Face biometrics secure payments, borders, public services, but good practice eludes some

Facial recognition and biometric liveness detection are featured in all of the top stories of the week on Biometric Update, in a wide range of use cases and circumstances, from a breach of negligently stored data to public sector tenders and recognition for emerging startup AlgoFace. The biometrics used for retail payments at Miami’s F1 race from J.P. Morgan Payments could be face or palm, Eurotunnel will use devices from In Groupe to carry out border checks for EES, Mitek identifies trends in fraud that illustrate the importance of presentation attack detection, and Pimeyes is off-limits to London police.

Top biometrics news of the week

A massive data breach has exposed the records of more than 5 million people in El Salvador, including facial images for use in biometric ID verification, in a shocking example of data handling negligence and industry worst practices. The source of the breached database is unconfirmed, but whoever is responsible did cybercriminals a favor by storing facial images, unencrypted, labelled with ID numbers.

A police facial recognition database with records of more than 50,000 people has also been breached in India. Telangana police are moving forward, regardless, with a tender for an AMBIS to add face biometrics, and possibly other modalities, to its forensic capabilities. NEC’s experience supplying face biometrics technology for Aadhaar and Digi Yatra also gives it a leg up on opportunities to supply Indian police.

Trinidad and Tobago is soliciting tenders for a face biometrics SDK that includes deduplication, PAD and image quality assurance capabilities, in collaboration with the UNDP. The application is not specified, but the UNDP is working with the country on a new digital ID system as part of its digital transformation. The deadline for bids is May 20.

Resistance from policy-makers to America’s airport biometrics rollout continues, with an amendment from Senator Merkley to pending legislation pitching a pause in the TSA’s program expansion. The objections and reasoning behind them are reminiscent of the protracted fight over the implementation of the Real ID program. The legislation was ultimately passed without the amendment reaching a vote.

The introduction of Europe’s biometric EES will not cause significant delays for travelers, Eurotunnel operator Getlink’s CEO says. The organization showed off biometric devices from In Groupe at the recent Passenger Terminal Expo. Eurostar is planning to use an app for pre-registration, but the late start means that even with fast-tracked development it may not be ready in time.

The Netherlands’ data protection authority has published guidance for organizations considering implementations of facial recognition. Deployments to high-security facilities that a data protection impact assessment shows to be in the public interest are allowed, but deployments to more public areas like supermarkets would necessitate explicit permission from all customers, making it impractical.

U.S.-based startup AlgoFace has been accepted into a Microsoft accelerator program, and has won a pair of grants from the Arizona Commerce Authority and the National Science Foundation worth a combined $425,000. An application the company is developing would enable searches against a database of face photos based on text descriptions of facial attributes.

Retail face or palm biometrics are coming to F1’s Miami Grand Prix for merch sales, supplied by J.P. Morgan Payments. Telpo has launched a new palm biometrics payment device powered by a Qualcomm SoC, and Astra Tech’s PayBy is bringing palm biometric payments to stores in the UAE.

New research from Mitek indicates criminals are taking advantage of more widely available generative AI and deepfake tools to carry out relatively sophisticated fraud attacks. Account takeovers are among the top current fraud threats, and Sift research shows they surged last year. Fraud is not the only threat to businesses neglecting liveness detection, as SoFi with a $1.1 million FINRA fine for weak fraud prevention.

London’s Metropolitan police are not allowed to use PimEyes’ facial recognition service anymore, after an FOI request revealed more than 2,300 visits to the site (not necessarily representing the same number of searches). The force’s embrace of facial recognition is not supposed to include the entire public internet as a watchlist, or untested technologies.

The Women in Biometrics awards for 2024 were announced by the Security Industry Association at its GovSummit event. Congratulations to this year’s winners; Leire Arbona Puértolas, Veridas legal and compliance director, Heather Haller of the FBI, Melissa Conley of the TSA and Caitlin Kneapler of DHS.

Please let us know about any thought leadership, podcasts or other content we should share with the people in biometrics and the digital identity community in the comments below or through social media.

Article Topics

biometrics  |  digital ID  |  digital identity  |  facial recognition  |  week in review  |  Women in Biometrics