View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Policy
  2. Privacy and data protection
April 29, 2021updated 21 Oct 2022 2:46pm

Unexpected face in the bagging area: The rise of facial recognition in retail

Retailers are embracing facial recognition to enhance security and smooth the payment process. Is this good business or nightmarish surveillance?

By Greg Noone

For most British teenagers, purchasing alcohol is a rite of passage. But for retailers, selling liquor to underage customers is a significant risk: shops can be fined up to £5,000 for a single offence then £20,000 for repeat incidents. Legally, buying alcohol requires customers to produce a holographic ID document proving their age. Even so, asking customers for this proof is a common source of aggravation, one that sometimes leads to verbal and physical abuse for shop staff.

John Abbott, chief business officer at Yoti, hopes the technology company’s age estimation software will ease the tension. Embedded in self-checkouts, Yoti’s program offers customers the option of either proving their age using a digital ID or their own face. Choosing the latter allows the company’s proprietary algorithm to analyse an image of their face for signs that they’re over 18. After combing the image for signs of crow’s feet and laugh lines, the AI will pronounce a verdict on the customer’s age.

Security technology providers are offering services that claim to spot suspected shoplifters in CCTV footage. (Photo by David McNew/AFP via Getty Images)

The results from trials have been encouraging, says Abbott. “We’ve been live using age estimation in Estonia for nearly a year,” he says, while a 90-day study in a US superstore saw supportive feedback from shoppers. Implementing the solution at scale would, Abbott argues, “help the consumer journey by making it more frictionless, providing fewer checks, and then making sure that retailers are coming over and looking at a phone, or passport, when they really need to”.

UK regulators are thinking along similar lines. Earlier this month, Yoti embarked on an ‘alcohol sandbox’ trial of its age verification software with ten of the country’s largest retailers. If successful, waving over a member of staff to approve a bottle of wine at a self-checkout could become a thing of the past. Indeed, Abbott has grander ambitions for the software, predicting it could become integral in everything from enforcing age restrictions among movie-goers to protecting children from online grooming.

It’s hardly the only experiment with facial analysis in retail. Increasingly, businesses consider biometric markers the gateway to a touchless consumer experience, one that prioritises the convenience of the customer while enhancing the security of their transactions. At the height of that equation, however, lies a new paradigm of data collection – one that, if mishandled, could end up compromising the most innate of personal data, and souring the public on the use of biometrics in retail for good.

Facial recognition applications in retail

Facial recognition is already helping retailers crack down on shoplifters. Theft costs local shops thousands of pounds worth of losses, in part because it takes so long for them to notice that a crime has been committed in the first place, says Nick Fisher, MD of security technology provider Facewatch.

“The store retail staff will be busy,” says Fisher. “They know that they’ve put a couple of hundred pounds of meat in the fridge that morning. And then, they notice a big chunk of it is missing. And they know they haven’t sold it.”

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Staff can often identify who stole the produce by analysing in-store CCTV footage, Fisher says, but spotting them if they enter the store again is much more difficult. By pairing facial recognition with CCTV footage, Facewatch promises an automated alert system for shopkeepers and their staff, comparing the faces of everyone who walks into the store against a watchlist of suspected shoplifters. If there’s no-hit, the image is immediately deleted. Should a match be found, however, shop staff are immediately alerted.

“We only send images directly to our clients where the match is greater than 97%,” says Fisher, a level of confidence supplemented by additional layers of automated and in-person checking of any new image.

The system is, in part, a reaction to a lack of police interest in prosecuting shoplifters. Around a thousand thefts are committed in UK shops every day, according to research by Checkpoint Systems, but difficulty in identifying the culprit is a common obstacle to prosecution. In many cases, though, police don’t even try: in 2017, it was revealed that police in the UK largely avoided investigating thefts of goods valued below £200. 

Over time, that has a real impact on a retailer’s bottom line. “A lot of businesses build all this into their own shrinkage budget now,” says Fisher. The lower the margin, however, the more devastating theft can be. Petrol stations, says Fisher, are a good example. “Someone comes in and nicks £90 worth of fuel off your forecourt, you’ve wiped out your day’s profits.”

Fisher claims that stores using Facewatch have seen shoplifting drop by 25% within 90 days of using the software. And it is not the only example: British supermarket Sainsbury’s has installed software capable of detecting when a customer has secreted an item on their person, while in the US, facial recognition is already being deployed by Walmart, Lowe’s and Target for security purposes.

X5 group, Russia’s leading food retailer, is trialling ‘facepay’ technology in 3,000 stores. (Photo by Dimitar Dilkoff/AFP via Getty Images)

Beyond security, the key drivers to facial recognition in retail are “convenience and hygiene”, says consumer analyst Alan Goode. Along with other biometrics, such as vein recognition in palms, it may allow brick-and-mortar retailers “to compete with online, from an experience point of view,” says Goode.

Businesses are exploring the use of faces to authenticate payments, allowing infection-wary customers to shop with a minimum of contact, Goode explains. In March, a trial of so-called ‘facepay’ software began in 3,000 supermarkets and convenience stores across Russia, following similar rollouts in the US and China.

The technology could also support more convenient loyalty schemes, he says, allowing shoppers to rack up points without needing a card. Traditional retailershaven’t got it right, I think, from a loyalty perspective,” says Goode.I still get sent tonnes of paper-based vouchers for offers.”

Surveillance capitalism: security and privacy fears

Facial recognition is no ordinary business technology, however. Few technologies prompt greater concern among privacy activists, and dystopian applications are easy to imagine.

The security of the facial biometric data itself is one concern. Although it is typically encrypted, and therefore difficult to hack, it is not impossible. Similarly, machine learning algorithms can be spoofed using artificial body parts. Moreover, not only would the use of facial recognition cameras at scale in shops add yet another layer of surveillance for customers, but could also lead to retailers selling their biometric information to third parties in vague and unusual ways. 

Then there’s the issue of their reliability. “This surveillance is well-known to suffer from severe inaccuracy and biases, leading to innocent people being wrongly flagged and put on criminal databases,” Silkie Carlo, the director of Big Brother Watch, has said. These include the arrest of Robert Williams, an African-American man mistakenly arrested for stealing five wristwatches from a boutique in Detroit. 

The prospect of employees deciding who is a shoplifter and uploading their face to a security surveillance system raises countless questions, says Brookings Institute fellow Darrell M West. “How long are they going to keep this data?” says West. “Let’s say you shoplifted at age 15. Are you going to have to worry about that 20 years later?”

As far as Facewatch is concerned, the answer is no. Images of customers that aren’t matched to the watchlist are instantly deleted. Those of shoplifters, meanwhile, are retained for two years, with the clock restarting should they be caught stealing again. If a person is matched to the watchlist and an alert isn’t raised by staff within three days, however, that data is deleted. As a company operating exclusively in the UK, Facewatch is also subject to GDPR, meaning that anyone interested in acquiring their data can acquire it from the company via a subject access request.  

Fisher envisions only one possibility where Facewatch might fail: if someone contaminates its watchlist. “I could maliciously upload ‘Greg’ onto the database as an act of malice,” says Fisher. Nothing like that has happened yet, he adds, and doing so would lead to the instant withdrawal of the platform from the store in question. Even so, Facewatch is just one company. It isn’t hard to imagine rivals being compromised by prejudiced security guards wrongfully assigning blame for thefts to people of colour – hardly a new development, says West. “Some stores target minority shoppers and have security officials follow them around the store, he says. 

Questions also remain about the accuracy of Yoti’s age estimation software. While the service can guess customers’ ages with a high degree of accuracy, even if they are wearing face masks, its facility at guessing the ages of persons who have had plastic surgery, or have palsy, remains largely untested. That, says Abbott, is down to a lack of relevant training data. Affected individuals could present a physical ID to a member of staff, he adds. 

Public attitudes to facial recognition in retail

In some jurisdictions, the scope for privacy breaches is limited by regulation. In the UK and Europe, gathering biometric data is subject to the user’s consent, with certain exceptions for security and fraud prevention. In the US, however, only a few states have specific laws regulating biometric data acquisition. While movements to tighten controls have emerged in several states, West predicts many won’t. “The problem is, the technology is proliferating right now,” he says. “We don’t have years for states to take action here.”

The technology is proliferating right now. We don’t have years for states to take action here.
Darrell M West, Brookings Institute

Either way, the adoption of facial recognition and facial analysis solutions in retail settings will be determined in large part by customer acceptance. Fisher is confident. “There is not one shred of evidence, in terms of declining footfall, decline in trade, that demonstrates that any honest, responsible customer is put off by shopping in a store that uses facial recognition,” he says

The solutions most likely to endear themselves to consumers will be those that allow users to opt-in, rather than be forced into using the service, says George Brostoff, founder of facial recognition firm SensibleVision. “A loyalty program where they’re opting in, and you’re at the register and it’s seamless, that’s a wonderful application,” he says. “But walking up to the counter for cosmetics, and basically getting all these recommendations on the terminal where [you] haven’t opted in…that’s creepy.”

Read more:

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.