Expansion of biometric tech demands trust before adoption, survey finds

A new report on consumer attitudes toward biometrics performed by the Identity Theft Resource Center (ITRC) explores the growing reliance on biometric technologies and the skepticism many consumers still hold toward them. The report sheds light on both the promise and the peril of integrating biometric verification into everyday life.

While biometric technology cannot eliminate identity fraud entirely, the report says, its appropriate and ethical use can significantly reduce the risks posed by static, compromised data.

ITRC surveyed 1,177 U.S. adults last August and found that 87 percent had been asked to provide biometric information during an identity verification process within the past year. Biometrics mentioned in the survey included selfie photos, live video, fingerprints, voice, and eye scans.

Despite serious privacy concerns reported by 63 percent of the respondents, a striking 91 percent continued with their transaction when prompted to submit biometric data. This disconnect between concern and compliance suggests a complex relationship between perceived necessity and privacy apprehension.

The report makes clear that consumers’ concerns are not abstract. Respondents cited potential misuse by employees, unauthorized data sharing, surveillance by law enforcement, misidentification, and data breaches as leading reasons for their discomfort. For example, 69 percent worry that their biometric data could be compromised by insiders, while 60 percent feared it could be repurposed for non-verification activities. Concerns about being tracked by government entities were noted by over a quarter of respondents.

Two-thirds of respondents agreed that biometrics can reduce identity crimes, but 39 percent believe that biometric use should be banned. Thirty-six percent did not share that belief. The significant number of people who would ban the use of all biometrics is dominated by younger respondents (45 percent) and men (54 percent). The number of people who would not ban biometrics was dominated by women (39 percent) and respondents 60+ years old (49 percent).

“This research highlights a critical need for those of us working to prevent identity crimes to do a better job explaining both the benefits and risks of emerging identity technologies – especially biometrics,” ITRC CEO Eva Velasquez said in a statement.

“Our hope is that this biometric report serves not only as a guide for future study but also as a roadmap to increase public understanding and acceptance,” Velasquez said, noting that “change can be uncomfortable, but resisting it without understanding the facts can create unnecessary risk. We must do more to show why secure biometric identity verification is in everyone’s best interest.”

Similarly, in October, Aware released its 2024 Consumer Trust in Biometrics Report which stated that “more than 50 percent of all users now authenticate with biometrics daily, signaling a clear path toward mass adoption,” but that consumers also “have a keen awareness of the sensitivity of their biometric data and are looking to use biometrics with providers who have clear policies around data management.”

“An overwhelming majority of respondents agree that biometric technology will become more prevalent over the next five years. This isn’t altogether surprising, given that consumers generally recognize biometrics’ superiority to passwords in the areas of security, convenience, and speed of access,” Aware Chief Product Officer Heidi Hunter said in a statement.

“However,” Hunter added, “what’s remarkable is that a large percentage of respondents stated they are more willing to trust some organizations than others, based on a demonstrated ability to responsibly collect and manage biometric data. Clearly, the desire for convenience and speed is winning out, because the rise in use cases is expanding. But we think there’s a huge opportunity for brands to build on the benefits of offering biometrics by clearly communicating with consumers, addressing their concerns about data usage and offering alternative authentication options.”

Based on the responses to the ITRC survey, anxieties about biometrics are not uniform across demographics. The report said that younger people and men are more likely to support a complete ban on biometric use, with 45 percent of respondents aged 30 to 44, and 46 percent of male respondents agreeing with such a prohibition.

In contrast, women and older adults showed more openness to biometrics or were more undecided. The undecided group, which makes up roughly a quarter of all respondents, is key to the future trajectory of biometric adoption. ITRC suggests that better education, greater transparency, and opt-out mechanisms could meaningfully influence this group.

Another critical finding of the ITRC survey is that nearly half of the participants had been victims of an identity crime in the previous 12 months, and over half had experienced one at some point in their lives. These figures underscore the growing frequency of identity theft and the urgent need for stronger verification methods.

The report contextualized this need by highlighting that identity theft now occurs roughly every 22 seconds in the United States. Coupled with over 2,100 data compromises reported in just the first nine months of 2023 alone, the report positions biometric verification as a crucial component in addressing a pervasive threat.

Despite this, respondents still expressed a desire for agency and control. Many said they would be more comfortable using biometric technologies if given more information about how their data would be used and protected. Around 41 percent of respondents wanted more transparency about the purpose of biometric data collection, while 39 percent wanted the right to block sharing or selling of their information. Another 32 percent expressed a desire to delete their biometric data upon request.

The ITRC report also addressed the confusion between facial recognition and facial verification, emphasizing that these are fundamentally different technologies.

Facial recognition typically refers to surveillance-based, one-to-many identification systems used by law enforcement or intelligence agencies, often without an individual’s consent. Facial verification, in contrast, is a one-to-one comparison initiated by the individual during a consent-based transaction, such as verifying identity for banking or government services. The report argues that conflating these two applications harms public understanding and hinders legitimate adoption of identity verification technologies.

In its accompanying discussion paper, the ITRC warns that static data alone -names, Social Security numbers, and other personally identifiable information – is no longer sufficient for identity verification. With personally identifiable information now widely available on criminal marketplaces due to countless data breaches, the value of that data must be diminished through stronger verification methods.

Biometrics, the ITRC report suggests, provides a path forward. By adding a “something you are” factor to traditional “something you know” and “something you have” models, biometric verification creates a higher barrier to impersonation and fraud.

Nonetheless, the report acknowledges the technical and ethical challenges of biometric use. Systems must be tested for bias and performance across diverse demographics. For instance, some biometric systems have struggled to accurately verify dark-skinned individuals or women.

The FIDO Alliance’s 2024 Consumer Insights report revealed a strong preference for biometric authentication in sectors like financial services (49 percent), digital identity (47 percent), and government services (40 percent). Nonetheless, concerns about the accuracy of facial verification technologies across different demographics persist the report said, with 56 percent of U.S. adults surveyed acknowledging potential biases.

ITRC emphasized that organizations should only use biometric technologies that are vetted by the National Institute of Standards and Technology and urges the implementation of best practices such as conducting Digital Identity Risk Assessments, adopting “snap, match, and delete” protocols to minimize data retention, and offering accessible alternatives for those unable or unwilling to use biometrics.

The risks posed by emerging technologies such as deepfakes are also addressed in the ITRC report. To counter synthetic threats, ITRC recommends the use of layered security measures, including liveness detection, real-time verification, and passive spoof detection.

The ITRC report outlines potential use cases where biometric verification could significantly reduce identity-related fraud. In the Department of Motor Vehicles context, facial verification could prevent criminals from obtaining duplicate IDs using stolen data. In financial services, it could render knowledge-based authentication obsolete, particularly considering its vulnerabilities to stolen data. For government benefits, biometric verification could stem fraud like the widespread pandemic-era unemployment insurance scams, where billions were lost due to weak verification practices.

The report also highlights the importance of giving individuals the ability to opt out and access services through other means. It emphasizes that any biometric identity program must be accompanied by a “digital offramp” to ensure equitable access, especially for those without Internet access, smart devices, or who have disabilities that hinder biometric enrollment.

A 2024 Ipsos survey commissioned by the U.S. Travel Association found that 78 percent of Americans support the use of biometrics at Transportation Security Administration airport checkpoints, but that support increases when travelers are assured that their data will be deleted shortly after use and not shared with other agencies.

Ultimately, ITRC does not advocate for the blanket use of any single biometric solution. Instead, it calls for a cautious but committed path forward, one that includes strong safeguards, regulatory oversight, public education, and system transparency. The report urges organizations to adopt a consent-first framework, provide deletion options, limit data retention, and monitor systems for bias and performance anomalies.

Article Topics

biometrics  |  consumer adoption  |  data privacy  |  digital identity  |  digital trust  |  fraud prevention  |  Identity Theft Resource Center