Mastercard Patent Could Prevent Biometric Data Attacks

Mastercard’s efforts add to those of several companies looking at ways to prove real from fake.

Photo of a Mastercard patent
Photo via U.S. Patent and Trademark Office

Sign up to uncover the latest in emerging technology.

Mastercard wants to track your growing pains.  

The credit card company filed a patent application for a method of “preventing biometric infringement.” Mastercard’s tech essentially continuously updates and refines biometric scans to ensure that the person offering them is actually the one who owns them. 

“Current biometric sensors and registration processes cannot determine whether a single user is performing a biometric registration process, or more than one user is performing the registration process,” Mastercard said in the filing. “This enables any one of the registered users to perform a fraudulent activity by purporting to be any one of the other registered users.” 

When someone registers their biometric information with Mastercard’s system, this tech would extract two or more “distinct elements” of that specific biometric, such as specific points on a fingerprint or key elements of a face, to create a unique biometric template. 

When that biometric is collected and validated again, such as when a user is logging in, the system collects several more of these distinct elements and uses them to update the user’s biometric template. This allows Mastercard to create a robust biometric profile on its users, without having to collect several different types of physiological data for authentication.

Additionally, after it’s first collected, Mastercard’s system encrypts the user’s biometric template for an extra layer of security. 

Mastercard has filed patents previously aiming to beef up its biometrics: One application that became public last year proposed a way to “normalize” biometric image samples that allows people to log in with the same biometric information on different devices.

In the age of AI-generated deepfakes, lots of companies are looking at ways to prove real from fake. Intel, Sony, and Google have sought to patent their own deepfake detection algorithms; Nvidia is working on watermarks for AI-generated content; and Meta’s authentication solution may rely on capturing a user’s skin vibration.

Given the growing sophistication of cyberattacks, patents like these make sense — especially for Mastercard. As one of the biggest credit card issuers globally, the company handles millions of transactions daily. And in the past several months, the company has bolstered its own AI-powered defenses, releasing a suite of fraud and identity protection tools called Scam Protect in April. 

While biometrics are generally a stronger means of authentication than a password, they’re also a double-edged sword. The common solution to multi-factor authentication is to simply collect more biometric information. But because biometrics can be spoofed and stolen, once they’ve been compromised, they’re not necessarily easy to retrieve or eliminate.