Biometrics in retail sparks concerns among consumers, privacy advocates

Companies are pitching biometric payment solutions as a solution to fraud and theft. But their fast expansion is making some consumers and privacy advocates wary – especially when companies do not offer alternative payment options. By 2026, almost $5.8 trillion in payments are expected to be made using biometrics each year, according to a Goode Intelligence forecast.

The latest example comes from California. Biometrics fintech firm PopID invited scrutiny at a student event at the University of Southern California (USC) campus in Los Angeles after leaving no choice to purchase food inside the venue aside from its facial recognition payment system PopPay.

“[It’s] slightly coercive, because you’re not really being given a choice between normal payment methods and using your face, which is a pretty intimate subject matter,” USC student Vera Wang told student paper The Daily Trojan.

PopID explained that the company was “a paid sponsor of promotional events to market our products.” However, the move has invited questions about PopID’s commitment to privacy and data security.

The company, co-founded and seeded by food and retail conglomerate Cali Group, says it complies with the strictest law in the United States regarding facial recognition data, the Illinois Biometric Information Privacy Act, the student paper notes that its privacy policy states that it “cannot guarantee the security of your data transmitted to our site.”

Privacy advocates issue warnings

Like many other biometric payment companies, PopID has been busy this year, partnering with restaurants such as Steak ‘n Shake, Tyme’s self-checkout restaurant kiosks, and Samsung’s POS kiosks. Similar efforts are being made by Amazon, Mastercard, Clear and JPMorgan Chase. The latter has piloted palm and face-based payments at the Miami Grand Prix Formula One race in May.

January research from Research and Markets supports the idea that consumers can be reassured that biometrics payments are safe. But privacy advocates have raised concerns about the risk of biometric information being stolen by identity thieves or abused by law enforcement agencies, Bloomberg Law reports.

Digital rights group Fight for the Future, for instance, has been organizing an online petition calling on grocery stores not to include Amazon’s palm-scanning technology as a payment option. The group warns that sensitive data could potentially be abused, hacked or stolen.

Cobun Zweifel-Keegan, managing director of the International Association of Privacy Professionals trade group, notes that companies usually don’t keep raw biometric information but instead store a computer’s interpretation of a physical feature, like a set of numbers.

But other experts, such as Jen King, a privacy and data policy fellow at the Stanford Institute for Human-Centered Artificial Intelligence, maintain that hackers or fraudsters could try to combine scans with other pieces of consumer data.

“If I look at an image of a palm, I probably can’t tell it’s you versus me necessarily,” King told Bloomberg. “But that doesn’t say it’s not identifiable, because if it wasn’t identifiable they wouldn’t be using it.”

The U.S. has seen piecemeal efforts to regulate biometric payments, including a state-level bill sponsored by New York State Senator James Skoufis. An earlier request to the Washington State Liquor and Cannabis Board to allow the use of biometrics for age verification for restricted purchases was tanked, according to a board spokesman.

Meanwhile, similar skepticism about the tech is on the rise in other parts of the world.

Australian privacy group warns about biometrics in retail

The Australian Privacy Foundation is warning that increasing CCTV usage in stores is a major concern. The government is also looking into facial recognition tools with the Attorney-General’s Department recently completing a comprehensive review of the Privacy Act, according to the Sydney Morning Herald.

The concerns were sparked with recent investment by Australian supermarkets into surveillance following a surge in shoplifting: Last year it was revealed Kmart and Bunnings introduced facial recognition technology in stores, sparking an investigation by the Office of the Australian Information Commissioner (OAIC).

A more recent subject of controversy is Woolworths. The supermarket chain announced it will invest $40 million on CCTV upgrades, body-worn cameras and other devices. An average Woolworths store has 62 CCTV cameras while self-checkout desks are equipped with six to eight cameras, including an AI system determining whether the correct items are being scanned.

The non-government organization says that while supermarket employees are likely not accessing or analyzing this data, external service providers have this capability. The prospect of the data collected at the supermarket proliferating raises the possibility that biometric technology could be applied to it after the fact, or without customers being aware of it.

“There’s the lack of reciprocity when you have technology like this. You don’t get to know what a company is doing, so you can’t even decide if you don’t want to be paranoid,” says Australian Privacy Foundation Chair David Vaile.

According to Woolworths, stock monitoring cameras record silhouettes of customers or staff, while the self-serve checkout cameras blur faces, blackout PIN pads and are not viewed live. All CCTV footage was stored locally and only accessed by store team leaders and the investigation teams, along with police if necessary, while self-scan checkout footage was stored in Australia.

Article Topics

biometric payments  |  biometrics  |  data privacy  |  facial recognition  |  Office of the Information Commissioner (OAIC)  |  PopID  |  retail biometrics