The increasing use of biometric data, such as facial recognition and fingerprints, for authentication raises new privacy risks, especially in a world where virtual try-on is an increasingly widely used marketing tool.
Unlike passwords, biometric identifiers are permanent and can be stolen by hackers to impersonate victims and gain unauthorized access. Let’s explore the growing dangers of biometric data hacking, relevant biometric privacy laws and recommendations to protect against biometric data theft and misuse.
From convenience to concern: The virtual try-on experience
With warmer weather on the way and the sun shining brightly, I decided to buy a new pair of sunglasses. Rather than going to a physical store, I spent a lazy afternoon visiting the EyeBuyDirect online store. Since there wasn’t anyone around to give me a second opinion, I decided to use the their virtual try-on tool.
To my surprise, the virtual try-on worked spectacularly. No matter how I turned my head, I got a good idea of how the sunglasses fit. The tool did a great job of understanding where my pupils were so that the glasses sat well on my face and moved seamlessly with me.
The virtual try-on experience worked so well that I purchased a great pair of stylish sunglasses – and I still love them weeks later. So, what’s the issue?
Well, after the purchase, I hit a moment of regret about privacy. I was so excited by the virtual try-on experience that I skipped past the EyeBuyDirect privacy policy and clicked straight to the virtual try-on tool.
After the fact, I read the EyeBuyDirect privacy policy, and luckily, they don’t share or store any data from the virtual try-on experience. This got me thinking, though. What can hackers do with a consumer’s biometric data?
Dig deeper: How to build customer trust through data privacy and security
Safeguarding biometric data from hackers
Scarily, hackers can use biometric data to impersonate a victim and gain access to their accounts or confidential information. In 2015 (yes, hacking biometric data has been going on for a long time), hackers stole fingerprint records from 5.6 million Department of Defense and other U.S. government employees.
As you can imagine, biometric data breaches are even more dangerous than other types of data breaches because, while you can change a password, you can’t change your biometric data (facial, iris, fingerprint, voice, etc.).
How can consumers protect their biometric data?
- Limit exposure: Restrict the sharing of your biometric data to minimize the risk of exposure in potential breaches.
- Trust wisely: Thoroughly vet and be sure you trust the entities with whom you share your biometric data. Read and understand privacy policies before sharing.
- Exercise caution: If you are uneasy about sharing biometric data, don’t share it.
And what can businesses do to protect consumers’ biometric data from being stolen?
- Understand your organization’s data: Begin with a comprehensive understanding of the biometric data your organization collects, stores and accesses.
- Minimize the biometric data your organization collects: Evaluate and reduce unnecessary biometric data collection. Dispose of surplus data responsibly.
- Dispose of data securely: Implement robust measures for the safe disposal of biometric data.
- Be proactive: Establish clear protocols and a contingency plan to swiftly address biometric and data privacy breaches.
Also, understand the rules and regulations regarding biometric privacy laws. For example, The Illinois Biometric Information Privacy Act (BIPA) was created in 2008 and covers requirements for using and storing biometric identifiers, consumer rights and what can be done when organizations do not comply.
With BIPA, individuals are in control of their biometric data and private companies can only collect the data when they have:
- Informed consumers of what biometric data will be collected or stored.
- Informed consumers of the purpose and length of time the data will be collected, stored and used.
- Obtained written consent.
Recent high-profile cases, including the landmark Facebook settlement, highlight the growing legal ramifications of mishandling biometric information. As other states contemplate similar legislation, the landscape of biometric privacy laws continues to evolve.
Dig deeper: 3 ways brands can build trust with privacy-concerned consumers
The high stakes of biometric data protection
Regardless of all parties’ safeguards, the risk of biometric hacking is growing logarithmically. Scammers are becoming more persuasive. For example, there are reports of cybercriminals in Asia posing as bank call center representatives and requesting that bank customers use an app to scan their faces. The cybercriminals then used the biometric information to access bank accounts and withdraw funds.
Also, with the rise in AI, hackers are creating “synthetic” biometric data to trick biometric systems. For example, voice cloning through AI allows hackers to imitate a person’s voice with amazing accuracy to access financial accounts.
Cybersecurity looks to be a good industry to be in.
Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.