Will Selfies Replace The Password?

Will Selfies Replace The Password?

by June 5, 2017

Did you ever try to log into one of your accounts using the few variations of passwords you generally use, yet fail because you apparently had used some other password you can’t remember anymore? You’re not alone, which is why, especially in the financial industries, biometrics are becoming more prominent solutions for account log-ins.

The Philippine’s UnionBank has recently launched EON Selfie Banking, which uses facial recognition technology in order to allow users to log-in instead of having to enter a password or pin code.

EON is a mobile deposit account that also functions as a wallet and can be used for online payments, local money transfers, or everyday shopping expenses.


Image via insideretail.ph

After buying an EON card at a 7-eleven store or ordering them on Lazada the user will download the EON Mobile App and register with a valid ID. After successful registration you can then choose to log in via Selfie instead of a password. In order to ensure that photos cannot be used during log-in the user will have to perform an action, for example blink.

According to Paolo Eugenio Baltao, senior vice president and head of business transformation at UnionBank’s transaction-banking group, they chose the Selfie instead of a fingerprint as the fingerprint sensor cannot be found on many smartphones, while all of them will have a front-facing camera.

EON’s biometric authentication tech is provided by Daon’s IdentityX platform. The company is well known, having previously helped BNP Paribas Wealth Management with a full suite of biometric authorizations including selfie, fingerprint, and voice recognition. In addition, Daon had previously provided biometric tech to Nequi, a Colombian mobile banking service, and Neon, a mobile bank in Brazil.

UnionBank’s EON thus continues an international trend in the Fintech sector that increasingly utilizes biometric technology for user authentication. HSBC and Mastercard have already added the selfie authorization in 2016, on the heels of US e-commerce giant Amazon, which had filed a two-way ‘pay by selfie’ process patent application to the US Patent and Trademark Office in early 2016. Even earlier, ABN AMRO allowed customers to sign up to an account in November 2015.

Hong Kong based startup Neat, offering pre-paid debit accounts to its targeted millennial customer sector, verifies the authenticity of the user via facial recognition, just like the UK’s first digital-only lender, Atom Bank.

UnionBank Selfie Banking App

Image via eonbankph.com

Security Concern

Vice president of enterprise security at financial services firm USAA, Tom Shaw states “In our opinion, the password is dying” but academics, like Georgetown University Professor of Law Alvaro Bedoya, argue for caution. For Bedoya passwords are private while biometrics are inherently public, saying “I do know what your ear looks like, if I meet you, and I can take a high resolution photo of it from afar… I know what your fingerprint looks like if we have a drink and you leave your fingerprints on the pint glass.”

In contract to a password, once your biometric data such as your fingerprint is compromised, you cannot just get a new one. It is thus probably no coincidence that McAfee’s research team found an improved version of the Android banking Trojan called Acecard (aka Torec) in early 2016, which asks the user for as selfie and identity documents, in addition to the credit card information.