Mastercard’s New Biometric Technology Raises Potential Security Risks - COREDO

Mastercard’s New Biometric Technology Raises Potential Security Risks


Mastercard’s new biometric programme called “wave to pay” uses gestures for identification, however, analysts raised concerns on potential security risk.

With an attempt to break-in the biometrics industry, Mastercard Inc., a multinational financial services corporation and a global pioneer in payment innovation and technology, has recently piloted its new biometric initiative called ‘wave to pay’ which allows consumers to pay or transact with just a smile or a wave of the hand.

This new biometric technology utilizes gestures and body languages to administer verification processes.

Up until now, current biometric technologies, such as face recognition technology, have long been controversial and have grappled to acquire extensive usage across the Fintech industry. Despite this, Mastercard announced that it was advancing with its new biometric program to cope with the fast-changing Fintech industry and keep pace with its market competitors.

The payment giant claimed that the ‘wave to pay’ technology would be able to accelerate payment transactions, reduce waiting time, and service with better security measures that a normal debit or credit card.

Based on the recent reports released by Mastercard, once consumers are enrolled under the ‘wave to pay’ programme, there would be no need to slow down customer queueing as retailers can simply smile or wave to the camera to successfully pay and transact, eliminating unnecessary searching though bags for their cards.

Mastercard also tried to capitalize on health concerns coming from Covid surges, pointing out that with its new biometric system, transaction would touch-free and sanitary.

However, industry experts have long been raising privacy concerns, highlighting potential security risks related to data storage and surveillance. In spite of this, Mastercard specified that there are multiple researches indicating that 74 percent of consumers worldwide shows affirmative behaviour towards biometric systems.


With the recent launch of Mastercard’s ‘wave to pay’ biometric system, various discussions about security issues for retailers have been reopened. Many industry experts became skeptical and showed scrutiny towards further expansion of biometric technologies for verification purposes even though consumers are uncomfortable with data on their physical appearances are being utilized in such way.

Mastercard’s New Biometric Technology Raises Potential Security RisksOne good example of this is the recent expression of vigorous dissent from the artists of the Red Rocks Amphitheater, in which hacking issues and improper surveillance were raised as the two main reasons why the artists do not subscribe with biometric mechanisms. This skepticism from the artists became the reason for the theater to drop its Amazon palm scanning system.

Recently, Suzie Mile from Ashfords LPP, a law firm from the United Kingdom providing legal and professional service, said in a statement that Mastercard themselves should be able to acknowledge the existence of data privacy and security concerns that biometrics brought with. She mentioned that risks of security and privacy breach could be much higher with biometric technologies that the current payment systems we have. It would be much difficult to recover from any biometric data breach given that any gesture such as smile and wave cannot be simply changed, unlike passcodes.

There were also previous skepticism coming from the government regarding these biometric mechanisms.

Last August 2021, members of the Senate from the United States of America issued reports raising questions over transactions and security practices in place for payments via biometric solutions. Furthermore, in China, privacy concerns from the authorities recently hindered the launch and adaptation of facial recognition technologies.

Despite this, Mastercard stressed out that security measures will be in place with its new ‘wave to pay’ biometric solution. The giant company pointed out that any physical gestures and languages from the consumers that will be generated would be native to the specific devices, and that personal data would be encrypted using digital templates.


In the middle of various debates and discussions related to biometrics in general, Mastercard claimed that its ‘wave to pay’ biometric system will potentially create a payment standard that would be able to cater transaction of any size.

Mastercard also announced that its new technology will be supported in a partnership with Payface (a payment system company that uses face recognition technology), Fujitsu and NEC Corporation (both Japanese multinational information and communications technology companies).

This is to ensure that they will be able to establish technology that will provide top-notch performance, with proper privacy and security measures.

Recently, Ajay Bhalla, the president of Mastercard’s Cyber & Intelligence business and is a member of the company’s global management committee, stated that the giant payment company is attempting to accommodate what the industry demands over the broad space of payment services.

He mentioned that the company would ensure to uphold its principles in managing transactions properly, with safe methods and consent from the consumer.


Biometric solutions have been utilized in the digital banking industry from quite some time now. One of the most used and adopted biometric system in fintech is through fingerprints. With single contact and a tap of a finger in smartphones, payments are easily accessed. Transactions can be operated via that device as long as the verified customer is the one using it.

Another biometric solution currently in place is face recognition. It was first introduced by Apple way back 2016, in which the technology was incorporated in its mobile devices.

More developed face recognition technologies available for digital transaction purposes is available from various technology companies such as NEC Corporation from Japan, Payface from Brazil, and PopID from California.



    By contacting us you agree to your details being used for the purposes of processing your application in accordance with our Privacy policy.