I read in a news snippet on various sites (cnn for one), that one of the large credit card companies wants to implement some sort of authentication whereby credit card transactions are authenticated bio -metrically with a selfie.
I would assume that since each selfie is unique, time-stamped and geo-tagged, defeating this mechanism is fairly challenging.
What would the privacy issues (and concerns) be?
For many people, obtaining a selfie would be very easy. Using social media, many people upload tons of selfies of which if a criminal wanted, they would just download it. Editing a photo's time-stamp and geotag is very easy to do. This idea of using a selfie is absurd! If you want to be secure, combine it with other methods such as a secure password, pin, 2 factor authorization, and a series of questions which the user sets answer to at the time they setup their account.
Actually defeating this mechanism is quite easy. You can fake the footprint of the image in any way you want, same with times tamps, and geo tags, and still get it recognized by the software on the other end.
This will also never pass because I can lend my card to someone to use. In fact there are many other physical reasons this will never happen.
The privacy concerns here though are pretty extreme. This allows them to track where you are, what you are doing, what you look like, who you are with, what you are using the money for, and more personal things as well that you are allowed to keep private. If you don't understand why this is such a concern lets look at it from someone else's point of view.
It now allows them to track where I am if I'm in one of these pictures. Who I'm with if I'm in one of these pictures. What I'm doing in one of these pictures. It doesn't just get a picture of the person, it also gets a picture of every person around them. This is a massive breach of my privacy.
This is paramount to the credit card company saying "Take a picture of the place around you, the people around you, the things around you, and you to verify you are you." At this point the credit card company is remotely collecting data about my life through you, and breaching my privacy.
