Definitely Doug 10/14/22: Facial Authentication and Recognition: Myth vs. Fact

Several times in the past year, I have heard senior hotel IT executives express views about facial authentication and recognition. I have been surprised at how misinformed some of them are. To be clear, I’m not talking about someone who knows the topic and was presenting it at a conference, but rather to casual comments made in panel sessions or in smaller conversations where facial biometrics came up.

It’s time to separate the myths from the facts.

Facial authentication matters if you want to enable guests to bypass all or most of their interactions with the front desk. Your objective may be to compensate for short staffing or simply to cater to guests who prefer the convenience or privacy of mobile check-in. Whatever the reason, if your hotel must (or wants to) check guests’ IDs (as most hotels do), you can’t eliminate the need for a front desk visit without facial authentication. But with it, the guest can get a mobile key (at hotels that support it), cut a physical key at a kiosk, or pick up a pre-prepared key envelope at the front desk in what should be a 10-second transaction. And the security will be as high or higher than at the front desk.

I have written about facial biometrics technology in the past, and I will not repeat too much of that material here; the earlier article is still reasonably current in describing the technologies. In the past year and a half, however, facial authentication has become much more common at hotels in some parts of the world (notably the Middle East and Asia). In general, hotels there have found that it works, encounters little consumer resistance, and is reasonably priced. It is spreading to other regions, including North America. So, this week my blog will try to dispel some of the common misconceptions I have heard.

Fact or Myth? Facial authentication and facial recognition are the same.

Many people use these terms interchangeably because both utilize facial biometrics. Facial recognition occurs when a face found in a photo or real-time camera image matches one that is stored in a database, and the conclusion is drawn that it’s a known person. Casinos use it to identify banned guests as they come through the front door, and airport security staff in the US and other countries are using or testing it to avoid the need to see identity documents at security checkpoints. The facial image (photo) itself may or may not be stored; more commonly, faces are converted to biometric templates that distill geometric aspects of the face to a common model, such as by recording relative distances and angles between identifiable points on the face.

Because facial recognition relies on stored biometric data that identifies real people, there are many privacy concerns around its use (as there should be). However, it can also be very convenient. For one of my airline lounge memberships, I allow the airline to store my photo because by doing so, I no longer must show an ID when I enter. I have no real privacy concerns about that because anyone who really wants my photo can get it from my LinkedIn page, at it’s one less thing to get out of my wallet and juggle when I enter the lounge.

Facial authentication, unlike facial recognition, occurs when a face is used to validate that someone is entitled to do something. It is often a substitute for passwords, for example. A common use case is mobile banking. I used to have to remember many different complex passwords to access my bank and investment accounts (and other accounts with stored value, like loyalty programs). Today, most of these allow me to log on using Face ID on my iPhone, greatly simplifying my online experience as well as improving security for the bank or loyalty program. After all, it’s a lot harder to steal a face than a password.

Facial authentication does not require the authenticator to store any biometrics. In my case, the biometric representation of my face is stored in my iPhone’s secure element. My banks don’t have a copy; they simply access an API on my phone to request that it verify a match between the camera’s real-time view of my face, and the one stored on the phone. If someone steals my phone and somehow manages to reset FaceID to their own face, all the apps will be reset to require the next login using a password (and probably two-factor authentication) that the thief won’t get past.

This one is a myth.

Fact or Myth? A hotel using facial authentication needs lots of cameras.

I heard this one in a discussion about biometric door locks, where a hotel company CIO dismissed the idea as too expensive because he thought they would need to equip every guest room door with a camera. While doing facial recognition requires you to install cameras, facial authentication most commonly uses the mobile phone camera of the person requesting authentication. With newer iOS and a few Android phones, this may be done through the device’s native face authentication. For phones without this capability (or if you need to verify identity documents anyway), it can be done by having the user take a photo of the identity document, verifying that it is legitimate, and then matching the photo to a real-time selfie.

But the hotel does not need its own camera. Not for guest check-in, not for staff entrances or time clocks, and not for facial unlocking of a guest room door. You can have one if you want (and it might make sense in some cases), but it will only be helpful if you have a database of facial biometrics of the people who need to use it. That might be fine for hotel staff, but not for most guests.

This one is a myth.

Fact or Myth? Facial authentication requires storing photos, and therefore requires compliance with privacy regulations.

Based on what I said above, you should know the answer to this one by now. But I have heard multiple hotel CIOs reject facial authentication based on privacy regulations that control when and how personally identifiable information is stored (and let’s face it, few things are mor personally identifiable than your face). To do facial recognition, you do indeed need stored photos or (or facial biometric data derived from them).  But most hotel use cases do not require facial recognition, only authentication.  We don’t usually need to know who a random individual passing through the front door is, a problem that recognition can solve if you have their photo on file. We do, however, probably want to know who we are issuing guest room keys to. That problem, however, only requires knowing that the person standing at the front desk, kiosk, or keycard dispenser (or using a mobile key) is the one who has the reservation, and perhaps that their identity has been validated sufficiently to meet local regulations or hotel policies. Local regulations in some countries may require you to store copies of identity documents, but there is no place I am aware of makes you store biometric data.

Many solutions on the market today handle this authentication quite nicely. As part of mobile preregistration, mobile check-in, or kiosk check-in, they typically ask the guest to take a photo of their identity document; they then match the photo on that document to a selfie (there are ways, discussed in my earlier article, to make sure the selfie is taken live, so you can’t just hold a picture of the face in front of the camera). You can do this prior to check-in or at the time of key issuance; the only catch is that if you want to capture the identity document ahead of time but verify it later when you issue a key, you will need to store a copy of the identity document or the photo on it (or its biometric template) from the time of capture until the time of validation. The same is true if you want to let the guest use the identity document on future stays. In many jurisdictions, this will require disclosure to and/or consent from the guest.

This one is a myth also; it is not necessary to store photos, at least for the common hotel use cases. There are, however, some less common ones where it might be useful.

Fact or Myth? Hotels need access to the databases of identity document issuers (typically governmental bodies) to validate them.

How do you validate identity documents today? Most likely, your front desk agent takes a quick glimpse at the driver’s license or passport, and if they are particularly conscientious, might look to see if the picture matches the face and whether the individual meets any age requirements. But how certain are you that a driver’s license presented by a guest at the front desk isn’t forged? Are your front desk agents trained in the many hidden security features embedded in identity documents? And do they know all the variations from country to country or state to state?

Having front desk colleagues verify ID documents is a pretty porous process from a security standpoint, even compared to bouncers doing it at bars (who at least might be trained in spotting fake IDs). Given that hotel guests tend to be from out of town and carry identity documents from unfamiliar issuers, it’s not very realistic to expect the typical front desk employee with three months on the job to catch many forgeries.

Several global third-party services (mentioned in my earlier article) can verify the legitimacy of a document to varying degrees of certainty. For a small transactional cost, it is quite easy to verify the authenticity of a driver’s license or passport more reliably than a front desk agent. The better providers of such services know the embedded security features of hundreds of different identity documents from around the world and can quickly determine whether a document is forged or expired. Many can also read the name, address and other information and use it to populate or update the reservation in the property management system, a small bonus that can help make check-in faster, reduce labor requirements, and help justify the ROI. Authenticating identity documents can also reduce credit risk: much credit card fraud involves the use of fake IDs, because it’s too easy for authorities or banks to track down guests who use their own IDs.

For applications where that level of certainty isn’t enough (such as perhaps onboarding a new employee), many (though not all) IDs can be further validated online with the issuing agency, which would catch even the highest-quality counterfeits as well as documents that have been revoked. Not surprisingly, this comes at a higher transactional cost – too much to use on every arriving guest, but not a problem if used only occasionally, such as when onboarding new staff or renting out the Presidential suite.

Perhaps there are a few use cases in hotels where you need the higher level of certainty these solutions can provide, but for the typical guest check-in use case, the lower level of security is still far better than the prior manual process.

This one is also a myth.

Fact or Myth? If a guest uses mobile check-in but needs to pick up a key at the front desk (i.e., no mobile key or kiosk option, or the guest chooses not to use it), then for security purposes you still need to see an identity document to avoid giving the key to the wrong person.

A quick glance at the identity document at the front desk may be the most efficient way for the hotel to ensure that room keys only go to the registered guest. However, it isn’t necessarily friendly to the guest if there is a long line to navigate first. Moreover, the front desk colleague is unlikely to look at the identity document closely enough to detect forgeries or even loaned IDs. If a full-sized check-in kiosk with key cutting capability isn’t appropriate, then a small desktop unit that can be activated by a QR code, positioned on the counter or next to the front desk, may be a good option. Many full-sized kiosks can also use a QR code to activate key encoding and dispensing (as well as handling facial authentication, if the guest didn’t do that prior to arrival).

This one is a myth too. There are plenty of other options for dispensing keys securely, and most of them are more secure than the typical front desk key pickup process.

Fact or Myth? Guests have privacy concerns about facial biometrics.

There are many different uses of biometrics, and a myriad of ways of implementing them. Many consumers have strong opinions about the technology, often formed based on news reports or social media posts that cite some particular deployment that appears to violate privacy norms. There are certainly technologies (and implementation tactics) that can violate both legal and ethical requirements.

Most guests have very little understanding of the technologies involved and some will assume the worst. In the past, when one of these columns has touched on technologies with privacy implications, it was not uncommon for me to get online comments from industry colleagues who had knee-jerk reactions (like “all biometrics are bad”). In most cases I can only chuckle, because the remainder of their comments indicate that they never actually read the article – I could tell because they assumed based on a title that included a word like “biometrics” that I had taken the point of view opposite of theirs, when I hadn’t. Such is human nature.

So, this one is a fact. Many guests do have privacy concerns, well-founded or otherwise, about facial biometrics. The percentages vary geographically and demographically, with younger people and those from Asia less likely to care, older people and Europeans more likely, and the U.S. somewhere in between. Further, many people who may object to biometrics in principle will decide to live with a particular implementation if it makes their lives more convenient (like not having to show your ID every time).

Deploying facial authentication with guests will invariably raise some privacy concerns. However, addressing them is straightforward and can prevent reputational harm. For mobile check-in, I would be very clear that it’s an option that can simplify check-in, not a requirement. If you must retain a copy of an ID document, you must say why (and meet any other legal privacy requirements) and for how long – but you already have to do that at the front desk. You should be clear that you do not store any biometric data after check-in is complete (or if you must for regulatory reasons, disclose why). You can offer the guest the option for faster future check-ins if they want you to store their biometrics, but that should clearly be opt-in only.

Summary and Conclusion

Facial authentication is a key technology that can reduce nonproductive time spent by both the hotel staff and the guest at the front desk. Preregistration and mobile check-in on the guest’s mobile device can eliminate manual staff processes at the front desk. It can change the guest arrival process from one of collecting and entering guest details, into one where the hotel colleague can spend time providing a genuine welcome, familiarizing the guest with the hotel, and helping them arrange details of their visit.

Having said that, I do not expect facial authentication to be a winning technology for unlocking guest room doors, at least anytime soon. Yes, you could pull out your iPhone, unlock it, open the hotel app with Face ID, and unlock the door with a Bluetooth or near-field communication (NFC) key. In fact, with some hotel apps that use Face ID, that’s exactly how Bluetooth keys work today. But the newest generation of NFC mobile keys, now starting to be deployed, don’t require unlocking the phone or opening the app, just a tap near the lock. Facial recognition doesn’t add much (other than ensuring that the phone wasn’t stolen – something hotels can’t do very well with stolen physical keycards, either).

Not every hotel needs facial authentication today, but this will likely change as travelers get more accustomed to digital/mobile check-in processes. If you have a hotel with an overly busy front desk, whether due to staffing shortages or just to a business mix that has large rushes at certain times, preregistration with facial authentication is an attractive option, and there are many good product choices on the market today. If you want to take a look, some of them are mentioned in this earlier article.