We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
MSE News: Mastercard to verify payments by selfies or fingerprint scans...
Comments
-
With my bank app, the app itself is authorised with a password and SMS code, and then my identity to the app is confirmed using the devices own fingerprint ID authentication system. So while the bank lets me log in with a fingerprint, they don't actually hold or verify my Biometrics themselves.
I wonder if this will be a similar system, either MasterCard issue their own app, or preferably adding a push notification feature to existing banking apps by the card issuers. I'm all for the latter, it's a much more secure system than '3 digits on the back of the card'.
I don't think they'll really be allowing selfies though. What they probably mean is allowing FaceID, which features dual camera and depth sensing to confirm the device is in front of an actual human face (and the right one at that) rather than a photo. Right now that's only the iPhone X, but will no doubt be 'flavour of the year' for next generations handsets.
If you're using a Mastercard, it's probably a credit card, and the Verified scheme doesn't even ask for any info like 3 digits now sometimes anyway. It mainly Visa that ask for name, DOB, 3 digits etc.0 -
Verified by Visa hasn’t asked me for any details for about five years.If you're using a Mastercard, it's probably a credit card, and the Verified scheme doesn't even ask for any info like 3 digits now sometimes anyway. It mainly Visa that ask for name, DOB, 3 digits etc.I came into this world with nothing and I've got most of it left.0 -
Shakin_Steve wrote: »Verified by Visa hasn’t asked me for any details for about five years.
Verified by Visa asked me 4 out of 5 times last week.
Mastercard 0 out of 2.0 -
If you're using a Mastercard, it's probably a credit card, and the Verified scheme doesn't even ask for any info like 3 digits now sometimes anyway. It mainly Visa that ask for name, DOB, 3 digits etc.
True, It used to ask for 3 random characters from my password, but I've not had it do that for years. I was meaning more the retailer asking for the 3 digits on the back as 'proof' you have the card in your possession (rather than an image or impression)3.6 kW PV in the Midlands - 9x Sharp 400W black panels - 6x facing SE and 3x facing SW, Solaredge Optimisers and Inverter. 400W Derril Water (one day). Octopus Flux0 -
Isn't MSE supposed to be a consumer champion, not repeating outright lies like this one:
"The rules on this aim to ensure that consumers will be better protected when they buy online or use online banking."
It doesn't take much thought to recognise that as something that this can't possibly deliver and never has been intended to deliver.
1. "they buy online or use online banking". "they" refers to the authorised user of the account.
2. "better protected". How? "They" are the authorised user of the account and don't need to be protected from themselves. *
It isn't the authorised user being protected when they do those things. It's the payment firm seeking greater protection in case it is someone other than the authorised user.
*aside from incapacity situations that can already be handled.0 -
True, It used to ask for 3 random characters from my password, but I've not had it do that for years. I was meaning more the retailer asking for the 3 digits on the back as 'proof' you have the card in your possession (rather than an image or impression)
For over the phone? Even sending OTP or SMS isn't always good, because if you have no signal, you won't receive the code.
It works fine as it is, I don't know why they want to introduce these measures which are clearly unpopular.0 -
It seems you can whitelist organisations to bypass all of this nonsense. I imagine the whitelisting option will be built into most company's 'register a card' process.
https://stripe.com/guides/strong-customer-authentication0 -
For over the phone? Even sending OTP or SMS isn't always good, because if you have no signal, you won't receive the code.
It works fine as it is, I don't know why they want to introduce these measures which are clearly unpopular.
I'm not sure I see what your reply has to do with what you quoted. In that post I was just talking about the CVV digits on the back of the card that everyone asks for with a 'cardholder not present' transaction.
But yes, with any type of 'push' authentication method, be it SMS, Email, Google Cloud messaging or whatever Apple has, there is always the fall-back to more traditional methods such as entering a password (or part of one) if you don't have the device to hand. It's always optional too (since not everyone will have a suitable device or the desire to use it).
Personally, I would have no problem unlocking my phone and acknowledging a notification to confirm that, yes, the person making a transaction on my card is really me (IF that's how they do it).
I know I'm protected if someone gets my card details through a breech, but dealing with it is still something I'd rather not have to waste my time dealing with, if there's a chance I can get alerted the first time an unauthorised transaction has made. Of course it won't be perfect, but it doesn't have to be, it just has to be better.
And by what metric is it 'clearly' unpopular?3.6 kW PV in the Midlands - 9x Sharp 400W black panels - 6x facing SE and 3x facing SW, Solaredge Optimisers and Inverter. 400W Derril Water (one day). Octopus Flux0 -
Sure, I want a log of my fingerprints and photos online that people can access at any time right.
Well, that clearly won't be happening, it will be secure offline storage, like via a phone app that will prompt for authentication, like android / apple pay payments both online and face 2 face terminals
Essentially. Its no different to. What some banks are doing now for bank transfer paymebts, they will prompt via their mobile apps for you to sign in to verify the payment.0 -
For over the phone? Even sending OTP or SMS isn't always good, because if you have no signal, you won't receive the code.
It works fine as it is, I don't know why they want to introduce these measures which are clearly unpopular.
Just the same way as android / apple pay works for transactions where you have no signal, its built in that they pre generate a certain amount of authorisation tokens whenever you're online for this exact purpose.
You'll just open the app, authorise with your fingerprint etc and then give the phone monkey the code that gets displayed.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.6K Banking & Borrowing
- 253.3K Reduce Debt & Boost Income
- 453.9K Spending & Discounts
- 244.5K Work, Benefits & Business
- 599.8K Mortgages, Homes & Bills
- 177.2K Life & Family
- 258.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards