Biometrics Are Reliable, but May Not Be Worth the Risk

Your thumbprint or face are easy to steal, but impossible to replace

  • Mastercard's new Biometric Checkout Program lets you pay by smiling at a scanner.
  • Biometric authentication is reliable, but the risks are high. 
  • It's possible to have both convenience and security.
Two people smiling at a ticket kiosk in a train station, one holding a smartphone.

LeoPatrizi / Getty Images

Mastercard wants to let you pay in stores just by smiling at a scanner, which is fun right up until you realize the privacy implications. 

Biometrics is a convenient way to authenticate ourselves. Barring some severe bad luck, you always have your eyes, your face, your fingers—now your smile—with you, and ready to deploy. Payment companies like biometrics because biometrics are individual enough to be functionally unique, and hard to forge. We like them because it’s way easier to pay with a finger than digging out a card. But biometrics have such disastrous downsides that we shouldn’t be using them like this at all. 

"One more problem with biometrics: they don’t fail well. Passwords can be changed, but if someone copies your thumbprint, you’re out of luck: you can’t update your thumb. Passwords can be backed up, but if you alter your thumbprint in an accident, you’re stuck,” writes security legend Bruce Schneier on his personal blog. 

Easy to Steal, Impossible to Replace

Mastercards Biometric Checkout Program is testing in five supermarkets in São Paulo, Brazil. Users can enroll their face using the Payface service and then pay in stores by smiling at the authentication device. 

You may also remember Amazon’s experimental palm payment system. Amazon One lets you pay in stores by scanning your palm, whereupon payment is extracted via your usual Amazon payment method. So far, we can pay by smiling or waving. I can’t be long before the fist bump, and the weak-corporate-high-five, are added to that list. 

Biometric indicators are hard to forge, and even if you can copy a fingerprint or a smile, you probably won’t get away with trying to use a rubber thumb at the supermarket checkout. But fingerprints are easy to steal, as are photos of your face, your hands, and so on. 

And the worst part of this is that once your fingerprint is compromised, that’s it. As Schneier points out, you cannot replace your thumb, eye, or face. 

Doing It Properly

Fortunately, there’s a way to use biometric authentication without risking your fingerprints, iris, smile, and so on. In fact, you might be doing it already with Apple Pay, or a similar smartphone payment method. 

Apple Pay, and similar methods, keep the biometric verification private. Authentication is between you and your phone. You scan your face or fingerprint, and when the phone agrees that you are you, it passes the good news on to the payment machine. 

What’s more, your face or fingerprint is never stored anywhere. When you enroll your face in Face ID, for example, the phone uses those scans to generate an encrypted proxy, or hash, for your face, which is then stored. Later, when you unlock your iPhone, the scan is "hashed” again, and the result compared with the stored hash to see if they match.

Someone having a biometric scan of their eye,

Brands&People / Unsplash

Thus, even if the stored data could be stolen, it cannot be used to reverse-engineer your face or fingerprint. 

"The key to protecting personal identities and digital assets is a minimum of three factors of authentication: something you know, something you are, and something you have,” Adam Lowe, creator of Arculus told Lifewire via email. “A single password or a biometric is not the wall of protection needed to survive. Turning on multi-factor authentication provides multiple walls of protection and reduces the chances of hacks. Biometrics must be added as an additional layer of protection and not just a proxy for passing a password.”

The solution is to use something like Apple Pay as a proxy for your biometric data. That way, you never have to trust a company to safely store your irreplaceable fingerprints, iris scans, or smiley face. After all, it’s not like they’ll take better care of those than they do of our passwords right now, which regularly leak in the millions. 

It does mean that you have to authenticate yourself to your phone before you can pay, which is clearly less convenient than smiling (unless you’re having a particularly bad day). But even that is covered. Apple Watch users can pay with the wave of a wrist while enjoying the biometric security of their iPhone. It seems like the perfect solution.

Correction 05/27/2022: Updated source attribution in paragraph 12 at the source's request.

Was this page helpful?