New industry guidelines make facial recognition-based payments safer

FACIAL recognition is making payments significantly more convenient. It’s what some of the leading fintech companies, especially e-wallet providers, are excited about.

Although users in some parts of the world are concerned about safety and privacy, the technology seems to be really generating interest in China.

In 2018, there were about 68 million customers using this technology for payments. Last year, that number almost doubled to reach 118 million. In the next two years, the number of total users is expected to skyrocket to 760 million — almost half the country’s population.

As a result, the Chinese government has decided to come up with new guidelines to safeguard customers, protect their data, and ensure that the technology’s proliferation doesn’t suffer as a result of haphazard implementations.

Chinese media house Caixin recently reported that the Payment & Clearing Association of China has released a set of guidelines to outline principles that payment process providers must follow when leveraging facial recognition.

Although the full text isn’t available to those outside the industry, it seems that there are three key points outlined in the document.

The first one aims to address the data security concerns that are common among users. It directs organizations involved in the payment process to ensure that users’ facial image information is encrypted and stored separately, instead of being clubbed with their bank account and national ID numbers.

Further, the guidelines put together by the Payment & Clearing Association of China suggest that merchants and payment receiving parties are not entitled to retain users’ facial image information.

A senior partner at a law firm that Caixin spoke to said that in order to adhere to the guidelines put forward, financial institutions must enter into formal agreements restricting merchants and payment recipients from collecting and storing users’ facial image information.

The second point is somewhat related and addresses privacy concerns raised by most users. The guidelines suggest that users should have the right to opt-out of the facial recognition-based payment feature if they so choose. If they decide to opt-in, it is recommended that terms of the service agreement must be made clear to the users — in an obvious way.

Also, in cases where the nature or value of the transaction is significant, it is recommended that multi-factor authentication be used to ensure reliability and reduce risks.

The last major issue that the guidelines try to address relates is the lack of (complete) trust in the technology. It suggests that those processing payments should establish a compensation mechanism, set aside funds, and putting together a plan for when the organization fails to effectively verify a user’s identity.

Since a vast majority of facial recognition-based payments are used to buy fast food and groceries rather than luxury goods, a simple compensation mechanism can go a long way to reassure users about the reliability of the technology.

Since the guidelines are fairly simple to follow, it seems to have been welcomed by those leading the space in China, including Tencent and Alibaba.

If the guidelines make a strong impact, governments, regulatory bodies, and industry participants in other parts of the world might decide to either import the guidelines wholesale or create something of their own, on similar lines.

---

---

---

---