Your unique fingerprint, the distance between your facial features, and the size of your gait — these are all things employers can currently use to verify your identity. Once a novel technology reserved for sci-fi movies and law enforcement, biometric technology has fast become a staple of our personal and professional lives, and its use is showing no signs of slowing down.
But while some businesses view biometrics as a convenient and cost-effective security solution, many employees don’t see it in the same light. Concerns around employee privacy and data security have led to a barrage of court cases being brought against the practice which in many cases, have resulted in federal laws around its use.
To help employers better understand this trade-off between privacy and security, we spoke to businesses currently using the technology (as well as some that have recently ditched it), to understand the ethical, practical, and legal implications of using biometrics in the workplace.
The Rise of Employee Biometrics
Biometric verification, or biometric authentication, is a security process where unique biological characteristics, like fingerprints, hand, face, and retina scans, or voice patterns are used to identify an individual. Using mathematical algorithms to map out the physical and behavioral characteristics, the method is evolving every year and is currently understood to be 99.8% foolproof.
In a corporate setting, employee biometrics can be used for a range of different purposes, from identifying personnel and monitoring when they pass through checkpoints, to recording when they log in and out of internal systems.
And the practice is catching on. While historically biometrics was predominantly used by governmental and financial institutions, data from PwC suggests that 57% of US businesses are currently using the authentication method in some way or another. This equates to over 18 million businesses across the country.
With so many businesses welcoming biometric solutions into their workplace, it's clear the practice is delivering results. To understand the main motivations behind its use, we spoke to employers up and down the country. Here’s what we found.
The Most Accurate Verification Method
Unsurprisingly, when discussing the benefits of using employee biometrics, the method’s high level of accuracy came up the most.
By digitizing core processes, businesses using the method are able to do away with clunky passwords and manual devices like punch cards and timestamps. Aside from improving convenience for employers and employees, this is typically able to generate much more accurate results.
According to Luke Fitzpatrick, Marketing Officer of Drsoso.com, this level of accuracy is especially useful when it comes to tackling ‘time theft’ — a phenomenon where employees get paid for the time they didn’t work, and ‘buddy punching’ — a similar type of fraud that involves staffers clocking in on behalf of absent employees.
“(Biometrics) cannot be manipulated like other systems where an employee can punch in or out on behalf of others”, Fitzpatrick tells Tech.co. Edward Mellet, Director at WikiJob agrees, explaining that fingerprint scans can be used to tackle wage theft, as well as to “refute an employee's claim that an employer's time records are erroneous”.
These concerns are valid. In the US, nearly half of employees have admitted to taking part in time theft at some point or another. Research from QuickBooks also reveals this can cost businesses an estimated $11 billion a year, with buddy punching contributing a further $372 million of losses.
By recording attendance and tracking time through biometric devices, staffers are unable to cheat the system or clock in on each other's behalf. This is by far the most effective way to improve employee accountability while avoiding unnecessarily haemorrhaging money through lost labor.
Enhanced levels of accuracy have massive implications for security too, as tech expert and Forbes Council Member, Ana Codallo, points out.
”Because your password is your physical identity, it never changes. There are no mistakes or malfunctions… it's much more secure and efficient”. – Ana Codallo, Forbes Council Member
And businesses are in agreement. Following in the footsteps of major tech firms Apple and Microsoft, a number of businesses we spoke to have adopted biometric verification to overcome vulnerabilities associated with passwords. For instance, Abdul Savoor, Full Stack Developer at The Stock Dork explained that while passwords used to be the norm, “they are becoming increasingly hackable every day”, paving the way for more secure, high-tech solutions.
“Unlike passwords, biometric technology offers a variety of solutions that are really hard to hack. This is a tremendous aid for us, particularly for business owners who have been battling security issues for a long time.” – Abdul Savoor, Full Stack Developer at The Stock Dork
This belief is also held by Scott Annam, founder of MyCube, who explains that as instances of cybercrime have increased over the years, biometric tech has only improved the security of his safes while providing him with the added comfort of knowing his safe is programmed specifically to the owner.
But with the cost of biometric verification exceeding that of most manual methods, is it really a viable option for all businesses?
Is Biometric Verification a Cost-Effective Solution?
While the start-up costs of biometric systems exceed that of many other security solutions, many businesses claim that their return on investment still makes the option more wallet-friendly in the long term. This proved to be another major impetus for the employers we talked to, many of whom have recently been forced to be more conscious of their bottom line.
Highlighting this rate of return, Jake Cowans, Founder and CCO of Company Scouts, tells us that once his biometric security system was implemented, no additional funding was required. As a result, he's been faced with “much lower initial and ongoing investments” — an attractive proposition for any business owner.
“Compared to alternative security systems, biometric solutions will deliver the greatest return on investment” – Robert Smith, Head of Marketing at Psychometric Success
Kavin Patel, founder and CEO of Convrrt agrees, explaining that switching to biometrics minimizes the need for intensive training, administrative costs, and additional expenditures like wages, issuing new identification cards, and repairing lost or damaged keycards.
However, longer-term returns on investments aren’t preventing other businesses from being priced out of the practice. Many employers we spoke to said that the initial price of installation made biometric verification unviable for their companies. Others explained that ongoing costs associated with maintaining, adjusting, and fixing the hardware, prevented them from switching to the method.
“We found that all the affordable options we tried were incredibly glitchy and generally found the experience to cause more problems than good.” – Loredo Rucchin, CEO of Jukebox
The high price of quality solutions was even enough to prevent Loredo Rucchin, CEO of JukeBox, from using biometrics altogether. When describing his experience with the method, Loredo explained that all the budget-friendly options were glitchy, and locked employees out of important things. Since this caused him “more problems than good” this led his company to ditch the solution entirely.
Are Biometrics Really More Reliable?
The cost of installing and maintaining technology isn’t the only thing that’s deterring businesses from embracing biometrics. Despite gaining a reputation for being foolproof, lots of employers we surveyed criticized the system’s reliability — particularly when it came to iris scans.
When speaking on the subject, Josh Pelletier, SMO of BarBend, explained that due to inconsistencies with eyelashes, eyelids, lenses, and corneal reflections, iris scans shouldn’t be used as a reliable form of biometric authentication. Travid Lindemoen from the Nexus IT Group agrees, telling Tech.co “If the user has particularly long eyelashes, unusual eye color, or a reflection in the cornea, the device will not work.”
Eye scanning technology aside, other biometric methods like fingerprint scans can also be partial to errors too. This is because while your fingerprint is a unique marker of your identity, biometric technology only records its defining features to circumvent unnecessary detail. As a result, it's possible for individuals' fingerprints to receive faulty matches, especially if the person’s hands were subject to adverse conditions, as this study reveals.
Some Businesses Think Biometric Data is Too Invasive
While concerns around the reliability of biometrics are real, it's not the reason why the technology has been hitting headlines in recent months. With businesses reserving the right to fire workers that don’t comply with biometrics, the practice has faced growing backlash from employees concerned with the privacy implications of handing over the most personal type of personal data possible.
These anxieties are summed up by tech expert Codallo. “Biometrics force people to get personal with their work-life”, she told Tech.co, “(They are) more personal than a passcode, which can be a drawback for people who want more separation in their work-life balance”.
Using personal biometric identifiers doesn’t sit right with some employers either, with some businesses, like Infinity Dish, ditching biometrics altogether for this very reason. When speaking on the subject, Laura Fuentes, an operator at the company, said “while we’ve sniffed around the idea of adding biometric security to our business, the sacrifices in employee privacy were too worrying for us.”
“Giving your employer your fingerprints and your voice and facial scans, in my opinion, is just a bit too dystopian.” – Laura Fuentes, Infinity Dish
But the skepticism surrounding biometrics isn’t just based on a misplaced Orwellian fear. With instances of cyberattacks on the rise, handing over sensitive personal data like fingerprints, iris, and face patterns to employers can have very real consequences for staff if this information isn’t collected and stored properly.
Compared to other types of personal data, biometric information is permanent and unchangeable. This places it at higher risk of being used for identity theft, identity-based attacks, and tracking and surveillance. This contradiction is summed up by Collado again, who adds “The irony of using biometrics is it both increases the security of your work access and risks the security of your personal information”.
The scale of these breaches can be alarming too. In 2015, the fingerprints of over 5.6 million federal employees were compromised after the U.S. Government’s Office of Personnel Management was hacked by malicious actors. This marked the largest government attack in U.S. history, and with the biometric data yet to be retrieved, experts believe the subjects of the attacks still remain vulnerable to this day.
Legal Restrictions Around Corporate Biometrics
If your business operates in Illinois, or if you employ Illinoisan workers, you’re required to adhere to Biometric Information Privacy Act (BIPA). The act, which was founded in 2008, regulates the way corporations record, store, use, and destroy biometric data, and makes it unlawful for companies to use biometrics to track people without their consent.
BIPA is unique to Illinois, but since its inception, similar biometric protections have been deployed in states like New York, Texas, Washington, and Arkansas. California is also considering rolling out BIPA-like protections after legislators refused to extend corporate exemptions earlier this year — and similar regulations may soon be enforced country-wide.
As federal agencies look toward a biometric future, a revised focus has been brought on how these tools can secure the privacy of their subjects. As a result, Congress is considering implementing new regulations around its collection and use for both public and private entities. According to this Congressional Hearing Update, this is likely to include new reporting requirements and restrictions on third-party contracts.
And not following these rules could come at a cost. In recent years, thousands of individuals have filed violations under BIPA and similar laws to protect their privacy in the workplace, and won.
For example, after an employee claimed that the Illinois-based company, Topgolf, was collecting fingerprints without their consent in 2021, the employer was forced to pay its 2,600-strong workforce a total of $2.6 million in damages. More recently, earlier this year, Illinois Central Railroad Co. (the company which connects Chicago to New Orleans by rail) agreed to pay out a whopping $3.8 million to its employees after its biometric practices were found guilty of violating BIPA.
As these class action settlements show, the risks of using biometric solutions are real, especially if you don’t respect the regulations. But if you practice due diligence, could the practice still be worthwhile for your business?
Is Biometrics Right for Your Business?
For some, the practical benefits of biometric data easily outweigh the concerns. For example, Andreas Grant, Founder of Networks Hardware still has doubts about the practice, but due to its strengths over other security methods, he sees biometric data as a “necessary evil” that we have to welcome at some point.
This attitude is shared by Alice Eve, marketing director at Cicinia.fr, who was skeptical about biometrics at first, but has since embraced the method with open arms. “Our company has been using biometric data for the past one year”, Eve tells Tech.co, “I personally found it invasive at first, but now, I rarely even think twice”.
However, for others, like Laura Fuentes from Infinity Fish, adopting biometric security practices is a bridge too far. When explaining why she’s decided to veto the practice Fuentes explains that “It feels like a real monkey’s paw to give your most sensitive data for more security, that could, in turn, be stolen”.
Whether or not biometrics is a good fit for your business, one thing is for certain — the controversy surrounding the practice isn’t going away anytime soon.
Therefore, if you do decide to bolster your security with biometrics, being transparent with your employees is paramount. For instance, it's advised that employers explain why the solution is necessary, where the data will be stored and how it will be protected. By reassuring your members of staff, alongside following relevant laws, it’ll become easier to use the high-tech security method to protect your company and its employees.