A Chinese man recently had his money stolen from his bank account after his roommates scanned his face while he was asleep to make online payments with the facial recognition function. The incident once again raised security concerns regarding biometrics-based technologies.
According to an April 8 report by Chinese media Chengdu Economic Daily, a busboy surnamed Yuan lived with two roommates in Ningbo City, Zhejiang Province. Recently, when he checked the balance in his bank account, he was shocked to discover that there was only 0.59 yuan (about $0.09) when he allegedly had about 12,000 yuan ($1,787) in the account. He reported the theft to local police immediately.
After an initial investigation, police suspected that Yuan’s two roommates, surnamed Liu and Yang, may have stolen the money. When police interrogated both Liu and Yang, they admitted to using Yuan’s smartphone to make payments while Yuan was sleeping. They knew that Yuan regularly used the face recognition feature to make online payments, so they scanned Yuan’s face to use his money.
Police also found that normally, facial recognition would not work when a person’s eyes are closed. However, the facial recognition function on Yuan’s smartphone was substandard, making it easy for his roommates to scan his face while Yuan was asleep.
In recent years, Chinese tech companies have vigorously developed and popularized facial recognition technology.
In 2018, during the Chinese New Year holidays—a time when many people travel to their hometowns to celebrate festivities with family—China’s railway stations began to roll out a facial recognition payment system on a large scale, replacing the traditional ticket and ID checking system.
In addition, Alipay, the mobile payment service created by tech giant Alibaba, rolled out its first “facial payment” station at a physical store in Shanghai in December 2018. A customer scans the commodities first, then positions his or her face in front of the camera to make the payment. UnionPay and WeChat Pay both followed suit shortly after with their own payment stations at physical stores. These three companies, China’s most popular e-wallet providers, have popularized the use of facial recognition for payments.
However, with regard to privacy issues associated with biometrics-based technologies, industry experts have long expressed concerns.
Tan Jianfeng, chairman of Chinese cybersecurity firm, Shanghai People Network Security Technology Co., told the state-run People’s Daily during an interview in March 2017 that, if your password is stolen, you can reset it, but biometric information cannot be reset. Once your facial features are stolen, you cannot change to another face.
Tan also reminded the public not to casually use the facial recognition function for online operations. “In the era of big data, once biometric authentication is used, there must be a database for the storage of biometric features. All data will be converted to machine code as soon as it is stored. Any machine code can be intercepted,” he said.
Tan himself chooses not to use fingerprint or facial recognition for his electronic device activations or as a payment option.
However, many Chinese prefer the convenience of using such technology.
Facial recognition is also broadly employed by Chinese authorities via security cameras, which have prompted security and human rights experts to raise concerns about authoritarian mass surveillance that infringes on citizens’ privacy.