Humanity’s identity crisis and commerce are about to collide. The Biometrics and Identity Solutions division at J.P. Morgan are looking at future payment systems. The current cumbersome and often irritating processes of basic shopping are seen as obsolete to a degree, which they are.
Not entirely surprisingly, the answer is biometrics. This is a strong, if highly controversial, form of attempted inalienable identity. It uses the unique biometrics of every individual to positively identify anyone with a good level of certainty.
It also has the advantage of being a live, real-time security check, as distinct from 100 points of fraudulent documentation, etc. There’s nothing wrong with the idea in practical terms for transactions. That’s not quite the whole story, though.
Note: Biometrics are a bit of a bugbear of mine. I have more than a few reservations about the inherent legal status of biometrics. “Biometric rights” are very likely to be central to the whole legal framework of personal ID soon enough. This matter is being treated far too casually.
This case is a good example. Biometrics are used to establish the legal identity of a person. Given that identity is a major cash industry, do you see any possible issues?
Turn identity into a mass of vectors, and you get a formula for identity theft. Your biometrics are a “recipe for you” as far as any automated system knows. Security is an obvious issue. Bear in mind that any type of security has to unravel any issues with identity after the fact. Automated security systems can’t do that.
All of which leads to a direct conflict between a good workable basic idea and the environment in which it has to operate.
For instance:
Even this very clunky generation of AI can scrape enough biometrics to deliver deepfakes. JP Morgan obviously isn’t talking about anyone deepfaking themselves.
On a compromised system, however, an apple can easily be an orange. The system just gives a yes/no to an ID. That’s the problem.
Note that this is not a problem with the idea. It’s a problem with the commercial technology that manages payments. Transactions can’t be potential litigation war zones and also be practical payment systems.
ID fraud is common enough. It’s absurd to think that all that money in ID fraud won’t simply adapt to a new system. This does routinely happen with live systems. When the maniacal level of employee surveillance was introduced, the fixes for beating it were online in a week or so. There were any number of workarounds for just about every form of surveillance. The surveillance systems were also designed to be particularly tough.
One of the problems with biometrics is the need for trustworthy inputs. Is that the person that the system says it is? Has someone been put into the system as someone else? Can biometrics be used to frame someone for fraud?
The vulnerabilities are:
Fake inputs from any source.
Verification to a demanding standard.
A working legal frame of reference for any issues.
The need for clear commercial objectivity in managing disputes efficiently and reasonably.
I don’t want to be totally negative about what might evolve into a good system. The current system is fraud-prone to an incredible extent. Something as simple as a mis of biometrics and/or a unique portable or remote identifier could reduce any risk of fraud.
Let’s hope it works.
______________________________________________________
Disclaimer
The opinions expressed in this Op-Ed are those of the author. They do not purport to reflect the opinions or views of the Digital Journal or its members.
