Biometrics adoption, inclusion gains depend on bridging the understanding gap

Education is a lifelong process, and emerging technology applications like biometrics payments are often challenging for older people to understand. There are real risks and trade-offs associated with biometric payments, particularly in poorly-designed systems or with inadequate user understanding.

Researchers in Hong Kong and Germany have some suggestions on how better system design can aid the understanding of older biometric payment users, while a prominent U.S. newspaper encourages caution, but without the level of scrutiny and detail that leads to practical understanding.

Older adults’ experiences with biometric payments

“‘What If My Face Gets Scanned Without Consent’: Understanding Older Adults’ Experiences with Biometric Payment” will be published in the Proceedings of the 2026 CHI Conference on Human Factors in Computing Systems.

Two researchers from the Hong Kong University of Science and Technology and two from the Max Planck Institute for Security and Privacy in Germany interviewed 22 older adults in China, including both users and non-users of biometric payments. They found that convenience and security perceptions are motivators for the adoption of biometric payments by older people, but concerns around loss of control and biometric data security are barriers.

The experiences they describe include increased convenience and a preference to avoid the insecurity of password-based systems, but also unintentional signups and biometrics implementations without an effective Presentation Attack Detection (PAD) layer.

Three key tensions are described in the paper, between ease of use and security and privacy considerations, the benefits and the control-reduction drawback of going passwordless, “and the gap between perceived understanding and practical reality.”

The researchers recommend a set of design changes to address these tensions. First, they suggest “providing a cognitive confirmation process in addition to biometric recognition that allows users to consciously verify their intent before completing a payment transaction.” Interactive and step-by-step instructions could help restore user control and increase the autonomy of older adults’ choices around biometric payments. Systems could also be designed to include optional protections like payment amount limits and real-time transaction notifications.

A story problem

The Wall Street Journal is 136 years old, and while age shouldn’t affect a news outlet, an article on the “risks to giving your biometric data to companies” stumbles over several familiar misconceptions.

The perspective shared is based on interviews with “privacy professionals,” who warn that “you may be giving up more than you’re getting.”  The experts consulted include an independent researcher and technologist along with representatives from the EFF, EPIC, Red Clover Advisors and Debbie Reynolds Consulting.

Acuity Market Intelligence Principal Analyst and Chief Strategist Maxine Most writes on LinkedIn that the article “is filled with so many fallacies about biometrics that it should be an embarrassment to the newspaper.”

The Journal urges consideration of five aspects of biometrics risk before adopting the technology.

“You can’t replace your biometrics” may seem like a heading for a section on the perils of oversharing photos on social media. Instead, it warns that if criminals access an individual’s biometric data “by hacking a site where it’s stored, for example, you have no recourse.”

And what if they simply copy your profile picture from Facebook? The Journal is silent on this obviously greater risk. And what about the importance of liveness detection or PAD to protect against spoofs? Another important factor unmentioned.

It is little surprise that the implied scenario of a hacker using a stolen template to break into and take over an individual’s account is not accompanied by a real-world example, because while fraud is rampant in America’s public sector and financial ecosystem, that that is not how it is typically carried out.

A section on “How companies can use your data” amounts to a lament on America’s patchwork of mostly-inadequate data protection laws, but framed as if the problem is specific to biometrics.

“What if the data is stolen?” addresses the same risk as the first consideration, but fails to remedy the gaps in understanding the nature and extent of that risk.

The representation is reminiscent of what Access Control Collective CEO Lee Odess calls the “story problem” that poses a barrier to mainstream biometrics adoption.

“The dystopian side has narrative discipline. The utopian side has spec sheets,” he says.

Article Topics

biometric payments  |  biometrics  |  consumer adoption  |  digital identity