The Payments Association of South Africa ("PASA"), the
payments system management body of that country, recently announced a new biometric verification
specification, which is set to become the standard for biometric
payments throughout South Africa. The new specification will
facilitate biometric authentication on payment cards. Visa and
Mastercard are partners in the initiative.
Typically, biometric authentication standards are particularized
to the company or financial institution facilitating payment. The
biometric standard accepted for authenticating payment at one
vendor would not necessarily, or even generally, be the same as the
standard accepted at another vendor. The PASA standard is designed
to eliminate or at least minimize these discrepancies and permit
authentication of a payment via the same biometric standard at any
Biometrics in Canada
Biometric authentication is not unique to South Africa. Closer
to home, Tangerine recently re-released its mobile app for iOS,
which includes biometric authentication features allowing users to
protect their accounts via iris scan or vocal password. In the
first quarter of 2016, the Bank of Montreal released a biometric corporate credit card in
partnership with Mastercard, which relies on facial recognition and
Financial institutions are not the only groups interested in
biometrics—the Canadian Border Services Agency is running a
trial project with the federal Immigration Department to use
biometric technology to catch individuals traveling with fraudulent
documents. A waterpark in Ontario, realizing their
swimsuit-clad patrons had few places in which to carry a wallet,
employs cashless fingerprint payments.
Finally, as noted in recent CyberLex blog posts (
here), provincial governments in British Columbia and Manitoba
are investing in all-in-one identification technologies also
targeted at improving identification and authentication for
Considerations for Business
Biometric measures are appealing to businesses because they are
convenient (no need to remember a PIN, or enter a code) and they
automatically identify people or verify their identity. However,
biometric characteristics (such as fingerprints, voiceprints,
retina scans and so on) are personal information under provincial
and federal privacy laws and as such, must be treated in accordance
with those privacy laws. One of the chief concerns is that
biometric information collected for one purpose (e.g. payment
account identity verification) will be employed for another (e.g.
routine surveillance, stored to be matched against future samples,
targeted advertising, etc. ).
In biometrics, the potential for multiple uses originates from
the fact that they are relatively permanent and highly distinctive,
making them a convenient identifier that is both constant and
universal. These characteristics are difficult, if not impossible,
to change – which heightens the need to protect this type of
information. While the breach of a database of PIN numbers is
problematic, at the end of the day, the PIN numbers can be changed;
a breach of a database of DNA or fingerprints does not permit such
The Privacy Commissioner of Canada has suggested businesses ask themselves four
questions before undertaking a biometric system:
Is the measure demonstrably necessary
to meet a specific need?
Is it likely to be effective in
meeting that need?
Would the loss of privacy be
proportionate to the benefit gained?
Is there a less privacy-invasive way
of achieving the same end?
The campaign aims to bring awareness to the wide scope of concerns that the term cybersecurity covers, including internet security, privacy, mobile safety, distributed denial-of-service (DDoS) attacks...
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).