Apple may add facial recognition to new iPhones, a move the government likes as a security measure, but one that may face pushback from users.
Apple is testing 3-D facial scanning, eyeing the technology for logins and payment approvals as an addition to the iPhone 8, Bloomberg reported, citing anonymous sources. Apple has never responded to requests for confirmation about speculation that surfaces in the media, especially on technology sites or those devoted specifically to following Apple rumors or patents.
The Federal Trade Commission has long touted facial recognition as a key safety tool in mobile commerce, social networks and any other financial or health process in which personal data needs protection, while phone manufacturers and card brands have their eyes set firmly on device authentication and, in turn, payment security. But the road to facial recognition moves down a slippery slope in some instances, not the least of which is consumer knowledge and adoption.
"There are some pros and cons," said Julie Conroy, research director and fraud expert with Boston-based Aite Group. "Certainly, the 3-D facial recognition is much more robust and harder to spoof than the first generation of facial recognition, and TouchID was really a sort of cheap fingerprint sensor that could belong to nine people associated with the phone."
If a move to facial recognition takes hold, Apple would likely drop its TouchID fingerprint scanning technology currently used to log onto iPhones or authorize Apple Pay payments.
However, not all consumers are comfortable with taking selfie photos, and some don't even understand it, Conroy added.
A recent Aite consumer survey regarding authentication preferences revealed, not surprisingly, that millennials are the most comfortable with facial recognition technology.
"But every successive generation is less comfortable," Conroy said. "And seniors are not comfortable at all." In the survey, 36% of seniors were not at all interested in facial recognition technology, and another 29% said they were only "somewhat interested."
Such feedback leads Conroy to believe that Apple and its iPhone users would be far better served if the company initially offers a consumer choice. "Fingerprints are very easy, but selfies have much more friction," she added. "They should go with a risk-based approach, like banks, and use TouchID for login, and then offer 3D facial for transactions or other activities that need more security."
Future legal tussles in the U.S. also aren't out of the question either, as each state has rules it makes technology companies follow in terms of how consumers opt in to use of their biometric data. Illinois, for one, has already leveled lawsuits against Google, Facebook, Snapchat and Shutterfly to back consumers who claim their biometric data was handled illegally.
But major card brands have increased their interest in biometrics, with Mastercard being the most aggressive after testing touch, voice and facial recognition technology in early 2015, and unleashing Selfie Pay not long afterward as a facial authentication method for payments.
Selfie Pay quickly expanded into 14 different countries, adding Australia in late 2016.
Facial recognition has also been considered for ATM withdrawal authentication, even getting government support in China as a way to protect UnionPay cardholders using ATMs in Macau, the only region in the country to permit gambling in casinos.
But not every facet of deploying advanced biometrics falls on the positive side of the security ledger – even when the biometrics itself had nothing to do with negative results.
Even though its Samsung Galaxy Note 7 literally fizzled out because of its battery explosion problems, the company did establish Note 7 as a product that included iris scanning as its biometric authentication tool. It was eventually going to establish the eye scanning as a payment authenticator.
Still, Apple's potential plunge into facial recognition should go a long way toward boosting the efforts of the Faster Identity Online Alliance, or FIDO, which for the past five years has been on a mission to eliminate traditional passwords for online and mobile device authentication. It could help smooth the transition for FIDO to emphasize facial recognition much more than fingerprint scanning.
Three years ago, Nok Nok Labs, a founder of FIDO, added Apple's Touch ID to its protocols, essentially saying that consumers could use any custom iPhone applications to leverage the fingerprint scanner for authentication.
In making TouchID a FIDO Ready product, the organization felt it had made a strong move toward its mission of eliminating traditional passwords as an authentication tool.
That move came only weeks after Apple revealed some fine-tuning of its own for mobile payments, adding parental controls and voice commands for digital content purchases, all while extending the TouchID authentication system to third-party developers.