The Times Australia
The Times World News

.

why Mastercard's new face recognition payment system raises concerns

  • Written by Rita Matulionyte, Senior Lecturer in Law, Macquarie University
why Mastercard's new face recognition payment system raises concerns

Mastercard’s “smile to pay”[1] system, announced last week, is supposed to save time for customers at checkouts. It is being trialled in Brazil, with future pilots planned for the Middle East and Asia.

The company argues touch-less technology will help speed up transaction times, shorten lines in shops, heighten security and improve hygiene in businesses. But it raises concerns relating to customer privacy, data storage, crime risk and bias.

How will it work?

Mastercard’s biometric checkout system will provide customers facial recognition-based payments, by linking the biometric authentication systems of a number of third-party companies with Mastercard’s own payment systems.

A Mastercard spokesperson told The Conversation it had already partnered with NEC, Payface, Aurus, Fujitsu Limited, PopID and PayByFace, with more providers to be named.

The 'Fujitsu' logo in red is displayed on a building's side
Mastercard has partnered with Fujitsu, a massive information and communications technology firm offering many different products and services. Shutterstock

They said “providers need to go through independent laboratory certification against the program criteria to be considered” – but details of these criteria aren’t yet publicly available.

According to media[2] reports, customers will have to install an app which will take their picture and payment information. This information will be saved and stored on the third-party provider’s servers.

At the checkout, the customer’s face will be matched with the stored data. And once their identity is verified, funds will be deducted automatically. The “wave” option is a bit of a trick: as the customer watches the camera while waving, the camera still scans their face – not their hand.

Similar authentication technologies are used on smartphones (face ID) and in many airports around the world, including “smartgates[3]” in Australia.

China[4] started using biometrics-based checkout technology back in 2017. But Mastercard is among the first to launch such a system in Western markets – competing with the “pay with your palm” system[5] used at cashier-less Amazon Go and Whole Foods brick and mortars in the United States.

Read more: AI facial analysis is scientifically questionable. Should we be using it for border control?[6]

What we don’t know

Much about the precise functioning of Mastercard’s system isn’t clear. How accurate will the facial recognition be? Who will have access to the databases of biometric data?

A Mastercard spokesperson told The Conversation customers’ data would be stored with the relevant biometric service provider in encrypted form, and removed when the customer “indicates they want to end their enrolment”. But how will the removal of data be enforced if Mastercard itself can’t access it?

Obviously, privacy protection is a major concern, especially when there are many potential third-party providers involved.

On the bright side, Mastercard’s customers[7] will have a choice as to whether or not they use the biometrics checkout system. However, it will be at retailers’ discretion whether they offer it, or whether they offer it exclusively as the only payment option.

Similar face-recognition technologies used in airports, and by police[8], often offer no choice.

We can assume Mastercard and the biometrics provider with whom they partner will require customer consent, as per most privacy laws. But will customers know what they are consenting to?

Ultimately, the biometric service providers Mastercard teams up with will decide how they use the data, for how long, where they store it, and who can access it. Mastercard will merely decide what providers are “good enough” to be accepted as partners, and the minimum standards they must adhere to.

Customers who want the convenience of this checkout service will have to consent to all the related data and privacy terms. And as reports have noted, there is potential for Mastercard to integrate the feature with loyalty schemes and make personalised recommendations based on purchases[9].

Read more: Fingerprint login should be a secure defence for our data, but most of us don't use it properly[10]

Accuracy is a problem

While the accuracy of face recognition technologies has previously been challenged, the current best facial authentication algorithms have an error of just 0.08%, according to tests by the National Institute of Standards and Technology[11]. In some countries, even banks have become comfortable[12] relying on it to log users into their accounts.

Yet we can’t know how accurate the technologies used in Mastercard’s biometric checkout system will be. The algorithms underpinning a technology can work almost perfectly when trailed in a lab, but perform poorly[13] in real life settings, where lighting, angles and other parameters are varied.

Bias is another problem

In a 2019 study, NIST found[14] that out of 189 facial recognition algorithms, the majority were biased. Specifically, they were less accurate on people from racial and ethnic minorities.

Even if the technology has improved in the past few years, it’s not foolproof. And we don’t know the extent to which Mastercard’s system has overcome this challenge.

If the software fails to recognise a customer at the check out, they might end up disappointed, or even become irate – which would completely undo any promise of speed or convenience.

But if the technology misidentifies a person (for instance, John is recognised as Peter – or twins are confused[15] for each other), then money could be taken from the wrong person’s account. How would such a situation be dealt with?

There’s no evidence facial recognition technology is infallible. These systems can misidentify and also have biases. Shutterstock

Is the technology secure?

We often hear about software and databases being hacked, even in cases of[16] supposedly very “secure” organisations. Despite Mastercard’s efforts[17] to ensure security, there’s no guarantee the third-party providers’ databases – with potentially millions of people’s biometric data – won’t be hacked.

In the wrong hands, this data could lead to identity theft[18], which is one of the fastest growing types of crime, and financial fraud.

Do we want it?

Mastercard suggests 74% of customers are in favour of using such technology, referencing a stat from its own study[19] – also used by business partner[20] Idemia (a company that sells biometric identification products).

But the report cited is vague and brief. Other studies show entirely different results. For example, this study[21] suggests 69% of customers aren’t comfortable with face recognition tech being used in retail settings. And this one[22] shows only 16% trust such tech.

Also, if consumers knew the risks the technology poses, the number of those willing to use it might drop even lower.

References

  1. ^ “smile to pay” (www.mastercard.com)
  2. ^ media (www.siliconrepublic.com)
  3. ^ smartgates (www.abf.gov.au)
  4. ^ China (www.theverge.com)
  5. ^ system (techcrunch.com)
  6. ^ AI facial analysis is scientifically questionable. Should we be using it for border control? (theconversation.com)
  7. ^ customers (www.investopedia.com)
  8. ^ by police (www.brookings.edu)
  9. ^ based on purchases (www.cnbc.com)
  10. ^ Fingerprint login should be a secure defence for our data, but most of us don't use it properly (theconversation.com)
  11. ^ National Institute of Standards and Technology (github.com)
  12. ^ become comfortable (techhq.com)
  13. ^ poorly (www.csis.org)
  14. ^ found (nvlpubs.nist.gov)
  15. ^ twins are confused (www.youtube.com)
  16. ^ cases of (www.csoonline.com)
  17. ^ efforts (wwmastw.cnbc.com)
  18. ^ identity theft (www.comparitech.com)
  19. ^ own study (www.mastercard.com)
  20. ^ business partner (www.mastercard.com)
  21. ^ this study (www.getapp.com)
  22. ^ this one (www.securitymagazine.com)

Read more https://theconversation.com/pay-with-a-smile-or-a-wave-why-mastercards-new-face-recognition-payment-system-raises-concerns-183447

Times Magazine

Headless CMS in Digital Twins and 3D Product Experiences

Image by freepik As the metaverse becomes more advanced and accessible, it's clear that multiple sectors will use digital twins and 3D product experiences to visualize, connect, and streamline efforts better. A digital twin is a virtual replica of ...

The Decline of Hyper-Casual: How Mid-Core Mobile Games Took Over in 2025

In recent years, the mobile gaming landscape has undergone a significant transformation, with mid-core mobile games emerging as the dominant force in app stores by 2025. This shift is underpinned by changing user habits and evolving monetization tr...

Understanding ITIL 4 and PRINCE2 Project Management Synergy

Key Highlights ITIL 4 focuses on IT service management, emphasising continual improvement and value creation through modern digital transformation approaches. PRINCE2 project management supports systematic planning and execution of projects wit...

What AI Adoption Means for the Future of Workplace Risk Management

Image by freepik As industrial operations become more complex and fast-paced, the risks faced by workers and employers alike continue to grow. Traditional safety models—reliant on manual oversight, reactive investigations, and standardised checklist...

From Beach Bops to Alpine Anthems: Your Sonos Survival Guide for a Long Weekend Escape

Alright, fellow adventurers and relaxation enthusiasts! So, you've packed your bags, charged your devices, and mentally prepared for that glorious King's Birthday long weekend. But hold on, are you really ready? Because a true long weekend warrior kn...

Effective Commercial Pest Control Solutions for a Safer Workplace

Keeping a workplace clean, safe, and free from pests is essential for maintaining productivity, protecting employee health, and upholding a company's reputation. Pests pose health risks, can cause structural damage, and can lead to serious legal an...

The Times Features

The Role of Your GP in Creating a Chronic Disease Management Plan That Works

Living with a long-term condition, whether that is diabetes, asthma, arthritis or heart disease, means making hundreds of small decisions every day. You plan your diet against m...

Troubleshooting Flickering Lights: A Comprehensive Guide for Homeowners

Image by rawpixel.com on Freepik Effectively addressing flickering lights in your home is more than just a matter of convenience; it's a pivotal aspect of both home safety and en...

My shins hurt after running. Could it be shin splints?

If you’ve started running for the first time, started again after a break, or your workout is more intense, you might have felt it. A dull, nagging ache down your shins after...

Metal Roof Replacement Cost Per Square Metre in 2025: A Comprehensive Guide for Australian Homeowners

In recent years, the trend of installing metal roofs has surged across Australia. With their reputation for being both robust and visually appealing, it's easy to understand thei...

Why You’re Always Adjusting Your Bra — and What to Do Instead

Image by freepik It starts with a gentle tug, then a subtle shift, and before you know it, you're adjusting your bra again — in the middle of work, at dinner, even on the couch. I...

How to Tell If Your Eyes Are Working Harder Than They Should Be

Image by freepik Most of us take our vision for granted—until it starts to let us down. Whether it's squinting at your phone, rubbing your eyes at the end of the day, or feeling ...