iStock.com/PonyWang
Is Biometric Authentication Still in Retail’s Future?
Target has become the latest retailer to land in court over allegedly collecting and storing biometric data, including face and fingerprint scans, without consumer consent.
The lawsuit, filed in Illinois, claims Target’s surveillance systems, including cameras with facial recognition technology, “surreptitiously” collect biometric data on customers without their knowledge or consent in violation of the state’s Biometric Information Privacy Act (BIPA). Target hasn’t responded to the suit.
Retailers have often argued that such technology is necessary to help them guard against the worsening theft challenge, and others have faced similar legal action.
In December, the Federal Trade Commission banned Rite Aid from using facial recognition in its stores for five years. Last year, Amazon was sued in New York in a class action for not alerting Amazon Go customers that their bodies’ shapes and sizes as well as their palm prints were being monitored as they shopped.
Walmart, Best Buy, and luxury goods giant LVMH are among others facing lawsuits over biometric data privacy violations. Online, Meta, Google, and Snapchat parent Snap Inc. have all settled biometric privacy cases in Illinois in recent years.
While more states are passing legislation regulating the collection and use of biometric information, surveys show consumers are mixed about the technology. Some consumers are seeking the more secure and straightforward authentication that biometric technologies promise amid a rise in cybercrime, although privacy concerns continue.
A survey of U.S. consumers from software review platform GetApp found that consumers’ confidence in biometric technology had decreased in the past two years. The survey reported that consumer comfort in sharing the following forms of biometric data fell between 2022 and 2024:
- Fingerprint data: From 63% in 2022 to 50% in 2024.
- Face scan data: From 44% in 2022 to 33% in 2024.
- Voice scan data: From 34% in 2022 to 20% in 2024.
“Two years ago, our analysis found that comfort with biometric technologies had generally increased as a result of their role in easing many of the challenges caused by the pandemic (e.g., touchless solutions),” wrote Zach Capers, senior analyst at GetApp, in the study. “Now, in 2024, comfort levels have declined precipitously.”
GetApp said the discomfort is fueled by various security concerns regarding data breaches, misuse of data, identity theft, and reduced privacy. Beyond security concerns, 63% lacked faith in the accuracy of biometric technology, compared to 38% in 2022. GetApp said a likely reason is news of facial recognition misidentification disproportionately impacting people of color and women.
More encouragingly, the International Air Transport Association’s (IATA) annual Global Passenger Survey found that confidence in biometric identification is on the rise. The survey reported that 46% of passengers used biometrics at the airport in the last 12 months, up from 34% in 2022. Of the respondents, 75% prefer using biometric data over traditional passports and boarding passes. “While data protection remains a concern for half of the travelers, 40% would be more open to biometric solutions if they were confident that their personal information is secure — an increase from 33% in 2022,” the IATA stated.
Nick Careen, IATA’s SVP for operations, safety, and security, said, “Passengers want technology to work harder, so they spend less time ‘being processed,’ standing in queues. And they are willing to use biometric data if it delivers this result.”
A recent IDC survey on biometrics and customer satisfaction sponsored by fraud prevention provider Mitek Systems found that 77% of U.S. consumers were satisfied when using biometrics for authentication on their mobile phones and tablets, while 67% were satisfied when using it on their computers. One in three respondents reported that remembering passwords is their biggest authentication headache, while only one in 20 reported they struggle with biometrics. Among the challenges to adoption, the IDC survey found that 26% of respondents do not believe biometrics are safe or cannot be spoofed, while 22% are worried about their biometric data being stolen.
Discussion Questions
Do you suspect the use of biometric authentication will be more trouble for retailers than the technology’s worth?
Which applications of the technology (i.e., in-store security, authorizing payments, employee tracking, in-store marketing) will likely offer the biggest benefit for retailers? Which seem most intrusive?
Poll
Loading …BrainTrust
Bob Amster
Principal, Retail Technology Group
Allison McCabe
Director Retail Technology, enVista
Collecting data without permission is a clear no, and this kind of underhand activity will do nothing to advance biometrics. That said, I think biometric validation for things like payment will become more common over time. Amazon’s Pay by Palm has now rolled out across Whole Foods stores and is being used by more shoppers. However, there is still some reluctance among those who see it as an invasion of privacy and overly intrusive. As such, more widespread adoption will be a slow burn.
Use will certainly grow, as will the challenges; which will win out….dunno. That having been said, in this case I think the skepticism will, ultimately, be a good thing (at least at the societal level…I’m sure some retailer will claim they’re needlessly losing billions because of “irrational” concerns): IMHO we’re close to a rather scary cliff with regard to privacy and transparency, and treading carefully seems in order.
Biometric validation for certain use cases will continue to grow over time. However, with breaches of services like 23andMe, where a data breach resulted in stolen genetic information, people are increasingly concerned about the security of their biometrics and some feel it is an invasion of privacy. Retailers must ALWAYS be clear when data is being collected.
There are no alternative technologies to biometrics in the works. Therefore, because of its convenience and security benefits, biometrics will continue to grow in coming years, be it in retail, or otherwise.
In fact, biometrics is still in its early development stages, and there will be a demand for biometric technology from many sectors of the economy as well as from public entities looking to reduce data breaches and costs.
There will be a great deal of attention paid to data breaches. That’s where new technologies are likely to arise. But biometrics are here to stay. Db
Biometric authentication will be slow to adopt in retail due to privacy concerns, as illustrated by less then 50% of consumers feeling comfortable with fingerprint, face or voice data used for authentication. The one thing that may help change consumers’ attitudes is the acceptance and use of facial recognition for airport security. Just like the use of airline kiosk adoption drove the acceptance and use of self-service options in retail and restaurants. It is a good example of how our behaviors in one area helps shape our behavior in other areas.
There is a difference in using biometrics to confirm the user is who they say they are during payment vs using biometrics to track the Amazon Go customers “bodies’ shapes and sizes as well as their palm prints were being monitored as they shopped”. True transparency to the customer is the key to its success.
As more stories like this come to light, collecting and saving biometric data without consent will become an issue for the courts and legislators to address.
For payment capabilities, which are opt-in, there are certainly a number of consumers who will embrace this technology, just as there a those who will never consent to using biometric payment options. Most people, I suspect, are waiting on the sidelines until they better understand how these data will be used and what legal protections will be enacted.
…and we are afraid of the “Big Brother” government? Today’s discussion suggests that retailers are a greater culprit than our government. That being said, when will we get over the idea that everything we do on a day-to-day basis is recorded in some way? The privacy we are trying to protect doesn’t exist.
First, assuming the retailer will eventually know everything about the shopper as they enter the store, it will surely help with security. The problem with that is who will take action. In today’s environment, store personnel are not permitted to take action, and law enforcement doesn’t seem to care. If I were the claimant in a privacy suit against a retailer, the first question I would ask is, “What action will you take?”
BTW, I use palm-pay at Whole Foods. It is really cool.
Collecting biometric data is a terrible idea. It will do nothing to deter theft and the average consumer thinks it’s creepy. Just say no.
When I zip to the gate at the airport because of biometrics, I get a benefit. When T-Mobile upgrades my phone software and surreptitiously sets a default to sell more of my data, without any notification, they get a benefit, and I feel like a victim. I pretty much assume that my personal data will be stolen multiple times from multiple sources, it’s just a matter of time. In then end the costs of all this ends up with the banks who have to reimburse consumers for “theft”. And of course, that cost comes back to the consumers. Maybe those selling our data should give the banks a cut of their revenue and close this loop.
This controversy around biometrics iis important but it sidesteps a more basic issue, I think: Who owns my personal data?
As more private and public entities compile and store duplicate sets of consumer data, the liklihood of our identities being stolen and misused in a breach rises above 100 percent.
The specific nature of the identifying information (name, SSN, CC#, face) does not matter. It ALL gets stolen by professional bad actors. No database is safe. Based on the number of times I have been notified about my data being exposed in various breaches (6 or more) I’d say it’s too bloody late.
I’d propose a radical solution: A total all out ban on storing consumer data. Make it a felony. Period. Replace this practice with a system of secure individual personal data vaults (PDVs).
Use blockchain to send me a micropayment at every instance where I agree to selectively expose part of my personal profile with a commercial entity, such as to make a purchase. When the transaction is complete forget everything you know about it until I decide to interact again. Of course that would include a ban on storing my biometrics.
Are the people concerned about biometric data the same ones sharing incredible amounts of private information on social media? Like everything else, we say we want something (feel safe or protect the environment) until we realize the cost. Biometric data is worth it but consumers should know when it’s being used and the data should be protected with at least the same level of security that social media companies use to protect our data – that should get those confidence percentages back up!
I suspect that our collective fears of crime and our distrust and fear of the management and use of biometric data will result in us giving up some rights much like we did with airport security post 9/11.
“Are the people concerned about biometric data the same ones sharing incredible amounts of private information on social media?” 🙂 🙂 🙂
If implemented correctly, biometrics will both enhance security and speed-up the checkout process. However, customers have to be advised beforehand that the technology is being used. ‘Palm” and ‘fingerprint’ recognition are safer in maintaining privacy than facial recognition. Unfortunately, they require direct contact with a device not one’s own (think COVID days…). Like many technologies, it has limitations and will be most successful when deployed in the appropriate retail environments and with the permission of consumers.
This is creepy. A long time back, maybe 15 years ago, the Department of Homeland security offered to fast track me through airport checkin via retinal scan. Uhhh, no thanks/
To be honest, I always thought biometrics was a non-starter. The argument was always “We have no privacy and the younger generation doesn’t care.” I had ZERO data to support that. They care. And expect privacy.
It’s all a big NO.
A few months ago I entered the country at JFK. I walked through. There is no stopping, no lines, and no passport check. I imagine it was facial recognition. I welcomed it.
Store cameras, self-checkouts, banks, airports and iPhones all use biometric data, which will continue to grow in adoption. If retailers communicate what biometric data they collect, and how they use and protect it, they will mitigate risks associated with this technology.
Monitoring customers and employees will benefit retailers by improving loss prevention, store design and productivity. Yet these store vision applications may also be seen as intrusive to consumers’ desire for privacy and anonymity.
Anything that reduces friction will help – provided the consequences do not outweigh the benefit.
There is nothing without consequences.
To me the biggest places where there is value with biometrics is payments for customers but also security applications for store and other associates.
Arguably the most common use of biometrics is mobile phone where your face or fingerprint is compared – on the device – to what is stored on the device. A similar approach is used for immigration gates – however the comparison is stored on the passport or ID card – hence it becomes a comparison with what is on the ID form and the actual person.
The result of this approach is that biometric data is not networked and only stored in one place – thus protecting privacy of the individual. When Apple launched their fingerprint and face ID systems they made a large play on this – and how it protects privacy. Retailers need to adopt a similar approach for both customers and employees when using these solutions.
If adhering to strict privacy guidelines equals more theft, then Retailers like Target are in a tough spot. Door number 1 = more theft! Door number 2 = less theft but you end up in court! Neither one is a good option, obviously.
As for speedier checkout, I am not sure where the speed would come from–we already have the ability to hold our phones up for payment–just increase the throughput of that use case.
In order for these observations to be incorrect, you need to sell it to your customers and get their agreement. Without that, game over.
This is our future. Work out the kinks, which includes any legal/privacy issues, and let’s move on!
Bio data is here to stay and will continue to grow. Organization will just need to be more open in how they are collecting the data and how it will be use.
We recently did a survey that had some very interesting insights that aren’t biometric specific but reflect consumer sentiment regarding AI and customer data. Brands must pay attention to the fact that customers expect transparency at every point of the journey.
The report found that:
90% of shoppers believe retailers should be required to openly disclose how they use customer data in applying AI usage
87% believe customers should have the right to access and review the data retailers have collected about them.
80% of shoppers want retailers to seek explicit consent to use their data for AI.
53% believe that AI-powered facial recognition software will lead to increased instances of racial discrimination.
Please tell us more about the survey. Who participated, when was the survey done, sample size, screening criteria, and so on. There are so many surveys with contradictory viewpoints around AI that these kind of details are very important to assess the veracity of the studies.
Customers need to know the benefits for them (not the retailer) in providing biometric data, because for some there’s a big brother creep perception. Retailers need to explain the WHY and customers need to be reassured with 100% clarity their data is secure.
If the promise is saving time, is it 10 seconds, or even up to 1 minute at check out? Are there any financial upsides? Loyalty program perks? Do they get their own checkout lane?