Feeds

PayPal's fizzog-based payments app rubbished over reliability worries

'What if the shop assistant's an idiot?' asks security bod

Security for virtualized datacentres

Shop assistants may be too thick to guarantee the security of Paypal's new real-world payment system, a leading security bod has cautioned.

PayPal is currently trialling a new system that allows shoppers in the London suburb of Richmond to pay for stuff using their ugly mugs.

Customers can pay for goods using their pocket fondleslab, as long as a shop assistant verifies their identity from a photograph.

But Andy Kemshall, co-founder and technical director of two-step authentication specialists SecurEnvoy, warned that the system could be fallible.

He said: "Using face recognition to authenticate quick and convenient payments in shops and cafes seems ideal in our ever-busy lives. However I have serious doubts about the security of this method.

"The completion of the transaction relies on the shop assistant verifying the customer’s face – certainly a risky method of authentication that could easily be subject to human error, be it accidental or deliberate. Using mobile phones to authenticate processes such as payments is the way forward. However, face recognition technology, as it stands, is nowhere near sophisticated enough to act as a reliable method."

Kemshall said that security systems needed to be "99.9 per cent perfect, at the very least" and claimed that biometrics did not yet offer this level of reliability.

He added: "Using manual face recognition, in the way exhibited by Paypal to authenticate payment in store, is a clear case of running before you can walk.”

Some 12 shops in the Richmond area are trialling the system, but PayPal hopes to roll the new system out to 2,000 shops by the end of 2013.

Rob Harper, head of retail services at PayPal, said: "This is another step on the journey towards a wallet-less high street, where customers will be able to leave their wallet or purse at home and pay using their phone or tablet. We predict that by 2016 this will become a reality." ®

Beginner's guide to SSL certificates

More from The Register

next story
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.