see how this is any more convenient than using a mobile wallet. In fact, it looks less convenient than using the actual card - even if you forget the card you can usually just key in the number at the terminal.

It will be just like all those little paper signs they stuck on EMV terminals. “Insert chip here”, “No chip”, “Tap card on screen”.

So how do you make people use a retinal camera? You cut a hole in a picture of a monkey or the store mascot’s head and put up a big sign that says “look at Mr. Groceries to pay your bill with MasterCard EyeScan” or whatever it is called.

Because explaining how to use it to every single person in line is definitely going to make it fast.

Once a colleague was able to unlock my pixel phone with face unlock - with his face. I'll never trust biometrics again.

Remember that scene from Minority Report where the protagonist needs an eyeball replacement?

Apple pay is about as biometric-y as I'm willing to go for payments.

Wow, imagine if China launched biometric retail payment system in the USA

Europeans hate having sovereign and self sufficient industries, or is it done through psyops?

Imagine giving away your biometric and, soon if not already, your DNA data to foreign countries that will make sure their interests come first (Nordstream sabotage, broken France-Australia submarine deal, US Inflation Reduction Act)

Do they have a weird orb and and company scrip?

Another reason to adopt alternative payment methods and currency that respect privacy. Like decentralised bitcoin or monero.

You don't need to like crypto, but all those privacy issues, inflation, regulations, etc. with fiat money naturally leading to find better alternatives.

No thanks. biometry mean a password you can't change, others can get, and you might be unable to use for instance in case of injuries...

It's quite amusing what everyone got on to the retinal scans, completely ignoring the face bio.

Hint: it's already deployed and working and nobody wants your retinal scans, because it requires a more costly setup at the PoS.

the real fun is when they'll eventually make you look at an ad while paying, your eyes will HAVE to be open! new meaning to "eyeball" count for the ad sellers :)

Ug. No thank you. Just like Amazon’s palm scanning thing I have NO interest in this.

I trust my phone enough. My phone can authenticate me and you can authenticate it. We have that today, works great.

I don’t need “stare at the picture of the monkey over the camera and press the button to pay” or whatever other nonsense retails will do to this.

I’m not anti-biometrics. I’m ok with it on my devices I’ve made that decision on.

But retailers everywhere? No. I know the devices will need to be certified just like EMV terminals, so it’s not like the Amazon things. But that’s still to far.

one hundred percent no --cheers from California, land of already dying retail everything

i thought this was pretty cool. am i alone? lol

how hard is it to steal your eye scan?

From you? I imagine it would be difficult. From them? Less so.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact