In numerous corners of the globe, boarding a plane, purchasing your morning cup of joe, or accessing your financial accounts has taken a futuristic turn with the advent of facial recognition scans or thumbprint technology. Incorporating biometric technology into payment processes is a growing trend among leading tech companies.
Both Apple Pay and Google Pay have embraced biometric tools for transaction purposes. Not to be outdone, Amazon, the world’s leading online retailer, is making strides in implementing the same.
In September, it launched Amazon One, its innovative biometric payment technology that empowers customers to make payments at brick-and-mortar stores by simply placing their palm over a scanning apparatus. While this cutting-edge technology will initially be limited to Amazon Go stores, there are already plans in the pipeline to expand its use to its subsidiary, Whole Foods, and eventually encompass other retail outlets in the future.
The appeal of this technology is undeniable. The tedious chore of searching for your wallet or dealing with pesky loose change has been eliminated. Additionally, the enduring uniqueness of our fingerprints and retinas presents a theoretical barrier to fraudulent transactions.
The biometrics technology market is gaining traction on a considerable scale. Currently, the industry is growing at a compound annual growth rate of nearly 20%, and is projected to be valued at an astounding 59.31 billion USD by 2025. However, as algorithms continue to collect an increasing amount of identification data, the impending questions surrounding the balance between convenience and privacy inevitably begin to surface.
What are the implications of biometric compromise?
In the instance of a conventional cyberattack or large-scale data breach, amending our password and other login specifics can function as a robust strategy to curtail the exposure of confidential information. The cybercriminals may have managed to infiltrate our accounts initially, but subsequent breaches can be effectively mitigated.
However, the situation is complicated when considering biometrics. Our thumbprints and facial features are unique and permanent, making it impossible to simply exchange them for a new identity in the event of a data breach. At present, the theft or misuse of biometric information carries significant risks—it’s seemingly an inevitable concern that criminal activities will intensify as biometric technology becomes more widely adopted.
Several alarming incidents around the globe have highlighted the potential dangers. Aadhar, India’s centralized database that collects biometric identifiers, such as fingerprints, suffered a significant data breach in 2019. In a similar vein, Nadra, Pakistan’s central database, which also stores biometric markers of its citizens, was targeted. Nevertheless, databases like Aadhar and Nadra, as yet, do not contain payment information specifically linked to biometric details.
While data breaches of any kind can inflict devastating repercussions on individuals, the situation becomes significantly more complex when permanent identification markers are linked to payment details. When you scan your palm over a biometric machine, the underlying algorithms authenticate the unique identifiers, matching them to pre-existing payment data. As these databases continue to expand, they will inevitably draw the attention of hackers and other malicious entities seeking to pilfer millions.
Regulatory measures may be pivotal.
In February 2020, the European Union (EU) implemented comprehensive regulations governing facial recognition and artificial intelligence technologies, an endeavor aimed at establishing a unified data market across Europe. These regulations, in conjunction with the privacy mandates of the GDPR, could potentially compel companies involved in biometric payment technologies to adhere to standardized processes and protocols. This proposition may not sit well with big corporations like Amazon or Facebook, as they would invariably strive to safeguard their intellectual property and resist standardization efforts.
Considering the extremely sensitive nature of biometric information and the inadequate record of large tech corporations in protecting user privacy, can we genuinely entrust them with even more personal data? Currently, there is considerable opacity surrounding the security and privacy protocols integrated into these firms’ database management systems. However, if regulations were to outline a clear, standardized approach to managing biometric payment systems, it could significantly mitigate the risk of misuse.
One potential solution lies in the concept of “untraceable biometrics,” secure technologies that process biometric data without associating it with a specific individual. This technology operates by transforming the biometric data provided by an individual into an unrelated data string or key, essentially using the biometric data as a decoder of unique identity.
Such technologies already exist, for instance, NEXUS, a biometric-based system that facilitates border crossings between Canada and the United States. However, the intricacy of the algorithms and the need for sophisticated hardware often make them prohibitively complex and expensive for most businesses. In the absence of federal legislation mandating their use, it’s unlikely that any major corporation will be incentivized to adopt untraceable biometrics.
Regulatory bodies must rise to the occasion. While some localized legislation, such as the Illinois Biometric Information Privacy Act and the California Consumer Privacy Act, does exist, a more extensive federal or even international effort is required to ensure the security of biometric payment systems.
As consumers, it’s crucial to understand that the convenience offered by new technologies often comes with a privacy trade-off. While biometric payment systems offer a tempting level of convenience, without guarantees of their integrity, it’s safer to refrain from using these technologies for now. For those seeking to maintain their anonymity, the anonymity of cash transactions remains an unbeatable option.
Remote access vpn palo alto