Mastercard this week became the latest business to unveil a novel use for biometric data, a facial recognition system which will allow cardholders in Brazil to “pay with a smile”. Biometric data gathering has become commonplace across a wide variety of industries, but despite this enthusiasm among businesses, new research suggests less than half of people in the UK are willing to share their information.
The Mastercard programme makes biometric scanning available to retailers, meaning a customer can pay by presenting their fingerprint or having their face scanned. To use the system, customers must register their details in the Mastercard app so it can be linked to their payment information.
Mastercard’s president of cyber and intelligence, Ajay Bhalla, told the Evening Standard: “The way we pay needs to keep pace with the way we live, work and do business, offering choice to consumers with the highest levels of security.”
Bhalla cited better security, faster payments and better hygiene as reasons people should sign up to use PayFace, which requires users to enrol their likeness and link it to payment information.
More than half of people don’t want to share biometric data
After the initial trials in Brazil, Mastercard plans to roll out the system around the world, but may not find many takers in the UK if research from software company Capterra is anything to go by. The Capterra survey, released today, aimed to look at whether attitudes to biometric information had changed following the Covid-19 pandemic, and found that 60% of those responding were unaware that biometric data could be shared with other companies, not just held by the firm or organisation they shared it with.
It also revealed that even 57% would be uncomfortable sharing biometric data, including fingerprints, face prints and voice recognition under any circumstances.
Researchers involved in the survey said it was important that “businesses and institutions go beyond complying with laws like GDPR when collecting and tracking personal information, as data transparency is equally important.”
Biometric technologies cover a wide range of uses, from using a fingerprint to sign in to a device to having a device like Alexa recognise the person speaking through voice print analysis. It covers a person’s unique physical and behavioural characteristics.
“In our survey, 44% of participants said that they regularly use fingerprint scanning, with the second-highest biometric method being face scans,” the authors said
“These methods are frequently used to unlock modern smartphones. However, 20% of respondents state that they do not use any of the biometric technologies detailed in our study.”
Use of biometric data in schools
The data isn’t just being used in the workplace, retail and hospitality. A new report by campaign group Defend Digital Me, also released today, found that some children were being forced to give up biometric data to get food or take out a library book, which the group said needs to stop. They are calling for a ban on unnecessary biometric data collection in education.
“Our enthusiastic adoption of biometric technology needs to balance material risk with measurable benefits, which presupposes we have identified both,” the report says. “Although there are some areas in policing where the adage may not always hold true, the saying ‘just because you can doesn't mean you should’ is still a handy test to apply when balancing the possible with the permissible and the acceptable.”
A Department for Education spokesperson said: “It is for schools to decide whether they use fingerprint recognition or other biometrics, and we provide guidance for schools on their use, which sets out the legal duties on schools.
“We are clear that schools and colleges using fingerprint or other biometric recognition systems should make arrangements to notify parents and obtain their consent. Schools and colleges cannot legally process a pupil’s biometric data without having done so.”
The department said the biometric advice for schools and colleges are currently under review to reflect the law and government policy.
Regulation required to protect users
A number of countries have laws protecting users’ biometric data. In Europe and the UK it is covered by GDPR, but often these regulations only protect the identity of the individual, says Imogen Parker, associate director of policy for AI research organisation the Ada Lovelace Institute, and not the potentially more intrusive intangible aspects, such as their likes and personality type predictions.
Speaking to Tech Monitor earlier this month, Parker said: “It was the purview of police forces and government, but new technology has opened up opportunities for collecting and using biometric data in the private sector and across a wider number of industries.”
Clearer legislation is required in this area, Parker says, and tacking biometrics on to upcoming laws, such as the UK’s replacement for GDPR, the Data Reform Bill, is unlikely to go far enough.
On Mastercard's plans, Suzie Miles from law firm Ashfords told The Guardian that there are issues around the use of biometrics, particularly in that while a password can be changed, a wave or smile cannot, adding that “If biometric data is hacked then the risk of fraudulent activity could be considerably higher than current payment methods."