PINDROP BLOG

Amazon Plans Move to Facial Recognition for Purchases

Amazon is planning to join a growing list of major companies that are working to make facial recognition the authentication method of choice. The retailer has filed a patent claim for a method it hopes will enable customers to complete purchases using their faces rather than passwords.

The Amazon application shows that the company is working on a system that allows users to capture photos of themselves on their phones or computers and then let Amazon use that as the basis for authentication for transactions. The method specifies that the user will need to perform some actions, such as blinking or moving her head, during the authentication process in order to establish that it’s a person in front of the camera, and not a photo being held up.

“A transaction is authorized using an authentication process that prompts the user to perform an action in view of a camera or sensor. The process identifies the user and verifies that the user requesting the transaction is a living human being. The user is identified using image information which is processed utilizing facial recognition,” the application says.

“The device verifies that the image information corresponds to a living human using one or more human-verification processes. The device prompts the user to perform an action to confirm the transaction, and causes the transaction to be performed after verifying performance of the action by the identified user.”

“The process identifies the user and verifies that the user requesting the transaction is a living human being.”

The Amazon system is quite similar to a facial biometric that MasterCard has been testing. Both are meant to address perhaps the longest-standing problem in computer security: authentication. Even after decades of technological advancement and changes in payment systems and networks, the password still is the standard form of authentication, even for high-value transactions. Biometric technologies such as facial recognition, fingerprint sensors, and voice recognition have been in development for years, but only recently have they become accurate and fast enough to be used in everyday applications.

Amazon has a particular interest in addressing this problem, as the company processes thousands of transactions a day. Many of those purchases are performed on mobile devices, through an app or on sites in which users employ passwords that might have been saved on their phone or in a form.

“As a compromise some users utilize short and simple passwords, but these passwords can be easily hacked by an unscrupulous user or application. Certain approaches attempt to improve security by adding biometric identification,” the application says.

“For example, a computing device might capture an image of a user and analyze that image to attempt to recognize the user using facial recognition software. Such a process provides only a certain level of additional protection, however, as the facial recognition process can often be spoofed by holding a picture of the user in front of the camera, as the resulting two-dimensional image can look substantially the same whether taken of the user or a picture of the user.”

Right now, users of the Amazon app on recent iPhones can use the device’s fingerprint sensor to authenticate themselves for purchases.

Image from Flickr stream of Sheila Scarborough

 

Webinar: Call Center Fraud Vectors & Fraudsters Defeated