MWC: Wi-Fi hack test shows ‘reckless’ behavior; MasterCard to expand ‘Selfie Pay’

After a Wi-Fi hack experiment, Avast called Mobile World Congress attendees' behavior 'reckless;' MasterCard announced plans to expand its pay-by-selfie program.

anonymous selfie
Credit: Kaique Rocha

Here are a couple of news tidbit from Mobile World Congress that caught my eye.

Wi-Fi hack experiment highlighted “reckless” actions by MWC attendees

It’s likely that many people flooding into the Barcelona Airport over the weekend were headed for Mobile World Congress – a destination which should be filled with people who are smart and knowledgeable regarding mobile devices, but Avast Software called some attendees’ behavior “reckless.”

Avast conducted a Wi-Fi hack experiment at the airport, setting up Wi-Fi networks with names such as “Starbucks”, “Airport_Free_Wifi_AENA“ and “MWC Free WiFi”; four hours, eight million data packets and 2,000 users later, Avast concluded that “trade show visitors threw caution to the wind when looking for a public Wi-Fi connection.”

+ MORE FROM MWC: See all the news from the mobile conference +

While people may know open Wi-Fi is anything but secure, they leave their device settings to automatically connect to wireless networks. Avast could see the identity of the device and the user for 63.5% of the people who unwittingly participated in the experiment; 50.1% used an Apple device, 43.3% had an Android device, and 6.5% used a Windows Phone.

Some of the other data gleaned by researchers from the Wi-Fi hack included that nearly 62% of folks used Google for searches or to check Gmail, 52% had the Facebook app installed, and 1% used dating apps.

MasterCard to expand ‘Selfie Pay’

Also at MWC, MasterCard announced its plan to push out its ‘pay-by-selfie’ facial recognition program to 15 countries this summer, including the US, UK, Canada, Netherlands, Belgium, Spain, Italy, France, Germany, Switzerland, Norway, Sweden, Finland and Denmark.

The credit card company allows users to authenticate using biometrics via an app on their phone, tablet or PC. Users still input their credit card info for online purchases, but if an authentication check is required, then consumers can use a phone’s fingerprint sensor or snap a selfie. Selfies require the user to look and blink at the camera to prove it’s a living-breathing person and not just some thug holding up a photo.

92% of the people who participated in MasterCard’s “Selfie Pay” pilot program preferred it to using passwords, MasterCard told the BBC. People “hate passwords,” said Ajay Bhalla, MasterCard’s chief of security solutions. "In the modern world everyone has a mobile phone and there is internet connectivity everywhere. So, we should be able to use biometrics [instead] to authenticate ourselves."

But those are not the only biometric solutions MasterCard is considering to eliminate fraud. The company told the Financial Times it is also testing voice and iris scanning, as well as investing in using smartphones and connected wearables to measure the consumer’s heartbeat to authenticate credit card transactions.

The point of these programs are to “stamp out false declines.” You know the drill; you buy something online only for the purchase to be declined because it is somehow suspicious and flagged as potentially being fraud. MasterCard told FT that it spends $118 billion annually on false declines – 13 times the total amount lost to actual credit card fraud. One out of six consumers experience transactions which are falsely declined due to suspected fraud.

Bhalla said, “Nobody likes being falsely accused of something, but that’s what it feels like when a transaction is falsely declined. As criminals have become smarter, efforts to prevent fraud have resulted in an increase in genuine transactions being declined.”

Whether or not you jump on the biometric bandwagon to authenticate yourself for MasterCard purchases is up to you.

Cybersecurity market research: Top 15 statistics for 2017