Facial recognition is one of the iPhone X’s key features. Apple will release the new smartphone next week and forever change the mobile payments landscape, as consumers will be able to pay for things using Face ID instead of Touch ID. Apple is not the first vendor to release a phone with facial recognition, but Face ID is by far the most sophisticated of all the solutions that the market has seen – Samsung doesn't allow its Galaxy S8 facial recognition feature to authorize payments for a reason.

Apple’s stamp of approval

“Anytime Apple does anything in the tech world it has ripple effects,” said EyeVerify CEO Toby Rush at Money 20/20 in Las Vegas.

“Face recognition, when done well, is enough for payments and for Security,” the executive added. Apple’s move is “a huge stamp of approval for face recognition and we’ll see massive adoption,” he believes.

Rush was part of a panel debating biometrics and its impact on mobile payments. This year’s edition of Money 20/20 was very focused on exploding technologies such as artificial intelligence, virtual reality, and biometrics, among others. The fact that Apple is bringing an iPhone without fingerprint recognition is not ideal, experts say, but it will put the spotlight on facial recognition. And that’s where the future is going: we will use our faces, eyes, and fingers to pay for things.

Bio everything

Rob Douglas, CEO at biometrics firm BioConnect, puts it in a fairly simple way: when we’re using stuff we know (i.e. a password) or something we hold (such an RSA token), anyone can steal that information or device and pose as the rightful owner. This is especially risky with online payments and wire transfers – once they’re done, the money is gone.

“That’s where Biometric identity is a good component,” said Douglas at Money 20/20. “Get rid of the secrets and use who you are.”

The CEO stressed that there is no “final biometric” or just one bio answer. “We’ll have to be used to all methods of authentication.” That’s exactly the point that David Pollington from GSMA made: there’s going to be a different biometric suitable for each use case.

“The moment you lock yourself in one biometric authentication it causes issues,” warned Douglas. “I’ll use the one I need to according to the environment I’m operating in.”

What about privacy?

There has been a lot of discussion around privacy and security issues associated with biometric authentication. Who accesses the data and where is it stored? For these experts, those questions are rooted in a misunderstanding of how all of this works. “People think that to keep privacy and security you have to bring everything local. That is not a true statement,” Douglas said, referring to the cloud or device storage of biometric data. “Take it and convert it to zeros and ones, encrypt it and go store it somewhere, and don’t connect it to any of my information,” he said.

In that case, “It’s useless to anyone.” Companies will match template to template without breaking the encryption.

"We do need to treat it very seriously," attested Conor White, president for the Americas at Daon. "But I’m far more concerned about my password being compromised."