Paying with your face: what will convince consumers to use facial recognition payment technology? - eviltoast
  • EndOfLine@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    1
    ·
    2 months ago

    Have they solved the racial bias issues that has plagued facial recognition systems?

  • tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    2 months ago

    That sounds like an absolutely horrible idea.

    • Biometrics are non-revocable. It gets compromised, you can’t change your face. Well, not easily.

    • Your face is not a secret. You plaster it everywhere all day long, unless you’re gonna wear a mask. Anyone armed with a smartphone can steal your facial biometricd. Any camera you walk by is grabbing them.

    • Cameras and the systems feeding them on consumer systems are not trusted hardware. I can feed synthesized video to you. That’s before even making a physical face they looks like someone else.

    Give me a little hardware device, like a scaled down smartphone, with a trusted display (so I can trust what I see on the thing, instead of what some point-of-sale system is saying) and keypad with PIN and contacts that can interface with my phone or computer or PoS system (because wireless authorization of financial transactions is also not great). Maybe even put a fingerprint scanner on it (not that a fingerprint is great, also a non-revocable biometric plastered all over, but it makes swiping someone’s token after viewing their PIN harder). Someone submits a transaction to the thing, it displays the information to me, I authenticate myself to the device, it cryptographically signs my approval, done.

    I don’t want my keystore on my phone or computer, because they are big and complicated and I don’t want a lot of routes into the device. I want to have a trusted piece of hardware holding my auth keys that works with all of my phone, computer, and point-of-sale systems.

    Why do payment systems determinedly persist in insecure approaches?

    The original credit card – a number printed on the card – was terrible from a security standpoint, but at least they had the excuse of technological limitations of the time. Adding a CCV number that retailers aren’t supposed to retain was a marginal improvement.

    The magstrip is pretty much equivalent.

    The smartcard was an improvement – you aren’t copying your authentication data to every person you do a transaction with, letting them swipe it, but still didn’t have a trusted display. And there was no little to rollout to let consumers do smartcard stuff on computers for online purchases.

    Tap-to-pay is a downgrade from a security standpoint, since it’s easier to bump someone and authenticate as them using a tap-to-pay card in a pocket.

    Apple or Google Wallets come with the downside of having a lot of untrusted, complicated hardware and software in the loop.

  • Juice@midwest.social
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 months ago

    Looking forward to this dystopian technology being pushed out to all retailers and then never working so I still have to swipe my card anyway

    • Ada@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 months ago

      That’s not how it will fail. It will fail because it charges you for things you didn’t intend to purchase

  • Praise Idleness@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 months ago

    A big local tech corp is trying to push facial recognition payment at my university campus. Turns out all people needed was a cup of free coffee. I’m serious.

    • 200ok@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 months ago

      Ugh, I remember the lineup of kids willing to sign away their credit scores up for a credit card to get the free advertisement “swag” T-shirts, pens, and frisbees