For many of us, biometric security, which is the use of unique personal characteristics such as fingerprints or facial recognition, has become second nature. Indeed, these technologies are quickly becoming more integrated into everyday activities, from unlocking
smartphones to authorising mobile payments. And what’s not to like? It’s quick, efficient and, compared to many other methods, relatively secure.
The problem is, adoption is starting to outpace trust. A recent study published by the Identity Theft Resource Center (ITRC), for example,
revealed that while nearly 90% of respondents had been asked to provide a biometric to verify their identity in the past year, nearly two-thirds expressed serious concerns about doing so. Moreover, 39% went as far as to say that the use of biometrics should
be banned for both identity verification and/or recognition.
Consent first design
So, what can be done to close this trust gap and help ensure biometrics are used across fintechs as a more secure alternative to passwords and PINs? One area that requires more emphasis is that of consent-based design, whereby users are given clear and revocable
permission around how their biometric data is collected, stored and used.
In practical terms, a consent-first design could resemble a digital wallet that provides users with clear, active choices regarding the use of biometrics. During setup, biometric authentication is optional and switched off by default. The app explains what
data is collected, where it is stored and how to disable it later. During the payment process, all matching occurs locally on the device, rather than in a central database, and independent certification confirms compliance with data protection standards.
Even these relatively basic processes can help put users in a much stronger position to understand and control the use of their biometrics. And don’t forget, this isn’t just a nice-to-have; it increasingly falls under regulatory requirements issued by the
EU and other authorities worldwide. GDPR is a good example, as it classifies biometric data as a special category of data and prohibits processing it unless explicit consent or another lawful basis applies.
Building trust
However, it’s clear that even when regulation makes consent mandatory, compliance alone isn’t enough to win user confidence. Instead, true progress depends on users understanding how their data is kept safe and that the fintech systems have been designed
to work in their interest.
For many fintechs, this requires a shift in mindset, where transparency is seen as a core product feature, rather than something of an afterthought or a compliance tick box. With consent first design principles in place, for example, users should be regularly
reminded about where their biometric data resides and how to delete it.
Additionally, regular external audits or certifications help demonstrate accountability and ensure fintechs operate to recognised standards. Granted, relatively few consumers are likely to study the fine details, but the act of being credibly audited is
an important contributor to the way consumers build trust.
In these circumstances, trust can actually evolve into a competitive advantage. Transparent payment systems and processes will always face fewer adoption barriers, fewer customer complaints and possess stronger reputational resilience in the event of incidents.
Ultimately, the more open and consistent the provider, the more users adopt and stay engaged. In markets where penetration is still low, a consent-first design and focus on trust will reassure users that they will always remain in control of their data and
encourage increased adoption of newer, seamless payment methods.
As consumers become more digitally savvy and accustomed to a culture where switching between service providers is relatively easy, building trust in biometrics will contribute significantly to fintech success.
