Samsung's new flagship smartphones, the Galaxy S8 and S8+, feature up to five user authentication methods: face recognition, fingerprint, iris, PIN, and pattern. However, only two of them – fingerprint and iris recognition – are being used by Samsung for authenticating Samsung Pay transactions, and there's a good reason for it. Facial recognition is not secure enough as per experts, and Samsung admits the fact.
The South Korean smartphone giant says that facial recognition is only meant to be used as a quick way to unlock the smartphone and it has a lower security level compared to fingerprint and iris recognition methods, so it's not secure enough for mobile payments yet. This technology first debuted on the Galaxy Nexus (made by Samsung) four years ago, and it was found that it can easily be fooled using an image of a photograph of the user.
“We do not need to use facial recognition for mobile financial transactions because there are already high-level biometric technologies such as iris and fingerprint recognition. The question that when it will be used is meaningless,” a Samsung spokesperson said to The Investor. However, security experts and industry insiders think that companies will gradually move to facial and voice recognition in coming years due to their convenience and universality.
“Facial and voice recognition will also be mainstream in the future alongside iris and fingerprint. But, it needs more than four to five years for facial recognition to be solely used for financial transactions. For the time being, they will be used as additional certification methods,” Jin Seung-heon, a chief of Electronics and Telecommunications Research Institute’s information protection research unit.
