AI & Biometrics: A perfect match made in payment authentication?

Tuesday, August 19, 2025

4 Minute Read

Part 2 of 2

Part 1 of our payments authentication blog series highlighted how biometrics is taking authentication to another level in banking. Part 2 looks at data privacy and security concerns with identity verification technology.

Identity verification tools boost security and convenience but come with data privacy concerns

Banks must invest more in AI using facial recognition, voice analysis and behavioral biometrics to combat deepfakes and other growing threats. That’s according to Federal Reserve Governor Michael Barr at a New York Fed event.

The payments landscape for authentication is changing. And with it, the need to have the latest technology to stay ahead of fraudsters.

With biometrics, software can analyze large amounts of data, patterns and anomalies around an individual’s identifiers — in real time — for more reliable fraud detection accuracy. This information is often collected through touch interactions, such as from a fingerprint or facial recognition on a phone, to authorize transactions on a banking app.

The technology monitors and analyzes every user interaction, including mannerisms with their voice and typing behavior.

The result is more accurate and effective information to confirm legitimate account holders, often with less steps that otherwise use passwords and verification codes.

A faster, seamless e-commerce checkout experience is why 67% of customers would use biometric authentication versus traditional payment methods.

But what happens when cybercriminals use AI to bypass such security methods?

As the technology becomes easier and cheaper to access, it gives fraudsters more tools at their disposal. For example, they could copy photos from a customer’s social media accounts for a deepfake video to spoof facial recognition technology.

In fact, the threat of fraudsters using gen AI could lead to $40 billion in losses in the United States by 2027, up from $12.3 billion in 2023.

That’s where using AI with biometrics offers an elevated level of secure fraud detection. An AI-driven system uses an individual’s data from every interaction, continuously learning while identifying risks on everything from unusual account activity to repeatedly failed login attempts from a new device — a proactive approach to security.

The convergence of biometrics and AI is reshaping secure transactions, moving beyond traditional authentication methods. There will be a growing need and demand to leverage unique biometric identifiers alongside AI's capacity to learn, analyze and adopt while reducing security risks. - Kasey Boyd, Head of Fraud, TSYS. The convergence of biometrics and AI is reshaping secure transactions, moving beyond traditional authentication methods. There will be a growing need and demand to leverage unique biometric identifiers alongside AI's capacity to learn, analyze and adopt while reducing security risks. - Kasey Boyd, Head of Fraud, TSYS.

Bank customers can do their part — if they trust the technology

Cardholders are also concerned with fraudsters using AI technology.

One study found 70% of people are moderately or extremely worried about the threat of gen AI-based fraud and deepfakes online.

Implementing new fraud prevention solutions using AI with biometrics may seem like an easy fix, but many customers see the idea of having their personal information collected and used as intrusive to their privacy.

One study found 72% of Gen Zers are skeptical of AI to securely handle their data. Additionally, 49% of Americans worry that facial recognition technology is being used to track them beyond their personal devices.

Banks need to support their customers with the adoption and usage of AI-supported biometric authentication because, as users of the technology, they are essential to help prevent fraud losses.

That’s why user acceptance is so important.

One way that banks can support customers is to educate them on the value of authentication methods. Whether it’s offering facial biometric authentication for added security or 3D mapping to help ensure the face is a real person, focusing on the benefits and a seamless user experience could help overcome their doubts.

Key Benefits of AI-Driven Biometric Authentication

Offers real-time anomaly detection and identity patterns
Detects patterns indicative of credential-stuffing attacks, such as rapid login attempts from multiple IP addresses
Uses algorithms to quickly adapt to user behavior to improve accuracy and efficiency
Analyzes vast amounts of data instantly

Another way is through federated learning, a machine learning approach in which a model is trained across multiple devices or services while keeping sensitive data private and secure on one’s own devices.

This potentially reduces the risk of data breaches while aligning with privacy regulations.

The importance of regulations

AI-centric biometrics can more accurately authenticate identities. However, 83% of banks struggle with difficulties in aligning security measures with the speed of AI adoption.

This is where potential risk around data privacy and ethics comes in. How authentication systems collect, store and use a person’s information raises security and privacy concerns.

For example, how someone interacts with their phone through typing and navigation patterns could reveal physical, cognitive and even emotional traits. Unlike a password that can be changed, this type of information typically remains constant.

To that end, regulators can reinforce the importance of cybersecurity through appropriate updates to guidance and regulation.

Issuers can help ensure customer data is only used for authentication-related transactional purposes, especially when working with third parties. Additionally, they can communicate to cardholders about how they intend to manage their data.

Organizations that collect and process biometric data should consider having a policy with guidelines for retaining the information.

Many companies have already faced legal action for how they collect and share consumer biometric data without consent.

A recent lawsuit involving Coinbase alleges the company collects and shares biometric data without first obtaining user consent. According to the Illinois' Biometric Information Privacy Act, it states the crypto trader failed to get written consent from users before capturing face biometrics from people applying for new accounts, as well as publish its biometric data use and retention policies.

The push to be more regulatory compliant is leading to the development of more secure and user-friendly biometric technology.

Banks and financial institutions should comply with the requirements in their regions, such as the General Data Protection Regulation (GDPR) in Europe that imposes requirements on the handling of personal data. The regulations include prioritization of data security to ensure compliance. It’s a shift from the revised Payment Services Directive (PSD2) regulations that require multi-factor authentication for electronic transactions.

Invest for the future

The future of biometric authentication is paved with opportunities and uncertainties. Yet, many organizations, especially small and medium-sized businesses, are banking on the former.

According to the Global Payments 2025 Commerce and Payment Trends Report, 885 of those businesses surveyed were more than twice as likely to increase investments in biometrics compared with their midmarket or enterprise counterparts.

“Resolving privacy issues while ensuring compliance with regulatory standards is certainly a challenge, but the benefits of enhancing security, efficiencies, user experiences and fraud prevention make it worthwhile,” Boyd said.