Selfie. Image courtesy of 360b/Shutterstock.
Naked Security Naked Security

Forget tap-and-pay, just snap-and-pay with your selfies!

Chinese e-commerce megabrand Alibaba wants to use selfies for payment processing.

Selfie. Image courtesy of 360b/Shutterstock.Chinese e-commerce megabrand Alibaba wants to use selfies for payment processing.

At this year’s CeBIT show, Jack Ma, the founder and executive chairman of Alibaba, debuted facial recognition technology on a mobile phone, to be used as a digital signature when making payments.

On stage at the IT show, Ma reportedly said that he’d just used it to send a gift to the mayor of the event’s host city of Hanover, Germany.

Big tech players are already jousting on this mobile phone-enabled, contactless transaction playing field, including Apple with Apple Pay and Google with Google Wallet, both of which use tap-and-pay fueled by Near Field Communication (NFC).

In fact, the total NFC market has been projected to reach $16.25 billion (about £11 billion) by 2022.

Alibaba’s alternative approach on the evolving industry: snap and play.

That could well influence the evolution of mobile phone-enabled payment. After all, Alibaba controls the market in China, which has a population of more than 1.3 billion.

With that size, it’s got sway.

And as VR-Zone reports, Alibaba might not be a household brand overseas yet, but it’s got plans.

There are reports that Ma plans to spring onto the world stage to become a globally recognized brand, much like Wal-Mart, IBM and Microsoft.

Ma left the stage without taking questions, and Alibaba hadn’t provided details as of Tuesday afternoon.

Once Alibaba does get around to answering questions and providing details, it would be nice to find out how it plans to deal with well-known techniques to fool facial recognition.

Google, for example, in June 2013 filed a patent for a technique to unlock your computing devices by grimacing to prove you’re alive, as opposed to being a photo being held up by, say, a phone thief.

Or by a little brother. Or, well, by anyone.

The patent was one of Google’s multiple attempts to remedy the easily tricked Face Unlock feature introduced in the Ice Cream Sandwich version of Android, which was initially hacked by holding up a photo to the phone.

Google responded by introducing a technique called “Liveness Check” in Android 4.1 Jelly Bean that required users to blink to prove they were alive and not just a photo.

But even that improvement on facial recognition was easy to trick.

Researchers using the most basic of photo editing tools managed to fool Liveness Check with just a few minutes of editing, animating photos to make them look like subjects were fluttering their eyelashes.

For its part, Google has never tried to tell users that facial recognition makes for the best security. Rather, it’s always labeled the option “low-security” and “experimental”; the accepted wisdom is that a PIN is a safer way to go.

It would be nice to hear if and how Alibaba plans to avoid the facial recognition security pitfalls we’ve seen so far.

Who knows? Perhaps it’s more a matter of convenience rather than increased security.

Is Alibaba’s facial recognition being developed with an eye toward addressing existing, well-known problems with easily hacked facial recognition?

As long as consumers have a heads-up, they can make informed decisions on where to show their faces and what, exactly, that means for privacy and security when it comes to the payment systems they enable on their phones.

Image of selfie courtesy of Shutterstock.