Earlier this summer, MasterCard announced a new multifactor authentication option for its cardholders: the selfie. Customers will soon be able to incorporate a selfie and facial recognition software into their accounts. The pilot program starts in the fall and will incorporate fingerprint scanning as well as facial recognition. Users will need to download an app to their smartphones to enable the new authentication methods, but if used successfully, the process should strengthen account logins and reduce the risk of identity theft.

Certainly, fingerprint identification has become more popular; readers are now found on most new smartphones. But getting this tool adopted by the B2B world might take some time, especially given the reluctance that many IT managers have over these technologies.

Tony Maro, the CIO for West Virginia medical records software vendor EvriChart, explained some of the possible benefits — and disadvantages — in an interview with Security Intelligence. “This may help reduce some online fraud. But it could be a mixed bag,” he said. “This isn’t about preventing people from stealing your credit card number. It’s about stopping the consumer from contesting purchases as a way to avoid paying for them.”

Another issue to consider is what happens to the digitized facial and fingerprint databases. Implementing these authentication measures gives enterprises the ability to collect the biometric data of potentially millions of individuals — and that information would be a gold mine for cybercriminals.

“This now becomes just another piece of data about you that’s going to be leaked in a data breach,” Maro explained. The storage of this data could become an issue for privacy advocates and yet another data store of personal information that needs to be tracked by intrusion detection and firewall software.

Finally, there is the reliability of the underlying technologies, which could be holding back companies from widespread adoption. “One-third of the time, my fingerprint still doesn’t unlock my cellphone,” said Maro. This could be why few of the multifactor or single sign-on vendors currently offer support for smartphone fingerprint readers. Part of the problem was that both Android and iOS didn’t have very robust application programming interfaces to support their readers until relatively recently, but the rollout has still been slow.

And facial recognition software is still not very accurate: Google’s software, for example, frequently misidentifies dogs as horses and kangaroos. “I’ve personally had a photo of Patrick Stewart autotagged as me on a friend’s Facebook stream once,” said Maro. While this may not seem so egregious at first glance, it’s a microcosm of the larger problems related to biometric authentication.

Still, the MasterCard selfie experiment in multifactor authentication is worth following when it is introduced this fall. Should this method of biometric authentication take off, it could soon be implemented at other institutions for security involving customers and employees alike.

To learn more about how organizations can move beyond usernames and passwords to achieve more modern, secure authentication, watch the on-demand webinar from IBM and Kuppinger Cole,  titled, “Beyond Usernames and Passwords: 3 steps to Modern Authentication.”

More from Identity & Access

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website GTAForums.com. Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…