Data is the most valuable commodity of the modern era. Global tech giants thrive on collecting it and making a profit from it. So, the march towards facial recognition payments may seem unstoppable. However, the idea that our faces are being harvested and stored digitally is raising far more than a few eyebrows. Here are the pros and cons.
Pros: The great leap forward in biometric payment technology
Of course, there are many pros when it comes to facial recognition payment, especially from the industry’s point of view. After all, many devotees of the iPhone are already using it, making it the new - or latest - normal.
“It appears consumers are becoming more accepting when they are trading biometrics for convenience in the private sector in terms of faster and more secure payments,” says Gus Tomlinson, head of strategy at GBG, a global leader in identity data intelligence. “Most prominently, we have seen Apple enabling facial recognition to unlock phones, the first step in extending strong authentication to access apps.”
When it comes to giving out your facial characteristics, why would you worry if you’ve already given away your thumbprints to your phone, photograph album to Instagram, contacts book to Facebook and so on?
“Currently, convenience still beats other concerns,” says John Erik Setsaas, vice president of innovation and identity, at digital identity fintech Signicat. “People use Google for mail, maps, documents and searching, even though we know Google collects information and creates a profile.”
But when it comes to facial recognition payment we’re in unregulated territory as legislation lags behind the latest technology.
Facial recognition lessons from around the world
The industry should, perhaps, be looking to France where the first standard regulation applicable to biometric systems at work was introduced. It prescribes specific requirements for processing biometric data to control information systems in the context of business tasks.
This is in stark contrast to the situation in India where the world’s largest biometric identification programme comprehends roughly a billion registered users (the entire population is 1.3 billion) and facial recognition privacy concerns are very serious.
“Upon its creation, Aadhaar was largely viewed as a well-intentioned initiative that could stem government waste and protect citizens’ identities,” Mr Tomlinson explains. “Today, many view it as a mass-surveillance tool that infringes privacy rights.”
Currently, the European Union’s General Data Protection Regulation is meant to prevent abuse of our privacy. Geoff Anderson, chief executive of UK cybersecurity startup PixelPin, urges companies using biometric payment technology to get ahead of potential future problems. “The appeal of biometrics is obvious: it’s easy to use, almost impossible to lose your facial characteristics and also quite sci-fi,” he says. “We’re at the relatively early stages of the biometrics life cycle, so what we do now will really set the agenda for its future use.”
Cons: facial recognition payment and privacy concerns
There is obviously a lot of excitement around facial recognition technology and its implications for the future of payments, and rightly so. But it’s important to temper enthusiasm with caution. It is vital, therefore, the industry concentrates on the privacy concerns that are most pertinent, so the risks to the consumer don’t exceed potential gains.
“While the benefits are endless, businesses must also consider the risks that arise from deploying face recognition systems as they need to take appropriate steps to comply with the law,” says Tamara Quinn, partner at international law firm Osborne Clarke. “Facial recognition and video surveillance are covered by a complex web of regulations, which isn’t easy to navigate, plus there is reputational risk if companies aren’t seen to be taking privacy seriously.”
It’s also important to understand the potential for fraud. Customers might think that because their face is unique, they don’t have to worry as they would if relying on a password or PIN number to authorise payments.
Last month, it was revealed that the biometrics data of more than a million people had been exposed from a database owned by the biometric security company Suprema. This included facial recognition collected by London’s Metropolitan Police.
“Combined with the personal details, usernames and passwords, the potential for criminal activity and fraud is massive,” according to one of the researchers who brought the situation to light. So biometrics is not immune from the difficulties faced when it comes to fraud.
“Biometrics is not fool-proof and, just like your credit card, details can be stolen and cloned,” says Mr Anderson. “A picture of your face can enable anyone to steal your identity. Until the reliability and security of biometrics can be proven, it should only be an opt-in choice for users. What absolutely must not happen is a rush to implement biometrics as the de facto means of authentication; let’s not run before we can walk.”
Facial recognition systems and surveillance cameras
Anyone interested in payments technology should take note of a court case launched in Cardiff concerning automated facial recognition used by the state. This is the first major legal challenge in the UK regarding facial recognition privacy concerns and was brought by office worker Ed Bridges, who believes he had his image captured by police while he was shopping last Christmas.
"By the time I was close enough to see the words 'automatic facial recognition' on the van, I had already had my data captured by it,” he says. “That struck me as quite a fundamental invasion of my privacy.” Mr Bridges is supported by the civil rights group Liberty.
"It is just like taking people's DNA or fingerprints, without their knowledge or their consent,” says Megan Goulding, a lawyer working on the case.
Understandably, this has prompted negative headlines and it seems a balance must be struck between the use of biometrics by the state and its potential benefits in the payments sector.
“The technology will, as technology does, continue to be developed," says Andrew Hartshorn, information law specialist at law firm Shakespeare Martineau. “I think its use is likely to be curtailed going forwards, or rather used in limited circumstances, where use is more focused, with less scope for widespread invasion of privacy.”