Gone may be the days of carrying out your online shopping with lengthy steps and processes just to check-out. Amazon, the online retail giant who brought one-click ordering to their site has recently filed a patent application for a process that would allow shoppers to use photos or videos of the shopper’s face as a way to approve their online purchases, rather than keying in their account password.
The U.S. patent application awarded for “image analysis technology for user authentication” was filed by the Seattle-based e-commerce giant on 19th October 2015 but has only been published this 10th March 2016. The patent application was first spotted by Re/Code concerning a payment method using selfies which suggests a form of technology which could be used on a number of devices, including desktops, laptops, phones and tablets.
The process requires users to face a camera or sensor which can tell the user’s identity and that he or she is alive. The system described in the patent uses biometric facial recognition software to confirm that the user is in fact a real, three-dimensional person and not a photo who is eligible to make the transaction by using one or more “human-verification” processes. These may include getting a user to perform certain actions such as blinking or smiling.
Of course Amazon were concerned with the underlying issues such as the danger of tricking the facial recognition process by simply holding a picture of the user in front of the camera, as the resulting two-dimensional image can look substantially the same whether taken of the user or a picture of the user. Hence, to prevent photos from being used to trick the system, Amazon has addressed the problem by patenting the two-step system that takes two pictures to confirm a user’s identity.
The technology which was designed with the mechanics to be able to detect the difference between an image of a living human and an image of a person in a two-dimensional photo is said to possibly employ sensors, such as thermal imaging, to detect a living being. In the two-step system; the first selfie will be used to establish the user’s identity; while the second selfie/video will “prompt the user to perform certain actions, motions, or gestures, such as to smile, blink, or tilt his or her head” to authenticate the identity of the user and ensure it is a physical person unlocking the Amazon account.
Source: U.S. Patent Application
“While many conventional approaches rely on password entry for user authentication, these passwords can be stolen or discovered by other persons who can impersonate the user for any of a variety of tasks,” the patent application reads.
Instead of having to type in lengthy codes or passwords, users could soon do away with perplexing CAPTCHA figures by simply holding out their phone and snapping a selfie to verify transactions. Amazon’s interest in creating the software is namely for security purposes, in addition to the company noting that passwords are cumbersome since “entry of these passwords on portable devices is not user friendly in many cases, as the small touchscreen or keyboard elements can be difficult to accurately select using a relatively large human finger”.
The patent hopes that the new system would replace the inconvenience of passwords, which when long are easy to forget and when short are easy to guess. As more and more shoppers are making purchases online and more tasks are undertaken on the net, selfie pay was designed to improve web security, a process believed to be far less likely to be hacked than punching in a password or pin.
According to The Daily Mail, studies indicated that one in five people have online passwords they have not changed in a decade, while almost half (47%) rely on at least one password that has not been changed for five years. This trend leaves people exposed to the ‘domino effect’, whereby if a hacker was to compromises a user’s password for one service, they are likely to be able to access all of their accounts.
“In order to avoid typing in long passwords in such situations, users often have their passwords stored on their devices or enable information to be stored elsewhere such that an activity can be performed without manually re-entering the password. When using such an approach, however, another person having access to that device can impersonate the user for any task associated with the store password.”
The e-commerce firm reiterates that users who leave shortcuts for remembering passwords, such as saving them to a device, are leaving themselves more vulnerable to hackers. Amazon argues that a two-photo selfie pay system would ease the transaction process and avoid the hassle for those users who frequently store their passwords on their devices so they do not need to constantly re-enter it for each purchase, especially when operating on a small device with a small screen and a small touch keyboard with a password filled with capital letters, numbers and symbols.
In addition to deterring hackers and thieves from accessing your Amazon accounts, it could also prevent the event of children causing havoc on their parents’ devices making in-app purchases. While kids may still have been able to complete transactions given knowledge of their parents’ passwords, with the new technology they would not be able to run amok making purchases without permissions unless they have their parents’ to authenticate the purchase.
Amazon’s application is in fact related to a separate patent for technology that Amazon holds which allows a device to authenticate a user via a photo or video. However, the initial patent was not tied to a transaction function, so it was not necessarily to complete a transaction.
As a matter of fact, this is not the first time a company has come up with the selfie pay technology. Just last year finance giant, Mastercard, had begun their trial tests for a similar selfie pay technology. The company had been conducting tests for biometric payment authentication which allows MasterCard users to pay by fingerprint or facial recognition. The company had already run a pilot scheme that enabled 500 customers to pay for items on their smartphones by taking a selfie, or alternatively using a fingerprint scanner to complete transaction. The credit card firm tested its facial recognition capabilities in the U.S. and Netherlands, with some 92% of test subjects preferring the new system over conventional passwords. CNN reports that the technology will be rolled out by big banks in the U.S., Canada, U.K. and some European countries over the next few months. Mastercard’s payment system uses facial recognition technology to verify the identity of a smartphone user and to buy something, whereby a user has to take a clear photograph of their face. This is then compared against a stored image that MasterCard has on file using facial recognition algorithms.
Other organisations jumping on the bandwagon includes the USAA, a financial services organization for U.S. military members and their families, who also started utilizing selfies as logins last year, and Chinese e-commerce giant Alibaba who is working towards letting their customers pay for purchases just by looking at a screen. Microsoft Windows 10 and Android smartphones both already allow users to unlock their phones by looking at the camera, while smart wallets such as Apple Pay, Samsung Pay and Android Pay have also enabled customers to pay for items by using the fingerprint scanner.
It seems that our selfies are no longer reserved just for GPOYWs, or for those “I-got-some-Starbucks” moments, but will soon be a useful security measure in our future of modern business.
 United States Patent and Trademark Office
 The Daily Mail
 BGR Media