Security News

The Latest Payment Method: Your Face

First it was cash, then it was credit cards and, more recently, smartphones. Now payment can be made by ... your face.

California (Pasadena) based company, PopID, has launched PopPay, a 'face-pay' service that allows PopID customers to take a selfie, upload it via the company app and link their debit or credit card to their account.

When the customer is out-and-about and needs to make a payment, they look into the camera of a PopID tablet or kiosk, wait for the server to verify the customer's identity, and the transaction goes through.

A smattering of retailers and restaurants in the Pasadena area have started accepting PopPay, including national and regional restaurant brands such as CaliBurger, Plant Power, Bojangles, Deli Time and Port of Subs.

The facial recognition service can be used in several ways: at the drive-thru, at an in-venue kiosk, via a display screen at the counter, or at your table where one of the wait-staff scans your face using a hand-held Android device. PopID accounts are also able to tie in with loyalty programs or purchase credits.

Founder and owner of PopID, John Miller, wants to see a time when the technology can be be used for everything: "At work in the morning to unlock the door, at a restaurant to pay for tacos, then use it to sign in at the gym, for your ticket at the Lakers game that night, and even use it to authenticate your age to buy beers after."

However, facial recognition technology is still viewed with a level of suspicion by many and gaining the public's trust might be easier said than done. In an effort to do this, PopID is complying with the strictest laws in the US when it comes to face data, the Illinois Biometric Information Privacy Act, under which Facebook was successfully sued for $650 million in a class action over its use of facial recognition technology.

Built into PopID's user agreement is that they will only share user data when a customer gives their permission and should e.g. a police department ask to check one of their photos against the PopID database, they would be treated like any third party and refused permission.

And if they produce a warrant?

"(We will) fight it as much as we can, until I get something that says I'm gonna go in the slammer unless PopID cooperates," said Miller.


Thanks for visiting SecAlerts and reading this story. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Receive alerts for vulnerabilities, zero-days, security news and more

Try our FREE 14-day trial. See an example email

Example email for SecAlerts