Mastercard Launches Its Biometric Retail Payment System in Europe, Using Poland As a Testing Ground

“Buy with your eyes, pay with your glance!”

After running pilot tests in Brazil and parts of the Asia Pacific for roughly two years, Mastercard is finally rolling out its biometric retail payments system in Europe. The world’s largest payment card company appears to be determined to wean consumers off not only cash, its eternal rival, but also credit and debit cards, its main line of business until now. To that end, it is piloting its Biometric Checkout Program in Poland in collaboration with local fintech company PayEye, which will be providing its iris and face biometric technology.

From the company’s press release, titled “Buy with your eyes, pay with your glance!”:

Mastercard’s global Biometric Checkout Program, represents a first-of-its-kind technology framework to help establish standards for new ways to pay, allowing cardholders to use a wide range of biometric payment authentication methods such as palm, face or iris scan. This simplifies the checkout process in store, as consumers no longer need to use a physical payment card, cash or a mobile device to pay for purchases. With Mastercard Biometric Checkout Program, secure and convenient experiences are possible simply by using your biometrics.

“Mastercard is a pioneer of innovative payment methods and drive security, and standardization and Poland is an (sic) perfect place for such a groundbreaking pilot,” said Marta Życińska, general manager Poland, Mastercard.

If you, like me, are wondering, “Why Poland?”, the answer is apparently simple: Poles are more naturalllt inclined to adopt dystopian disruptive new technologies — at least according to Mastercard. From the industry publication, Biometrics Update:

The global payments giant says it chose Poland as its first European country to pilot the program because of its receptiveness to new technologies. According to their survey, four out of five Polish people say that they use or have used biometric technology while among the 18–25-year-olds category, almost all are familiar with using biometrics.

“Poland was one of the first countries where contactless payments with Mastercard cards were introduced and we know that Polish consumers are leaders in adopting innovative technologies,” says Marta Życińska, Mastercard’s general manager for Poland.

The pilots will be conducted in five stores in Warsaw, Wrocław, Kraków, Poznań and Czeladź. Empik has over 350 stores across Poland.

Regular NC commenter Captain Obvious proposes in the comment thread below another possible reason why Mastercard chose Poland as its testing ground: “Ukraine is no longer suitable for this type of in vivo experiments because of problems with its power supply.”

Ukraine’s wholesale digitisation of government services — the so-called “state in a smartphone” — predate the war, but in the eternal spirit of never letting a good crisis go to waste and with financial support from USAID, the EU and the UN Development Program, it has been significantly expanded since and is even being used as a template for other countries looking to do the same. But in recent months Ukraine has experienced unprecedented power outages and blackouts across its territory as Russia has intensified its attacks on its energy infrastructure, plunging Ukraine into darkness.

JP Morgan Chase Joins the Race

This will be the first time Mastercard has piloted a Biometric Checkout Program in Europe. In May, 2022, the company unveiled plans to launch a pilot “biometric checkout program” in the UK, but that so far appears to have come to naught. Before testing the system on UK consumers, the company first trialled it in Brazil. It then expanded its pilot programs program to the Asia Pacific region and launched its second pilot in Latin America earlier this June.

Mastercard is not the only large financial institution testing out this still relatively nascent (at least in the West) form of payment technology. The company’s largest rival (after cash, of course) and fellow duopolist, Visa, recently showcased its pay-by-palm biometric payment technology at an event in Singapore. During the event, visitors were invited to try out the palm reader and link their signature to their payment card for a transaction.

“The future of biometric payments is promising and is set to revolutionise the retail experience,” said Kunal Chatterjee, Head of Innovation at Visa Asia Pacific. But it may take time for the technology to reach critical mass. Various factors, he said, influence the level of acceptance of biometric payments, including regulation, technology and consumer priorities, which can vary from country to country.

The largest bank in the US, JP Morgan Chase, is also piloting both face and palm pay technologies, with a view to fully launching a biometric checkout service with its merchants early next year. Given JPM is the largest merchant acquirer in the US, processing around 37 billion transactions in 2022, the impact on the payments landscape in the US could be huge. According to Prashant Sharma, executive director of biometrics and identity solutions at JPMorgan, merchants are highly interested in tapping biometrics, “because everybody wants to provide a streamlined, personalized experience to the consumer.”

Biometrics have already seeped into many other aspects of everyday life, including travel and communication. Many national passports these days include biometric data. Hundreds of millions — perhaps even billions — of people use a biometric authentication factor, such as a fingerprint or face scan, to unlock their smartphones and other digital devices. Soon, biometric identifiers may even be necessary to log onto social media platforms.

In other words, people are already giving away their most private data to work, communicate, cross borders, or get on planes. Will they do the same to speed up their shopping experience?

It is far from clear. As we reported last year, a push back against biometric surveillance and control systems has been gathering momentum on both sides of the north Atlantic, particularly the Western one. In the US, a small but growing handful of cities, including New York, have passed biometrics laws. Likewise, a growing number of states have followed Illinois’ lead in passing laws that expressly govern the processing of biometric data. In Illinois alone, more than 1,000 class action lawsuits have been filed under the state’s Biometric Information Privacy Act (BIPA).

In the UK, meanwhile, the unmanned store experience offered by Amazon has been such a flop that the company has had to begin opening stores with actual fresh-and-blood human beings serving customers. Across the English Channel, there have been murmurings of protests in Belgium, France and other countries. But despite this growing backlash, there is a sense of inevitability to all of this. These are, after all, technologies that stand to massively benefit both governments and corporations alike while stripping the public at large of even more power, autonomy and independence.

More Convenience. But for Whom?

Mastercard’s Biometric Checkout Program claims to offer several benefits, including increased speed, convenience and better hygiene. Consumers first have to enrol in the program, by using their phone to scan their face, before being able to take advantage of its supposed benefits.

“The new technology ensures a fast and secure checkout experience, while also empowering consumers to choose how they want to pay… No more fumbling for your phone or hunting for your wallet when you have your hands full – the next generation of in-person payments will only need a quick smile or wave of your hand. The trusted technology that uses your face or fingerprint to unlock your phone can now be used to help consumers speed through the checkout. With Mastercard’s new Biometric Checkout Programme, all you will need is yourself.”

In other words, consumers will not have to use safer two-factor authentication — biometrics plus a PIN or password — if they don’t want to. And they are essentially being encouraged by Mastercard not to.

In the interview below, Ajay Bhalla, Mastercard’s president of cyber and intelligence solutions described the company’s biometric checkout program as a “cool new technology” that “allows consumers to pay with a smile on their face or just wave.” That way, he said (emphasis my own), “you can forget the clunkiness of taking your wallet out, your devices out, your card out.” Just do your shopping, he said “go to the checkout and… pay with your face. It’s as simple as that.”

Convenience, as always, is the watchword. But for whom?

It is already well established that large retailers, banks and payment card companies much prefer people to use contactless payments as much as possible because: a) they are quicker to process, which means more sales per hour and more fees for the banks and card companies; and b) (this is the key part) people tend to spend their money in a more carefree or reckless fashion, which also means more sales for the retailers and more commissions and fees for the banks and card companies. As growing numbers of cash-strapped consumers grappling with high inflation have discovered (or rediscovered), cash tends to have the opposite effect.

This was already known when contactless cards began making their appearance almost two decades ago, as a 2006 Financial Times article makes clear:

Mr Williams, [controller at The Bailey Co, parent company of Arby’s, a fast food restaurant chain based in the US], has found that customers spend about 50 per cent more when they use a contactless card than when they pay for their food with cash: “I think it is psychological: because customers are not pulling cash out of their wallet, they spend more.” Arby’s has also made productivity gains with less time being spent on counting money and taking it to the bank, Mr Williams says.

Another benefit to retailers is that cards allow them to capture data about their customers from small transactions.

“If contactless cards offer merchants better information on their customers, that could prove to be valuable,” says Mr Uzureau.

Beware of Wandering Eyes

Another potential problem with Mastercard’s biometric checkout program is the apparent risk posed by customers’ wandering eyes. As the company itself notes in its press release, using PayEye’s eyePOS terminals “requires precise calibration, such that there is no risk of accidentally looking at the terminal and paying” for somebody else’s purchases.

Other major concerns include privacy and security (or lack thereof). More or less all large corporations have suffered at least one significant data breach in recent years, often through third-party service providers. They include, of course, Mastercard, Visa and JP Morgan Chase. In March this year, American Express (Amex), the US’ third largest credit card company, alerted its customers that their credit card details may have been compromised following a third-party data breach.

“The idea of a data breach is not a question of if, it’s a question of when,” says Professor Sandra Wachter, a data ethics expert at the Oxford Internet Institute. “Welcome to the Internet: everything is hackable.”

In my 2022 book Scanned, I documented how authorities in India, the Philippines and South Korea had suffered extensive security and data breaches leading to the leaking of biometric ID information belonging to millions of people.

Since then India’s Aadhaar ID system has suffered its biggest ever data leak, the Inspector General (IG) of the US Department of Defense (DoD) has released a report revealing glaring gaps in security and management of biometric data within the DoD, and an Australian firm called Outabox has suffered a breach of personal data linked to a facial recognition scheme that was implemented in bars and clubs across the country during the reopening of the economy. As WIRED magazine reported in May this year, the Outabox incident vindicated the privacy experts who have repeatedly warned about the creep of facial recognition systems in public spaces such as clubs and casinos:

“Sadly, this is a horrible example of what can happen as a result of implementing privacy-invasive facial recognition systems,” Samantha Floreani, head of policy for Australia-based privacy and security nonprofit Digital Rights Watch, tells WIRED. “When privacy advocates warn of the risks associated with surveillance-based systems like this, data breaches are one of them.”

This may not be news to regular readers but it bears repeating: biometric data is the most precious data of all. If it is hacked, leaked or compromised in some other way, the damage is often permanent. You cannot change or cancel your iris, fingerprint or DNA like you can change a password or cancel a credit card. As Illinois’ BIPA law notes, once biometric identifiers are compromised, “the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.” This is what makes the relentless march toward a future of biometric-enabled surveillance and control so dangerous.

Print Friendly, PDF & Email

19 comments

  1. Captain Obvious

    If you, like me, are wondering, “Why Poland?”, the answer is simple. Ukraine is no longer suitable for this type of in vivo experiments because of problems with power supply.

    Reply
  2. The Rev Kev

    Seems here to be a classic case of where all the benefits and money accrue to MasterCard in pushing this system of payments but that any risks and damage will be falling only on their customers if their facial recognition system has been compromised. This stays true even if MasterCard itself is hacked and all those profiles are stolen and sold on the black market. It will be up to all those customers to try to limit the damage when the financial consequences hit made worse by the fact that they can hardly change their biometric profile. I expect though that governments will also push this idea and so shield corporations like MasterCard from any consequences as they too, like India, want to bring this idea out right across the board. Resistance is futile.

    Reply
  3. Ron Singer

    Orwell knew: we willingly buy the screens that are used against us

    Privacy is power, which is why TPTB want yours to end.

    Every Breath You Take – The Police

    The panopticon of the Financial Industrial Complex: because control of the world’s governments isn’t sufficiently fine-grained. It would be easy to see that the future combines the worst aspects of ‘1984’, ‘Brave New World’, ‘Lord of the Flies’, and the Terry Gilliam classic ‘Brazil’ (Venn diagram deferred), except that civilization can’t be expected to reverse its ongoing collapse before it gets there.

    Reply
    1. Mikel

      It’s this kind of thing that aids in the acceleration of collapse. Everything they do backfires (mostly on the masses, members of the complex set up ways to shield themselves) and they still say, “Trust us.”

      Reply
      1. Ron Singer

        You’d think that between wage slavery, rent slavery, and debt slavery they had already optimized the financial extraction and that all that’s left is to reduce the general population to penury. Maybe I shouldn’t be giving them any ideas.

        Reply
        1. JBird4049

          With the panopticon, which biometrics are a part of, penury is not the goal as much as control is. As with much of American policing, law enforcement is not the goal either, but nearly random terrorization of the population is. I can do a very, very long screed, but I will just mention that false arrests using bad biometrics are now a thing in the United States.

          Reply
          1. Ron Singer

            Civil government, so far as it is instituted for the security of property, is in reality instituted for the defense of the rich against the poor, or of those who have some property against those who have none at all.
            – Adam Smith, Wealth of Nations, V, 1, ii.

            Reply
  4. Mikel

    No way corporations should be able to mess with your body.
    Insane that people think this is a good idea. This is the world that’s supposed to be “saved”?

    Reply
  5. Rubicon

    It’s as Dr. Michael Hudson said almost 2 years ago: the US is going to “Colonize Europe.” This article reveals one of the many ways of enriching the super rich while making every citizens in Europe as beholding to Big Capital just as its been done with multiple millions of American citizens.

    Reply
  6. McWatt

    The Whole Foods near us has a pay with your palm option at the checkout counter. After being up for many months I asked the checkout person how many people use it. The response: “Almost no one.”

    Reply
  7. nickj

    so convenient, for criminals. the wunderbar biometric scanner can’t detect the gun behind the boobys back.

    Reply
  8. Lidia

    What you probably don’t know is that in Russia “pay with your smile” devices have been massively rolled out across the whole country a few months ago. Powered by SBER, the biggest state owned bank. I haven’t seen anyone use it, but it is offered as a payment option at many many stores.

    Reply
    1. Nick Corbishley Post author

      Thanks for that, Lidia. I knew that SBER has been involved in the development of the digital rouble but I wasn’t aware that biometric payment systems were already so prevalent in Russia. Sad to hear, good to know.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *