We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:


Risk in Context

Thinking Biometrics: Smile to Pay, Check-In-Out & to Access the Production Line

Posted by David Tate 28 May 2019

Digital innovation continues to transform the retail, food and leisure industries. Businesses remain committed to roll out new digital technologies to improve the customer experience and enhance operational efficiency, with facial recognition applications in retail, hotel and food manufacture growing.

With each of us owning unique fingerprints and facial profiles this makes them suitable for making secure transactions. Biometric payments are now routinely being adopted by financial providers, and customers are already used to improved security and swifter transactions. It is not surprising; therefore that biometrics is seen as a way of providing a seamless customer experience with organisations increasingly adopting the new technology. This, however, will undoubtedly have an impact on the risk profile of adopters.

New Ways of Working?

For international chains, the use of biometrics is already here: a fast-food chain in China is currently allowing customers to pay for their orders by scanning their faces. Trials are also underway at two hotels which allow customers to scan their IDs and take a photo to release a room key. Also, some retailers have begun experimenting with facial recognition technology to identify suspected thieves.

In moving into these new areas, organisations need to consider a greater level of digital and physical security. While biometric data is one of the most reliable tools for certification, it also poses a significant risk. If credit card details are stolen, several options are available to freeze the card, and change the card details that were stolen — but what is the situation when it is your fingerprint or biometric facial imprint that is stolen?

As increasing amounts of biometric information are captured and stored, companies will need to continually adapt procedures on how this type of biometric data is used. Recognising someone’s face falls under a special category of personal data under General Data Protection Regulation (GDPR), which means higher standards apply. Also spoofing – or the practice of tricking a biometric security system – will lead to additional vulnerabilities.

What Does This Mean For Your Business?

When adopting new technology, it is crucial to:

  1. Identify and quantify the effect to business if systems were hacked or taken offline for a significant period of time.
  2. Implement new risk financing solutions where the scale of these new and emerging risks exceed accepted risk tolerance levels.

Events that impact corporate reputation pose a serious threat to stakeholder value and reputation so it is critical to assess your crisis management preparedness, develop robust response frameworks, and test your capabilities should a crisis occur. By understanding and mitigating potential damage, organisations can reduce costs and create opportunities to enhance their reputations. Organisations should have:

  1. A complete understanding of the structure, roles, and responsibilities of your response.
  2. Confidence that the crisis management team and procedures are tested, and therefore robust and fit for purpose.
  3. Senior management that is prepared to make decisions and act responsibly.

Assessing and preparing for today’s new technology-driven risks is a major opportunity and an essential activity to build resiliency.

David Tate