Yesterday, Mastercard announced that over the next few months it will roll out technology (via banks in the United States, Canada, the United Kingdom, and select other regions in Europe) that will allow customers to use selfies or fingerprints to authenticate and approve their online purchases.

Ajay Bhalla, President of Enterprise Security Solutions at MasterCard, stated that the credit card company believes that since many customers do not choose adequately strong passwords, using selfie and fingerprint technology for authenticating purchases will improve security over the use of passwords. Bhalla predicted that the selfie and fingerprint authentication will become common worldwide within five years.

To authenticate using a selfie, a customer installs a special MasterCard app that photographs him or her every time that he or she makes a purchase; MasterCard then compares the image to a known image of the authorized user. The fingerprint authentication works similarly.

Whether the technology is hacker proof remains to be seen - but there are certainly issues to discuss:

To prevent people from fraudulently authenticating other people's purchases by using photographs of authorized users, the MasterCard system requires that users blink during the process of authenticating; while such a requirement certainly makes committing fraud by using static photos more difficult, for a large number of users it is not hard to find videos of them online - which, in many cases, show them blinking at least once. Likewise, a criminal putting his or her face behind a photo-mask with the eyes cut out, or a series of photographs with eyes Photoshopped to simulate blinking, might be issues as well. If either technique works - one can be sure that criminals will find a way to perfect it and automate its application.

Furthermore, we know that malware already exists that records people surreptitiously. Malware on a device that also has the MasterCard app, or even on a device belonging to a MasterCard customer who does not have the app but who qualifies to have it, could potentially prove to be problematic.

Additionally, facial recognition software is far from perfect; hopefully, MasterCard's system always "fails to deny" - that is, it is programmed to deny legitimate users' authentication attempts in cases of any uncertainty, rather than to fail to allow, that is, let unauthorized users may purchases - but only time will tell for sure.

While I am sure that MasterCard has thought of these risks, future refinement by criminals of the techniques described above, as well as of others, could create serious issues.

I expect, therefore, that MasterCard will continuously improve its authentication technology - perhaps, in the not so distant future, adding other biometric checks such as voice-printing (something that HSBC announced last week it would start rolling out to its customers as a mechanism for authentication), heartbeat checks, iris scans, or other measures that become possible with improved smartphone technology.

Another concern, of course, is that MasterCard will ostensibly be storing many people's likenesses and fingerprints - creating a database that criminals will certainly be seeking to steal; hopefully, we won't hear of breaches.

In any case, in terms of the current MasterCard offering, one must also consider what alternatives exist. Authenticating using a password? We've seen how poorly many people select passwords, so perhaps the risks of the new approach are still a dramatic improvement over the reality of today's situation. (For advice on how to select a strong password that is easy to remember please see the article: How To Create Strong Passwords That You Can Easily Remember.)

Of course, there may be another reason that MasterCard may want people to take selfies when making purchases: It may reduce the number of attempts made by customers to get out of paying for purchases with claims that someone else used the card without authorization.

As far as fingerprints go - I have serious concerns. Intercepted fingerprints cannot be reset, and, they are not secret - if someone steals a smartphone he or she is likely to find the authuser's fingerprints all over the device. While later generation fingerprint scanners may be sophisticated enough to prevent easy unlocking with lifted prints, some smartphone fingerprint readers have been tricked with such techniques. There are other issues as well as I described last year in this article in Forbes.

Time will tell, but, for now, get ready to see people paying for purchases by smiling.