The future of biometrics. has arrived! I wrote a post about facial recognition and its use by airport security. And another post about Alabama asking it’s citizens to submit their taxes via selfie. Well, now MasterCard wants you to verify your identity using your fingerprint. But not just your fingerprint. They are also wanting you to put your PIN number in as well. Which makes some sense, as a two step authentication process. But to me, it seems a bit much. Doesn’t it? In all of these scenarios, we are giving a part of ourselves to an organization. Whether it’s a corporation like MasterCard, or the IRS. We are giving out our personal data in ways that we never have before.
I don’t really like the idea of this. For many reasons, but let me start with the fingerprint recognition feature on my phone. If my finger is wet, or if I’m sweating, then my fingerprint doesn’t get recognized. Ok, you’re probably saying make sure your hands are dry. No problem. But because the button is so small, and apparently my finger is huge, it’s still doesn’t always get recognized. It’s one tiny part of my actual fingerprint. Not the entire thing. This is extremely frustrating for me and I’m just trying to get into my phone. Imagine what could happen if you’re trying to make a purchase and it doesn’t work?
I like the idea of the two step authentication process, but what happens if it doesn’t work? Is there an opportunity to have more than one fingerprint associated with the card or account? I cut my finger the other night, which has seriously effed up my fingerprint. So would that limit me from being able to go shopping? As always, I have so many questions about how this would actually work. Hopefully MasterCard is working on these issues and trying to come up with a way that doesn’t prevent it’s own customers from using the card.
But an even bigger issue I have with all of this, is where is the data being stored? Going back to the selfie example. Presumably your data is being stored somewhere. But who has access to that? Could law enforcement agencies use that data to locate you? Maybe not in the selfie situation, but who is going to keep your fingerprint records? In most cases, law enforcement can’t necessarily find you if your fingerprints aren’t in their “system”. But could a court grant law enforcement agencies access to the bank’s database, just to be able to locate someone? And where does it end?
I am not trying to make this a thing. But I think that we have to be careful about the data we are sharing and with whom. Banks, for the most part, know everything about you. And in my case, probably some things I don’t even know about myself. But they have never asked me for my fingerprints. And I’m not sure that I would give it to them. Unless I understood what they wanted it for, and where the information was being kept. But even then, I would want to understand a lot more than just that.
Further, is it really worth it? My assumption around the use of the fingerprint in addition to the PIN is to help prevent theft, fraud and even identity theft. But what happens if there is a data breach where this information is being stored? Let’s say that this information is hacked. Would the hackers be able to access your fingerprints AND all your other banking information? And wouldn’t that make it easier to steal someone’s identity than the old fashioned way? Maybe I’m over thinking this, but as always, I think consumers need to be more aware of what this might mean. In any case. I’m not sure I like this development with MasterCard, but only time will tell if it actually becomes part of our daily lives.