You don’t have to wear a tinfoil hat, be a civil liberties activist, a pro-business lobbyist, or even an entrenched deep-state spook to recognize that security, convenience and privacy are in a perpetual state of conflict. Often, the solution to a real (or imagined) security threat is, somewhat counterintuitively, less privacy — or, more accurately, we are asked to trust various entities (the federal government, Google, AT&T, etc.) with more and more private data. Increasingly, this is not simply our Social Security numbers and mother’s maiden names, but it’s the unique biological bits and pieces that make us us.
We unlock our phones and other devices with our fingerprints, even though this may be our phone’s biggest vulnerability, according to The Verge. ERGO wants to use your ear, and Apple is doing what Microsoft has done with some of their Windows-based handsets and using your face to unlock your phone. If that isn’t enough, we track and store our health and location with any number of wearable devices and even “smart” mattress covers.
At virtually every major airport we are asked to step into a machine that could easily be mistaken for a cloning device and stand with our arms and legs outstretched, allowing a TSA agent to snap impossibly creepy, if not compromising, pictures of us.
In June, the South Wales Police will be scanning the faces of an estimated 170,000 Champions League Football fans in and around Principality Stadium. According to Vice, the images will then be compared, in real time, to a database of 500,000 images, alerting the police to any potential “person of interest.”
Over 2 million people, myself included, have given the privately held genomics company, 23andMe, access to their DNA.
So, it should come as no surprise that biometrics will soon be a common security feature on your credit and debit cards. Mastercard recently unveiled the “next generation biometric card,” which combines current chip technology with your fingerprint.
The gist of this card is to seamlessly integrate existing technology that merchants may have in place today with the advancements in the biometrics world, allowing for more security and a better shopping experience for customers. Once you register your information (including your fingerprint), you will be part of the system, which ultimately will cut down on fraud and other unwanted users (or usages) of your payment card.
In addition to incorporating your fingerprint, Mastercard has also partnered with biometrics company Nymi to test the viability of using your heartbeat as a form of authentication — a solution that makes me feel uncomfortable on a visceral level, though I don’t think I can explain why.
To be clear, this technology is a big step forward in protecting consumers and retailers at the point of sale, and my intention is not to stoke unwarranted, ludditical fears of burgeoning technologies. I love technological advancements, risk and all. I’m a frequent early adopter, every room of my house is connected to various smart devices, my security cameras know when I leave the house, and Alexa has enabled me to be lazier than usual. I understand and accept that there is a real risk to linking my home to the “Internet of Things,” but as far as I can tell, very few new technologies pose such a uniquely personal risk.
As Samford University Associate Professor of Law Woodrow Hartzog told Wired:
“Biometrics are tricky. They can be great because they are really secure. It’s hard to fake someone’s ear, eye, gait, or other things that make an individual uniquely identifiable. But if a biometric is compromised, you’re done. You can’t get another ear.”
And while the exploit highlighted by The Verge that allows someone to “hack” your fingerprint is fairly primitive, there is no reason to think more sophisticated tricks won’t be developed. Add to that the near-weekly news of data breaches and leaks, and what confidence can you, as a consumer, have that your biometric data is any more secure than the petabytes of data leaked and/or stolen over the last few years?
The ability to securely process transactions and protect consumers from fraud and theft should hold the highest priority for every company tasked with handling sensitive data, but we need to make sure we are properly accounting for the risks, and — based on the reporting coming from media outlets like The Verge, Wired and Vice — the risks associated with incorporating biometric data appear to be quite high.
The average consumer can recover from a compromised password or PIN. You come up with a new password. You set up a new PIN. But how consumers recover from compromised biometric data is unclear, which means the folks clamoring to incorporate this new technology need to clearly understand the risks, develop consumer-friendly best practices, and establish a protocol that properly addresses the breaches that will occur before the bad guys find a way to turn your biometric data into a valuable black market commodity.
Forbes Finance Council is an invitation-only organization for executives in successful accounting, financial planning and wealth management firms. Do I qualify?
This article was written by Forbes Finance Council from Forbes and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to email@example.com.