Recently, a large company in the North American payments sector announced a new “biometric payments program” using technologies such as fingerprint reading and facial recognition as payment validation methods. In its official announcement, the company pointed out that 74% of consumers are open to biometrics. Moreover, according to market research, the company estimates that this market will reach US$ 18.6 billion by 2026.
The Covid-19 pandemic is considered one of the main reasons for the increased acceptance of contactless technologies, since, as well as making consumers’ life easier, contact between devices and people has been increasingly avoided. The idea, now, is to take the next step and allow a simple smile or a wave to send credit/debit card machines into early retirement.
Moreover, banks and financial companies have also been showing interest in adding facial recognition as a further layer of authentication for certain operations, alongside digital or wrist biometrics that are already in use.
Facial biometrics are apparently the new darling of identity validation systems, after being in high demand for public safety solutions a few years ago. As in this case, however, despite the inherent advantages of the technology, its limitations must be kept in mind – as well as the national and international legislation concerning privacy and data protection.
Under Brazil’s General Personal Data Protection Law (Lei Geral de Proteção de Dados Pessoais/LGPD) and General Regulation on Data Protection (Regulamento Geral sobre a Proteção de Dados/GDPR), personal biometric data (such as facial images and fingerprint data) are considered a special category – under Brazilian law, they are sensitive personal data under special protection. This classification leads to a number of regulatory implications, such as limits to processing this data in accordance with the law, allowing companies to process biometric data only in very specific situations.
The stricter legislation is due to the greater risk of misuse or leakage of sensitive personal data. In situations of misuse, sanctions are also heavier: in a recent conviction, the British data protection authority imposed a fine of more than GBP 7 million on a US facial recognition company.
To payment institutions, the new technology can undoubtedly represent a significant competitive advantage: it also enables greater control against fraud. Adherence to biometric payments, on the other hand, brings with it greater regulatory risks which must be properly addressed.
For more information about compliance to privacy and data protection laws and standards, please contact our team of experts!
