China has seen the launch of the first self-regulatory convention in the country to govern the use of facial recognition technology by the payments sector.
On 21 January the Payments & Clearing Association of China (PCAC) issued the “Facial Recognition Offline Payments Sector Self-regulatory Convention (Trial)” (人脸识别线下支付行业自律公约(试行)) to its member institutions.
According to PCAC the purpose of the Convention is to “standardise application innovations in facial recognition offline payments; prevent facial recognition payments security risk, protect the rights and interests of member entities, and uphold the interests of the public.”
The Convention calls for all member entities to:
- Establish full-life facial data security management mechanisms;
- Uphold the principles of “user authorisation – minimum sufficient usage” at the collection phase;
- Clearly notify users of the goal, method and scope for the usage of user information, as well as obtain user authorisation in order to avoid unnecessary collection;
- During the storage phase, provide encrypted storage of facial data, and provide security walls between bank account numbers or the payment account numbers and the security numbers of users;
- During the usage phase, vendors are not permitted to gather or copy facial data, in order to achieve end-to-end personal privacy protection.
Related stories
UnionPay Does Not Expect Facial Scans to Replace Existing Payments Technologies
China Merchants Bank Launches Facial Recognition Payments for Enterprise App
SPDB Uses Facial Recognition Technology to Make Bank Cards Redundant