Is A Biometric Backlash Brewing?

The biometrics backlash has already begun.

Local officials have started to at least consider bans on official use of facial recognition. States are moving to tighten their biometric privacy laws, following the lead of Illinois, which has what are considered to be the strictest protections in the U.S. And more consumers are thinking deeply about a world in which biometrics control ever more daily aspects of life — and many of those consumers are growing increasingly uncomfortable with such visions.

We at PYMNTS come here not to bury biometrics, but to explore another way of bringing identification and age verification to the masses — a method that, in the view of Alain Meier, CEO of Cognito, could help eCommerce operators stay ahead of regulators and otherwise offer relatively friction-free authentication to consumers around the world.

The method?

Using consumer phone numbers to ensure that the person on the other end of the connection is authentic and legitimate.

Identity and age verification — in real time — are among the hottest topics in global eCommerce.

That’s not only because of the motivation to fight and prevent fraud, though that is certainly a big part of it. As criminals gain skills — and benefit from more sophisticated organizational structures — the fight against hacking, ID theft and data breaches must keep moving into higher gear.

But there is also the increasing digital and mobile sale of age-restricted products and services — alcohol, eCigarettes and gambling now, perhaps cannabis somewhere down the road — and the need to ensure that underaged consumers don’t game the system and perhaps catch the attention of parents, law enforcement authorities and regulators.

“A lot of people committing fraud in those spaces are younger kids trying to circumvent age verification procedures,” Meier said in a recent PYMNTS interview. “They are stealing parents’ drivers’ licenses” in order to get around the protective digital fences put up by many (but not all) eCommerce operators. Sure, that’s a relatively ‘friendly’ type of fraud, but it’s one that could present a media-ready issue for politicians to get behind — efforts that can often result in tighter regulatory pressure.”

But in Meier’s view, the common, mundane phone number can help prevent such scenarios — and otherwise offer secure online transactions that have relatively low friction.

Think about it the way he does.

More than 95 percent of people in the U.S., and a large and growing segment of consumers around the world, possess phones. It’s a simple, familiar credential that people have relatively little problem sharing in public — at least compared to other personal data — and which ties that person to a host of verifying documentation, including addresses, dates of birth and Social Security numbers.

Not only that, but those phone numbers — used often in daily life, and a major part of a person’s lifelong document trail — open the door to a treasure trove of information available to probabilistically link to other forms of personal data. In turn, that data can be used to verify the person trying to open a bank or credit card account — or even join a social network restricted to members of a certain neighborhood.

Meier told PYMNTS that the phone number verification match rate typically stands between 80 percent and 90 percent. To get to 100 percent, he said, you can “ask for more information,” but the trick is to not ask for so much as to introduce friction where it is not needed — a larger transaction, or onboarding that carries relatively higher stakes, could be more likely to justify more friction than other tasks.

That said, friction is something “we try to avoid as much as possible,” Meier noted. The goal is not to impede eCommerce checkout flows, but to offer real-time ID and age verification in a way that enables online commerce and payments players to check the authenticity of their customers in a “proactive” manner — one that also carries the benefit of staying ahead of regulators’ concerns.

But even as the use of phone numbers presents one way to check IDs and ages online — and perhaps do so in way that pleases parents and authorities — so, too, do biometrics. Such digital authentication methods are moving from the realm of digital government ID, travel gates and border crossings, and into the world of daily consumer life — including via car rentals at airports. You can bet on more innovation and deployments as participants in the digital economy rush to provide more security with less friction for all kinds of transactions — and as more consumers get comfortable with more of the biometric methods.

But Meier, echoing observations and anxieties expressed by many others, also discussed with PYMNTS what he sees as the massive downside of biometrics — concerns that go beyond the obvious self-interest in promoting another way to verify IDs and ages for online commerce and payments. “I am not a believer in biometrics for long-term verification,” he said, mainly because “biometrics are not revocable.” As well, he continued, “over the next decade, we will see some absolutely ridiculously creepy stuff, with cameras mapping your face as you walk down a street.”

While biometrics “work great” for unlocking one’s phone and similar tasks, Meier believes biometrics are less suited for situations involving remote transactions.

Whether that is true or not is years away from being settled. But for now, it’s enough to say that the race to provide the best ID authentication and verification services will depend not only on specific technology and use cases, but also on consumer sentiment and comfort.