A growing number of sports teams and stadiums have adopted the use of facial recognition and fingerprint scanning to alleviate long lines and counterfeit tickets.
Airport security has normalized the use of biometrics, especially facial recognition.
Biometrics allows for automated check-in and re-check-in at any venue for sports fans and music lovers and could speed up the process, especially when there are large, enthusiastic crowds.
Skipping the use of physical or virtual tickets could be a gamechanger and venues would use a hybrid approach for groups. Attendees who bring in family members or friends would likely receive a wrist bracelet allowing them to leave and come back, Jason Glassberg, co-founder of Casaba Security, a Redmond, Wash.-based ethical hacking company, told TheStreet.
The adoption of using consumer fingerprints or their faces instead of tickets comes with its risks.
"Biometrics is a double-edged sword when it comes to security," he said. "On the one hand, it’s a better and more reliable way to secure your identity or account, rather than having to remember a password and passwords get hacked all the time. Even two-factor authentication is proving to be much more vulnerable than many people thought."
Your Fingerprint Never Changes
The glaring issue with using biometrics is that they do not change and if a database of fingerprints is compromised, the loss would be irreversible, Glassberg said.
"The good news is that biometric data theft still has only a limited real-world potential, since it’s not easy to spoof somebody’s biometrics, although it is possible," he said. "Researchers have demonstrated this with certain facial recognition technologies and other tools."
Another concern is that biometrics could also contain information about your health and genetics.
The concern about surveillance can not be brushed aside, Glassberg said.
"If your biometric data is stored by a company, is it not also accessible to the government if they request it?" he said.
Biometrics are a gateway to surveillance and the long-term implications include a multitude of risks, Karim Hijazi, CEO of Prevailion, a Houston-based cyber intelligence company, told TheStreet.
"It's not unrealistic that biometric data could eventually become centrally stored and universally accessible to businesses, the way personal credit scores are today," he said.
Companies could adopt biometrics because it is efficient, effective, and reduces the risk of account takeovers.
"These unique identifiers will be easier to track and correlate to specific people, even more so than credit card numbers are," Hijazi said. "Right now, biometric data theft isn’t very practical, but that could change down the road. A number of security researchers have already been demonstrating the potential to exploit biometric screening."
Who Is Liable?
The U.S. does not have any data privacy protection laws -- the legal risks are on a par with any other data breach, Hijazi said.
"The venues will no doubt require a terms and conditions agreement or end user license agreement to utilize the biometric sign-in process, which will cover them for how they use, store, and share the data," he said.
Biometric data isn’t considered health information, so the legal risks are minimal, Glassberg said. Federal regulations are also minimal.
"We are still very much in the Wild West days of data collection, at least in the U.S.," he said.
When data is stolen, companies usually face a slap on the wrist, even when a major breach occurs. The same repercussion would likely occur if cyber thieves hacked into a facial recognition database, Glassberg said.
"The company will pay a small to moderate fine, they will probably have to settle a class action lawsuit and life will go on," he said. "Meanwhile, everyone whose biometric data was stolen would be subject to exploitation for the rest of their lives."
Cruise Ships, Hotels, Retail Will Use Facial Recognition
Several hospitality venues have already started using facial recognition, including cruise ships, Bud Broomhead, CEO at Viakoo, a Mountain View, Calif.-based provider of automated IoT cyber hygiene, told TheStreet. Some cruise ships take a photo of passengers at embarkation and that data is used from contact tracing to selling consumers photos they appear in and ensuring everyone disembarks at the end of the journey.
Even U.S. Customs and Border Protection has adopted the technology and said the software verifies a traveler’s identity within two seconds and is over 98% accurate. Facial recognition has been used with 187 million travelers at 14 seaports, including Florida, New Jersey, New York, Texas, California, Washington, Louisiana, Alabama, Puerto Rico, and Maryland.
CBP started working with Carnival (CCL) in July, using facial biometrics for the debarkation process at the Port of Baltimore.
"Multiple airlines have done pilot programs testing the use of facial recognition for all phases of the air travel experience," he said. "Hotels likewise have experimented, with Marriott planning to eventually use facial recognition across all their properties."
Automated methods that increase security and makes it easier for customers will "ultimately win," especially with the ongoing staff shortages in the hospitality and entertainment industries, Broomhead said.
Biometrics will expand to every industry in the future, Hijazi said.
"This is easier and more cost effective than other forms of authentication, it allows for greater efficiencies and it’s better at preventing fraud," he said.
While many consumers will be reluctant to adopt it at first, more companies will keep pushing biometrics. Businesses will offer enticements and as the adoption rate increases, people "who refuse to do it will have less access to events, services and perhaps even basic needs, unless they are willing to accept biometric authentication," he said. "Government could set regulations on this, but they tend to run 10 years behind technological advances, so we’ll have to see if that changes."