From 1 September 2025, Vietnam’s Central Bank began freezing 86 Million accounts that lacked user biometric data, stating that the reason was “fraud prevention.” This significant step gives pause to ask “what are the risks of widespread biometric data on financial accounts?”, “do alternatives exist” and “is fraud prevention really what this is about?”
Introduction
The banking sector’s increasingly aggressive push for collecting customer biometric data, primarily facial recognition and fingerprint, is typically promoted as the a necessary step in the prevention of fraud and scams. However, a critical examination of available evidence reveals that biometrics, while useful, are not the most effective tool for scam prevention. Both peer-reviewed research and industry data show that a combination of behavioral biometrics and AI-driven analytics could outperform physical biometrics in both efficacy and security. This evidence-based analysis questions whether fraud prevention is the genuine motivation behind banks’ biometric collection initiatives, suggesting alternative drivers like customer lock-in, data monetization, and alignment with global digital surveillance trends may be significant factors.
Limited Efficacy of Physical Biometrics Against Modern Threats
Firstly, let’s acknowledge the evidence supporting the efficacy of biometrics. Physical biometrics (e.g., facial recognition, fingerprints) have been shown to help reduce account takeover (ATO) fraud by 85-89% compared to traditional methods. While this is a significant benefit, biometrics still remain vulnerable to sophisticated attacks.
- Deepfake and Spoofing Risks: AI-generated phishing and deepfake fraud attempts are rising, with 63% of organizations experiencing Business Email Compromise (BEC) attacks in 2024. These bypass biometric checks by replicating biological traits.
- Irreversible Privacy Risks: Unlike passwords, biometric data cannot be reissued once compromised. The Chase data breach (2024) exposed 451,000 individuals’ personal information through a software glitch, highlighting systemic vulnerabilities unrelated to direct hacking.
- Usability Issues: Facial recognition fails under poor lighting or with masks, causing customer frustration and transaction abandonment
Superior Alternatives: Behavioral Biometrics and AI Analytics
Most importantly, evidence suggests strongly that behavioral biometrics and AI-driven analytics, used in combination, could be both more effective and more secure than biometric measures in preventing frauds and scams:
- Behavioral Biometrics: This technology analyzes unique user patterns (typing rhythm, mouse movements, navigation habits) to create a continuous authentication profile. It reduces false positives by 90% and improves fraud detection rates by 70% compared to traditional methods. For example, Facephi’s solution analyzes over 3,000 behavioral signals to detect anomalies in real-time without disrupting user experience.
- AI and Machine Learning: These systems analyze transactional data to identify patterns and anomalies. Organizations using AI anomaly detection report 41% higher fraud prevention capabilities. They are particularly effective against synthetic identity fraud and money mule networks.
- Cost Efficiency: Behavioral analytics reduce operational costs by eliminating manual reviews and minimizing false positives.
So if biometrics are not the most effective way to prevent scams, what other motivations could there be for the banking sector’s embrace of them?
Examining other reasons for biometrics
Firstly we need to consider that the banking industry’s biometric push coincides with broader government-led digital identity and surveillance programs:
- China’s Social Credit System: Integrates financial behavior with biometric data to create citizen scores that restrict access to services
- India’s Aadhaar Program: The world’s largest biometric ID system, with 1.3 billion enrolled, directly links banking to centralized biometric databases
- U.S. Regulatory Frameworks: The Patriot Act (2001) and Bank Secrecy Act require financial institutions to implement “enhanced security measures” that increasingly incorporate biometrics
- EU’s Digital Identity Framework: Proposes continent-wide digital wallets that could integrate biometric banking authentication
These programs create infrastructure that enables state-level surveillance under the guise of security and convenience. This is not the only factor however. Other potential benefits to the banking sector include:
- Customer Lock-in: Biometric data creates high switching costs, tying customers to their banks.
- Data Monetization: Biometric information enriches customer profiles for targeted marketing and third-party monetization. The California Consumer Privacy Act (CCPA) defines biometric data as “sensitive personal information” subject to opt-out requirements, indicating its commercial value.
- Regulatory Compliance: Banks may prioritize biometrics to satisfy government security mandates rather than implementing optimal fraud prevention. Only 35% of organizations detect fraud within one week, highlighting systemic inefficiencies.
Privacy Risks to Individuals from Biometric Data Collection
The collection of biometric data poses profound privacy risks to individuals, primarily due to the irreplaceable nature of biometric identifiers. Unlike passwords or social security numbers, biometric data such as fingerprints or facial geometry cannot be changed once compromised . This permanence means that breaches can lead to lifelong identity theft, fraud, or unauthorized tracking. For example, the 2015 US Office of Personnel Management breach exposed 5.6 million fingerprints, leaving affected individuals vulnerable to impersonation indefinitely. Biometric systems also both surveillance on a large scale and unauthorized tracking, as seen in cases where governments used facial recognition to monitor protesters without consent, reducing free expression and assembly.
This is significant because the use of biometric surveillance, such as facial recognition, has been shown to discourage people from exercising their rights to free speech and public protest. When people know they are being watched and identified, they may fear potential consequences like being added to a watchlist, facing social harassment, or suffering professional repercussions. This fear causes individuals to self-censor and avoid participating in legitimate activities, ultimately weakening fundamental democratic freedoms. For example, the use of facial recognition during protests has been shown to make people less likely to attend for fear of being tracked by the government. Also, individuals often lack control over how their data is used, with companies like Meta collecting facial geometry without explicit consent, leading to a loss of autonomy and potential misuse.
The Alternative to Biometrics: An Integrated Solution
A multi-layered approach combining behavioral biometrics, AI, and limited biometric verification is optimal:
- Behavioral Biometrics: Provides continuous, passive authentication without storing sensitive biological data.
- AI Analytics: Enables real-time threat detection and adaptive risk management.
- Consumer Education: The FTC recommends “security hygiene” practices to reduce reliance on biometrics
The evidence supports this integrated approach being superior to biometric data-collection in terms of both efficacy and security, while avoiding the associated risks outlined in this article.
Conclusion
While biometric data offers modest benefits in reducing ATO fraud, evidence confirms that behavioral biometrics and AI analytics are more effective, privacy-preserving, and cost-efficient. Banks’ insistence on biometric collection may prioritize customer lock-in, data monetization, and alignment with global surveillance initiatives over genuine security. Regulators and consumers should demand greater transparency and invest in alternatives that balance security with privacy. But the real issue is the price of biometrics to democratic society at large. Wittingly or unwittingly, erosion of democratic rights is a well established consequence of increasing biometric surveillance. Convergence of banking biometrics with government digital identity programs therefore warrants particular scrutiny to prevent normalizing financial surveillance, particularly when more effective and secure solutions exist.