Actually defeating this mechanism is quite easy. You can fake the footprint of the image in any way you want, same with times tamps, and geo tags, and still get it recognized by the software on the other end.
This will also never pass because I can lend my card to someone to use. In fact there are many other physical reasons this will never happen.
The privacy concerns here though are pretty extreme. This allows them to track where you are, what you are doing, what you look like, who you are with, what you are using the money for, and more personal things as well that you are allowed to keep private. If you don't understand why this is such a concern lets look at it from someone else's point of view.
It now allows them to track where I am if I'm in one of these pictures. Who I'm with if I'm in one of these pictures. What I'm doing in one of these pictures. It doesn't just get a picture of the person, it also gets a picture of every person around them. This is a massive breach of my privacy.
This is paramount to the credit card company saying "Take a picture of the place around you, the people around you, the things around you, and you to verify you are you." At this point the credit card company is remotely collecting data about my life through you, and breaching my privacy.