The value of biometric data lies in its distinctiveness and resistance to fraud. This information, which is the product of encoding our facial features during onboarding, must be treated as exactly what it is: part of our identity. An identity which is now, thanks to artificial intelligence, also digital, which means a paradigm shift in process development. The possibilities that using biometric data offers us are infinite and radically different. That is why it is essential that we employ an appropriate level of security on such sensitive information. Applying for a loan, entering a venue, checking exam results, boarding a plane, and arranging a doctor’s appointment can all take place quickly and securely using biometrics.
What is biometric data?
The FacePhi algorithm extracts biometric information from a photo of the user and converts it into an encrypted digital numeric pattern. We use our proprietary encryption and then the public AES 256 cipher. This double encrypted pattern prevents reverse engineering, which makes it impossible to falsify a face. The FacePhi algorithm extracts biometric information from a photo of the user and converts it into an encrypted digital numeric pattern. We use our proprietary encryption and then the public AES 256 cipher. This double encrypted pattern prevents reverse engineering, which makes it impossible to falsify a face. This information is sent to the client’s server for onboarding if it is the first time or for comparison against the onboarding pattern in the case of subsequent authentications. Under no circumstances are user images sent to FacePhi’s servers for storage.
How do we protect your biometric information?
Privacy is secured by design, which must be approached with user data security at its core. This is the only way to offer an accurate and reliable solution. At FacePhi, security is ensured through facial recognition by comparing over 10,000 points, which are sent as a mathematical representation of the user’s face. Additionally, a unique time stamp token is added every time it is used. As such, the image is never transferred to prevent any possible man-in-the-middle attacks.
To prevent reverse engineering, the pattern which encodes our face is encrypted, making it impossible to reconstruct the original image. This, coupled with the absence of data storage, provides secure processing that complies with current laws and respects the decisions of individuals.
The user has and will always have the last word
It is, firstly, essential to seek explicit user consent when gathering data. Users must be aware of all implications and eventualities so that they can exercise their digital rights at any time. In order to ensure this is the case, we give users the opportunity to decide whether or not to use their biometric data.
For this FacePhi follows the principles of ethical biometrics, which are based on the provisions of the GDPR. Article 9 of the GDPR prohibits the processing of biometric data for the purpose of uniquely identifying a natural person and sets out a series of exceptions: the explicit and informed consent of the data subject, when processing is necessary to comply with obligations and/or exercise specific rights of the data controller, and when it is necessary for reasons of public interest.