Biometric Data Security: The Risks and Rewards

biometric data security

The benefits – and perils – of commercializing biometric technology.

Biometric technology used to be exclusive to government administration – passports that store fingerprints and faces, or criminal databases that collect the DNA information of people who have been arrested.

In recent decades, the use of biometric tech in the business field has been growing. According to a report by IMARC Group, a market research company, global biometric technologies market revenue reached a value of US$23.5 billion in 2020. The market is expected to grow rapidly in the years to come, reaching a size of $55.42 billion by 2027, according to Statista.

‘Biometric data’ is a descriptor for a person’s physical characteristics, including fingerprints, face geometry, voiceprints, and even iris patterns. Since one’s physiological characteristics can hardly be changed, biometrics serve as long-lasting, accurate identifiers.

This data is now commonly used for identity verification and entry security, for its permanency and uniqueness have made it an apt choice for identity authentication. Numerous companies – including most phone brands – have introduced biometrics like fingerprint and face unlock to replace traditional account-password login.

Electronic payments is another facet where the use of biometric tech is blooming. Banks, such as HSBC, allow customers to access e-banking services via mobile devices, using facial recognition or fingerprints. Mastercard is planning to adopt facial recognition into its secure payments system and has even launched wearable payments, while in many cities in China, facial recognition payments have become the norm.

In the foreseeable future, where digitization is inevitable, biometrics will play a key role in the commercial sphere. The mobility industry is seeking ways to integrate the technology into new generations of electric vehicles. The security industry is also making use of biometrics, with fingerprint verification more extensively adopted in residential households and commercial buildings to avoid the need to memorize passcodes.

Security-wise, biometric tech appears to give people more confidence. A 2019 report conducted by Experian, a multinational consumer credit reporting company, pointed out that security was the most important element of a consumer’s online experience in Asia-Pacific, and 80% of surveyed Chinese consumers regard biometrics to be within the top ten features that enhance their online banking experience.

A false sense of security?

Secure as it seems, the risk of data leaks is often overlooked. The ramifications of stolen biometric data could be drastic, as there is no way to reset your biological traits like resetting a lost password. Due to the high level of security it ostensibly offers, biometric verification is often used for more sensitive and valuable assets – like your bank accounts – which are likely to become hackers’ primary targets.

All these concerns lead to the questions – how and where is our biometrics data being stored? And is it safe enough?

There are various ways of storing biometric data, the safest being storing it on external devices like chips on a smart card or end-user devices like mobile phones. If you are an Apple user, your bio-data for Touch ID and Face ID is stored in an encrypted enclave on your individual devices, which the company doesn’t have access to.

Alternatively, the more cost-effective way to store this data is using a biometric server. Data is put on an external server that allows for verification in multiple locations. However, this is more susceptible to cyber-attacks, which can happen anytime during data transmission via the network.

The 2019 breach of Suprema, a company that provides control access and biometric solutions, served to highlight the vulnerabilities in such a system. It was found that the company’s database, which contains more than 28 million users’ biometric data, can be accessed publicly; some of the highly sensitive data were even left unencrypted and could be altered or removed. Though the full impact of the leak has yet to be seen, it is an alarming sign of how fragile the security systems protecting our biometric data can be.

Apart from the risk of cyberattacks and data leaks, on a technical level, biometric technology might also have a way to go when overcoming its algorithmic bias. Most commonly used tech such as facial and voice recognition are found to be more likely to misidentify users because of their race or gender, and only maintain accuracy levels with Caucasian users.

The risk of misuse: biometric as a privacy tracker

Apart from the risk of cyberattacks and data leaks, there is also mounting concern over the aggregation of bio-data with other PII (Personal Identifiable Information) or non-PII. PII is more sensitive information that can be used for tracing and identifying a person, such as names, addresses, and national ID numbers. Non-PII includes data such as website cookies and aggregated statistics on the use of products.

Paul Wiles, a U.K.-based biometrics commissioner who oversees the public use of such information, said in an interview with Financial Times, “what many big tech companies, and increasingly governments, want to do with data are to link different databases.” Our biometrics play a key role in this massive linking plan because they are unique identifiers that can track a person across multiple databases.

After all, a single data point is worthless, and the more connectable data points, the more valuable a set of data is to a business using it to – for example – sell ads. But if more data is gathered and linked, digital footprints become more difficult to erase, and it makes it even harder for people to remain anonymous. Most problematically, consumers are rarely consulted before their data is aggregated.

This begs the question of whether more vigorous collection of bio-data is a good idea when it is likely to be a catalyst for data linking, exposing consumers not only to greater cyber-risks, but to businesses who want to leverage personal data for commercial gain.

The future: enhancing cyber resilience and data protection

Despite all the probable risks, it is impossible to let go of this technology now that the world wants to march toward building smart cities that provide people with convenience and quality services.

Perhaps like most of the exciting inventions introduced in the 21st century, the key to truly maximizing the potential of biometric data is minimizing the risk of its misuse, without setting undue restrictions that might stifle its potential benefits. Achieving this goal requires a collective effort between both the government and private companies which collect and handle users’ data.

Governments are also working to introduce regulations into the biometric data space. The EU, for instance, has been on the frontier of privacy protection with its General Data Protection Regulation, which makes it clear that the collection of biometric data requires explicit consent, and people are entitled to the right to be forgotten – the right to withdraw and delete any data collected on them.

Several states in the United States, such as Illinois and California, already have biometric data protection laws that place limits on the capture and use of biometric information. Other states like New York and Virginia are also putting biometric data regulations onto their legislative agendas.

On the other side of the world, in Asia, where citizens’ privacy rights may be less of a priority due to these countries’ political landscapes, there is also a waking awareness to these issues among the public, and demand for better regulation of the commercial collection of biometric data.

In November last year, a Chinese court ruled that a wildlife park’s use of facial recognition for its entry system was not legitimate. The case was brought by a law professor and was the first case in China, a country that is known for its widespread application of surveillance technology, to regulate the unauthorized and excessive collection of personal data. In December 2020, China also drafted new guidelines on the collection of personal data through mobile apps.

The court judgment was a move to allay the mounting public discontent regarding surveillance in commercial areas, and signifies the state’s attempt to bring business use of biometric data under regulatory control.

Before sound regulations come into place, companies themselves need to commit to providing better privacy protection. There should be proactive moves toward making sure that consumer consent is adequately obtained before collecting their biometrics, and that the data is ultimately stored using secure infrastructure.

While both the commercial world and consumers are thriving on the benefits offered by new technology, the security and privacy concerns that follow should not be taken lightly. Businesses and governments should be sensitive to the inherent conflicts between the utilization of bio-data and data privacy, and work out a sustainable way of incorporating this technology into business operations.


Share on facebook
Share on twitter
Share on linkedin
Share on email


Are There More Layoffs Coming in 2024?

Even as we kick off the new year, the horrors of the year past are not behind us. In 2023, major tech companies undertook big layoffs—in January last year, Google reduced its headcount by 6% (it also recently hinted at a fresh round of layoffs this year); in December 2023, Spotify laid off 17% of its staff and more companies gave out pink slips. This trend has been ongoing for a couple of years since the pandemic shook global markets.

GuideGeek Expands to Facebook Messenger to Offer Personalized Travel Tips

GuideGeek, Matador Network’s AI travel assistant powered by OpenAI, is now accessible to Facebook Messenger users, expanding its reach beyond WhatsApp and Instagram. This move aims to place GuideGeek in the hands of more travelers globally, offering instant, personalized travel tips at no cost.

Elon Musk’s Neuralink Debuts Brain Chip Implant: A Bold Future with Ethical Questions

Elon Musk’s Neuralink is back in the spotlight with a major update: they’ve put a brain chip, called the Link, into a human for the first time. This small device has set its sights on monumental goals, such as helping people who’ve lost their limb functionality. Musk’s big dream doesn’t stop there—he wants the chip to boost our brains, improve our memory and eventually blend the human mind with artificial intelligence (AI).

Mercedes-Benz Launches the New Luxurious CLE Cabriolet

Mercedes-Benz has launched the CLE Cabriolet, building on its heritage of creating four-seater convertible vehicles. This new addition is characterized by its expressive design, advanced technology, and high-quality features, ensuring an enhanced driving experience. The model, which evolves from the CLE Coupé, stands out with its traditional fabric acoustic soft top and distinct high-quality details, making it uniquely positioned in the market. Designed to offer dynamic performance alongside exceptional daily comfort, the CLE Cabriolet supports year-round open-air enjoyment.

4 Companies Reusing Coffee Husk for Eco-Friendly Innovations

A daily cup of coffee is more than just a morning ritual—it’s a powerhouse of energy and health benefits. Beyond keeping you alert, coffee supports brain health, maintains liver function and may even lower the risk of depression. However, the journey of coffee from plantation to mug involves an energy-intensive process that produces significant waste, particularly coffee husks.