Home PC News PopID’s face-based payments pose privacy and security risks

PopID’s face-based payments pose privacy and security risks

Risk of an an infection all through the pandemic motivated brick-and-mortar firms to find choices to traditional point-of-sale (PoS) terminals, like QR codes pointing to on-line checkouts. Most rely upon acquainted, current platforms and utilized sciences, nevertheless a model new entrant referred to as PopID is pushing a in all probability problematic decision that leverages facial recognition.

Earlier this month, The Los Angeles Times profiled the startup, which was based mostly by the chairman of CaliGroup, CaliBurger’s dad or mum agency. PopID not too way back launched a face-based funds group with 25 consuming locations and retailers in Pasadena; it moreover offers a product referred to as PopEntry that verifies of us’s identities at places of enterprise and universities. CEO John Miller claims that over 1,000 PopEntry fashions have been supplied and that a lot of thousand further are deliberate for arrange sooner than the tip of 2020 in Colorado, Texas, Arizona, and Indiana.

To enroll in PopID, purchasers go to PopID.com and snap a picture. Next time they’re at a enterprise or school with PopID, they may use their face for verification by standing in entrance of a digital digicam. “PopID … aims to be the universal gateway for verifying an individual’s identity based on face for applications such as loyalty, payment, and entry,” reads an excerpt on PopID’s website online. “Your face now becomes your singular, ultra-secure ‘digital token’ across all PopID transactions and devices … Your face replaces keys, fobs, key cards, etc. to allow you easy entry to secure areas.”

Miller often states that PopID complies with Illinois’ Biometric Information Privacy Act, which obligates firms to protect and retailer biometric data a minimum of to the equivalent diploma as totally different delicate information. But questions spherical PopID’s privateness, security, and algorithmic practices abound, and it’s an occasion of a larger problem.


It’s successfully established that facial recognition strategies are weak to bias.

PopID makes use of “core algorithms” from Japanese electronics vendor NEC blended with “technologies that PopID has built internally,” Miller instructed VentureBeat by way of e mail. That’s significantly relating to because of whereas NEC professes its algorithms to be bias-free, it has refused to share proof even when compelled by U.K. courts. There’s anecdotal proof quite the opposite of NEC’s claims — an NEC algorithm utilized by U.Okay. police forces as recently as two years ago had a false optimistic value of 98%.

“In general, there seems to be a lot of secrecy and confusion over how this NEC algorithm works and is trained, which is never good,” Mike Cook, an AI researcher on the Queen Mary University of London, instructed VentureBeat by way of e mail. “Ultimately, we know very little or nothing about NEC, and obscurity is not a solution for something like payments.”

Miller equipped as a counterpoint facial recognition benchmarks printed in December 2019 by the U.S. National Institutes of Technology (NIST). NIST determined an NEC algorithm supplied to the U.S. Department of Homeland Security (DHS) had no statistically detectable race or gender bias. In totally different phrases, NIST couldn’t uncover proof the algorithms the DHS is using comprise any racial bias, though it made clear that it didn’t account for variables like digital digicam top quality and place. (PopID sources a wide range of {{hardware}} gear from third-party distributors along with Panasonic, and configurations vary merchant-to-merchant.)


Miller moreover asserted that PopID’s devices use “image processing techniques” to bolster accuracy, and that the company is inside the strategy of establishing a tool that will allow clients to interchange their photos based mostly totally on “fundamental changes” in choices previous points like hair progress (which the algorithm already accounts for). “The market will show that the best biometrics algorithms work extremely well across all different types of people and lighting conditions,” Miller talked about.

The disadvantage is, as University of Washington AI researcher Os Keyes instructed VentureBeat in a earlier interview, that people can present in quite a few strategies and have many different life histories, trajectories, and desired sorts of treatment. “When you have a technology that is built on the idea that how people look determines, rigidly, how you should classify and treat them,” Keyes talked about, “there’s absolutely no space for [things like] queerness or non-binary.”

Miller disagrees. “Some algorithms are biased. However, our algorithms are not biased,” he talked about.

This assertion is at odds with the consensus of specialists, along with Keyes, who say imbalances in data and strategies make eliminating algorithmic bias virtually inconceivable. In 2015, a software program program engineer pointed out that the image recognition algorithms in Google Photos had been labeling his Black mates as “gorillas.” A University of Washington study found ladies had been significantly underrepresented in Google Image searches for professions like “CEO.” More not too way back, the nonprofit AlgorithmWatch confirmed that Google’s Cloud Vision API robotically labeled a thermometer held by a dark-skinned particular person as a “gun” even if it labeled a thermometer held by a light-skinned particular person as an “electronic device.”

Data possession

Recognition accuracy aside, there’s the question of data possession. Miller says the PopID platform is opt-in inside the sense that clients ought to choose to register and that the system performs biometric matching solely particularly circumstances and places (i.e., when a purchaser is making a purchase order order and is standing in entrance of the camera-equipped terminal). Users aren’t pressured to pay with PopID; within the occasion that they resolve to utilize a financial institution card or cellphone with NFC, the system obtained’t seize their {photograph}.

PopID retailers face photos in a database that the company claims is encrypted every at rest and in transit. When requested whether or not or not NEC had entry to this database, Miller talked about that PopID hosts NEC’s algorithm in a “secure cloud” aside from NEC’s infrastructure and that clients can request that their data be deleted or deactivated at any time. “We only share a person’s identity at a particular moment in a particular place when a user chooses to use PopID to have their identity shared,” he further outlined. “We never share a picture — we only authenticate that the person is there at that particular moment.”

According to PopID’s shopper settlement and privateness protection, personal data isn’t shared until the individual decides to utilize PopID at a location to authenticate. But from that point forward, it’s uncharted waters — PopID reserves the most effective to share personal data with “businesses that the consumer elects to use PopID to authenticate identity.” And if clients don’t explicitly request deletion or restricted disclosure of their information (by emailing [email protected]), PopID retailers the data for three years from the ultimate date they used any of its firms.

VentureBeat sought clarification spherical these practices from PopID’s service supplier privateness protection, nevertheless the webpage returned an error at publication time.


Cook finds this problematic. “It seems to say that they instead send your information to the business, and the phrasing of [the privacy policy] also kind of implies that once you’ve done this, they can share your information with that business whenever they want,” he talked about. “For example, if they signed a contract to provide facial recognition for paying for driver’s license renewals at the DMV, would that as a result allow them to ‘share personal data,’ i.e. your facial scans, with the entire U.S. government, in perpetuity, because you opted-in by paying once at a single place?”

Security and privateness

While PopID says it takes pains to protected its database, the company in some circumstances does little to forestall point-of-sale fraud. In consuming locations manned by cashiers, Miller says it’s incumbent on staff to flag purchasers holding up footage of one other individual to the digital digicam. PopID applies an algorithm-based anti-spoofing decision solely to “unmanned” price terminals and PopEntry gateways.

And in truth, just because the database is encrypted doesn’t indicate it’s immune from compromise. Law enforcement might subpoena PopID to amass a purchaser’s information with out the person’s information, or a malicious actor might hack into the database and steal delicate information. “Ownership and use of the data is a big issue,” Cook talked about.

That’s to not suggest PopID has nefarious intentions — faraway from it. But even the best-engineered facial recognition strategies are inherently fraught, which is perhaps why Amazon, IBM, and Microsoft have all paused or ended the sale of facial recognition merchandise over the earlier a lot of months. Facial recognition that doesn’t work successfully on of us of certain demographics may, as a smart matter with a POS system like PopID, return false negatives, which is likely to be terribly embarrassing for any person trying to make a purchase order order. And it might make surveillance a part of regularly life, laying the groundwork for progress to totally different makes use of.

Alibaba’s face-based price system in China is a dwelling proof. While purportedly engaged on an opt-in basis, reports current that anyone who verifies their account using {a photograph} can subsequently be acknowledged by their face all through the price course of, even after they opted out of facial recognition funds. Privacy concerns aside, over 60% of 40,000 respondents to a 2019 poll by Sina Technology talked about that face-based price strategies made them actually really feel “ugly.” (Alibaba later rolled out filters to its terminals that current “beautified” variations of shoppers’ faces at price time.)

If PopID maintains its current course, it might do successfully to supply larger transparency regarding the way in which it collects, retailers, and processes facial data. A failure to take motion would not solely engender mistrust amongst its clients, nevertheless pose a hazard to those clients’ privateness and security.

Most Popular

Recent Comments