The roll-out of biometric-authenticated payments is merely the latest example of the accelerating encroachment of biometrics into everyday life. But a global push back is gathering.
Card payment giant Mastercard appears to be determined to wean consumers off not only cash, its eternal rival, but also credit and debit cards, its main line of business until now. To that end, it is about to launch a pilot “biometric checkout program” in the UK. The so-called “Smile to Pay” system will allow shoppers to purchase goods and services in store by smiling into a camera or waving their hand over a reader and is optional for the moment.
The UK is already the fourth most cashless economy in Europe, according to research by personal finance website money.co.uk. In 2017, debit card payments overtook cash for the first time. COVID-19 has turbocharged this trend. In the early months of the pandemic cash use was heavily demonized around the world for increasing the risk of Covid-19 infection. In early March 2020, a WHO spokesperson said: “We know that money changes hands frequently and can pick up all sorts of bacteria and viruses … when possible it’s a good idea to use contactless payments.”
Media outlets and long-standing enemies of cash such as credit card companies like Mastercard and fintech start-ups seized on the WHO’s comments and magnified them, sparking fears over the safety of cash. Businesses in the UK, both large and small, refused to accept cash. Many still do, even as COVID-19 restrictions have been lifted. At the same time, the UK government and regulators have steadily increased the contactless limit, first from £30 to £45, and then to £100 in March 2021.
This has all helped to increase the use of digital payment methods. But are consumers in the UK (and beyond) ready to ditch the contactless cards to which they have grown so accustomed and begin transacting with parts of their body?
It’s All About Convenience
Payments using gestures have struggled to gain widespread traction among consumers in the UK, the Financial Times reports. But that hasn’t stopped Mastercard from pushing them even harder.
Consumers have to first enrol in the program, by using their phone to scan their face, before being able to take advantage of its supposed benefits. According to Mastercard, they will include shorter queues, improved hygiene and greater protection from fraud. Convenience, as ever, is the watchword.
“The new technology ensures a fast and secure checkout experience, while also empowering consumers to choose how they want to pay,” the company said:
“No more fumbling for your phone or hunting for your wallet when you have your hands full – the next generation of in-person payments will only need a quick smile or wave of your hand. The trusted technology that uses your face or fingerprint to unlock your phone can now be used to help consumers speed through the checkout. With Mastercard’s new Biometric Checkout Programme, all you will need is yourself.”
In other words, consumers will not have to use safer two-factor authentication — biometrics plus a PIN or password — if they don’t want to. And they are essentially being encouraged by Mastercard not to. Another problem is what happens when the technology suddenly stops working, as tends to happen on an an almost monthly basis with the facial recognition automated verification technology being used at UK airports’ EU passport gates, often resulting in major disruption.
Biometric systems are also prone to biases. Facial recognition software have proven to be notoriously inaccurate on women and those with darker skin. Another issue is the security of the biometric data once it is in Mastercard’s hands. As I note in my book Scanned, if biometric data is hacked there is no way of undoing the damage:
You cannot change or cancel your iris or DNA, like you change your password or cancel your credit card.
“The idea of a data breach is not a question of if, it’s a question of when,” says Professor Sandra Wachter, a data ethics expert at the Oxford Internet Institute. “Welcome to the Internet: everything is hackable.”
Mastercard is also staking a claim to a wider role in the emerging biometrics payments ecosystem. Ajay Bhalla, Mastercard’s president of cyber and intelligence, told the FT that Mastercard could act as the “enabler of the ecosystem”, setting unified privacy and security standards for a technology that has raised serious concerns among privacy activists and data protection campaigners.
The idea of Mastercard setting standards in the emerging field of biometric payments is hardly comforting given Buzzfeed’s recent exposé that both it and Visa have been maintaining “a strikingly permissive relationship” with companies accused of credit card fraud:
A yearlong BuzzFeed News investigation reveals that both Mastercard and Visa, which together process three-quarters of all US credit card payments, move money for businesses with extensive records of fraud — making it possible for them to keep swindling customers, sometimes for years. The credit card giants collect a percentage of every sale, legitimate or not.
Mastercard also currently faces the biggest class action lawsuit in British history. The company is accused of charging excessive “interchange” fees — the fees retailers pay credit card companies when consumers use a card to purchase a product — between May 1992 and June 2008 and that consumers ended up bearing those costs as retailers raised prices. If found guilty Mastercard could end up paying out as much as £14 billion, which would be the equivalent of £300 each for all 46 million claimants.
Brazil, Middle East and Asia First, UK Next
Before testing its “smile to pay system” in the UK, Mastercard is trialing it in Brazil this week. Five St Marche supermarkets in Sao Paulo will allow customers to pay by smiling or waving. More pilots are being arranged in the Middle East and Asia.
It is common practice for Western companies, NGOs and supranational institutions to pilot biometric ID and payments schemes in the poorer, less developed parts of the world before unleashing them on more mature markets. Thanks to the surge of mobile communications as well as the huge numbers of unbanked citizens, Africa has become an ideal testing ground for cashless living and biometric identity programs.
The Better Than Cash Alliance, (BTCA), a UN-hosted partnership of governments (all of them in the so-called “Global South”), companies and international organizations funded by the Bill & Melinda Gates Foundation, Citi, Ford Foundation, MasterCard, Omidyar Network, the U.S. Agency for International Development and Visa Inc, has been promoting cashless initiatives in Africa since its foundation in 2012. Its mission, in its own words, is “to accelerate the transition from cash to digital payments globally.”
Technologies “Trickling Up”
While BTCA has poured funds into promoting cashless initiatives in Africa, Asia and Latin America, the Identification for Development (ID4D) initiative, founded with seed money from the World Bank, the Bill and Melinda Gates Foundation (again!), the French, British and Norweigan governments and Omidyar Network (again!), has lent billions to governments in Africa and beyond to help them set up biometric digital identity programs.
Continue reading on Naked Capitalism
Nick Corbishley 