Pay By Face: 3D Facial Recognition And Frictionless Checkout is a Terrible Idea

by Tim Sloane 0

facial recognition

This article in PYMNTS suggests that the future of checkout at merchant locations is Pay By Face using 3D Facial Recognition, but don’t do it!

There are so many flaws with this approach it is hard to know where to begin, but I’ll discuss two of the topics here, consumer rights and transparency and security.

There are state laws that regulate the collection of biometric data and there are an increasing number of lawsuits as identified here. These laws focus on the collection, management and security of biometric data, but Mercator predicts that the obligation of maintain and securing biometric data will move to the consumer’s handset utilizing the FIDO standard. Merchants ask the customer to share a unique public key for the relationship and that user can then be identified utilizing the biometrics embedded in the user’s mobile device. Mercator recommends that banks and merchants avoid as much as possible the collection of biometric data, it creates a honeypot for criminals and a management headache that will cost more than it is probably worth.

The above discusses one aspect of security (maintaining a honeypot of biometric data) but lets loot at one additional area, customer authentication. It is common knowledge and a European law, that no single method be utilized to identify an individual because it is too easy to compromise. Proper authentication requires a minimum of two methods, Knowledge the user has, Ownership of something held by the user, or Inherence (something the user is such as biometrics). A 3D Facial Recognition solution, by itself, is ill conceived and extremely risky.

One last thought. An important aspect of payments is to validate the user’s intent to pay. While this article didn’t provide sufficient details to understand if some intent signal from the user is collected, such a single is important and shouldn’t be a photograph of the user winking or giving a thumbs up because that brings us back to the honeypot problem.

Biometrics will become the method by which we increase user convenience and security and Mercator has published a forecast of consumer adoption here. Most of the solutions will be FIDO compliant and utilize multi-factor biometrics. Personally I can’t wait for biometrics to be deployed because a reliance on passwords is insecure and inconvenient.

Featured Content