Don’t I Know You?

Written by

Share on social media

As personal transactions become more digital and cybercrime more sophisticated, security specialists are sprinting to keep up.

Biometrics, which collect personal characteristics to verify identity, have advanced beyond fingerprints and voiceprints to systems that recognize iris scans, vein patterns and even body odor. The Pentagon has even developed a laser that can recognize people from 650 feet away by “unique cardiac signatures”—their heartbeats.

The benefits are clear: heightened personal security and greater protection against ID theft, fraud and other financial crimes. But the technology is not without risk. Should governments and corporations routinely have unfettered access to such intimate data? Is the information subject to theft and misuse? How has the highly regulated gaming industry responded?

Don’t Get Personal

With revolutions in ID technology, regulators are developing rigorous safeguards around personal privacy. Europe’s General Data Protection Regulation, “the toughest privacy and security law in the world,” applies to any entity that collects data on EU residents, no matter its location. That means casinos as far away as New Jersey or New Zealand that compile data on EU customers must comply with GDPR standards. Penalties for violations can reach millions of euros.

The U.S., so far, has left regulation to the states. Illinois’ privacy law, acknowledged as one of the toughest, gives consumers legal redress when their data is collected without consent. California’s law empowers consumers to know how their personal info is shared and also gives them the right to delete it.

New York City requires commercial establishments using biometrics to notify patrons with signage at all customer entrances and prohibits them from sharing or profiting from the information. Texas, Washington, Colorado and other states have enacted laws requiring companies to inform individuals in writing about the collection, use and retention of biometric data.

In 2022, Congressman Frank Pallone of New York proposed the American Data Privacy Protection Act, federal legislation that would have overridden the hodgepodge of state laws. It did not reach a floor vote.

Biometrics may seem like a modern-day phenomenon, but the term was coined in 1902 and the concept has been around for millennia. As far back as 500 BC, historians say, Babylonian merchants sealed business deals by pressing fingerprints into clay tablets. In 1775, Paul Revere used dental records to identify a soldier killed at the Battle of Bunker Hill. By 1880, fingerprints were being widely used to identify criminals. Facial recognition systems began in the 1960s, and in recent years digital devices like smartphones have propelled advancements at warp speed.

“Fingerprint, facial recognition and device-based identity are now widely trusted and accepted,” says Andrew Cardno, co-founder and chief technology officer of Quick Custom Intelligence, which supplies operational software and AI analytics to the gaming and hospitality industries. “This is especially relevant for gaming, where age and identity verification are critical regulatory requirements.”

Video is no longer passive surveillance, but an “active identification mechanism,” he adds. “This raises important questions about how video data is used, shared and protected, particularly when external vendors are involved.

“The risk with biometrics is irreversibility. If biometric data is stolen, it cannot be changed like a password or a credit card number. A compromised fingerprint or facial template is compromised forever.”

Without proper and timely redaction, sensitive images and information—our very identities—may be at risk of exposure. For consumers, that can mean personal exploitation and financial loss. For operators, it can lead to regulatory sanctions, reputational damage and legal action.

Speedy Transactions, Superior Service

Unlike external IDs (driver’s licenses, passports), or changeable authenticators (passwords, PIN numbers), biometrics use unique, fixed physiological or behavioral attributes to confirm identity—and they do it with almost 100 percent accuracy. Casino operators have increasingly adopted the technology to speed transactions, improve customer service, protect at-risk players and combat money laundering.

Last year, Konami Gaming introduced biometric technology for table games with SynkVision, a finalist for 2026 Regtech Solution of the Year by the Australian Responsible Gambling Council. It adds AI-enabled cameras at player touchpoints. Registered players who take a seat are instantly recognized and welcomed. It works for non-members too, who are assigned “a unique anonymous account for ongoing engagement and tracking,” on and off the gaming floor. The system offers a 99.87 percent true identification rate.

The technology could equip operators “to truly see, analyze, rate and reward all carded and uncarded play activity on their floor for the first time,” says Tom Soukup, Konami’s senior vice president and chief systems product officer. “Its ability to enhance player protection, responsible gaming and player reinvestment places it at very high potential to become the new industry standard in player tracking.”

Marker Trax uses the biometric features of modern smartphones for its player app, says Val Apoderado, vice president of IT operations and engineering. First, players go through a KYC step where they may be required to take a facial scan or selfie and pictures of documented IDs.

Apple devices with facial recognition capabilities use projection, infrared imaging and depth mapping to create mathematical representations of the faces it scans; Android devices use snapshots of the finger’s pattern using a camera or sensor, creating an encrypted fingerprint template.

“The benefits include a smoother player experience when compared with the traditional options of entering passwords when logging into the app,” says Apoderado. “It can translate into significant savings in time and labor in validating the identity of the player applying for a cashless advance” through the Moolah Play cashless advance system. Instead of manual validation in traditional credit, “this time is cut to a few seconds when applying for a cashless advance.”

By one estimate, automated KYC in general can cut payout times by more than 60 percent compared to traditional methods.

Live, physical verification makes it “significantly harder for the use of false identities or stolen data to create false personas,” adds MarkerTrax Senior Vice President of Compliance Tina Robinson. The information compiled “is classified as high-risk personal data, triggering strict regulatory obligations that include minimal data retention and strong security controls.”

Cognetics’ FaceVACS-VideoScan solution for casinos and clubs processes live video streams and video footage, extracts all faces and compares them to image databases. In seconds, it can identify known persons such as banned or self-excluded players. In those cases, the software activates an instant alert, enabling fast response times and intervention.

It also performs analysis for age estimation and underage detection, generates demographic statistics, and singles out frequent visitors. The technology can also check in members and preregistered guests quickly without requiring physical IDs, which eliminates long lines and provides for easy, touch-free transactions.

Biometrics & Beyond

Biometric technology “comes with inherent risks, especially with respect to individuals’ right to privacy and the potential for technical or operator error,” says Jane Bokunewicz, faculty director of the Lloyd D. Levenson Institute of Gaming, Hospitality and Tourism at New Jersey’s Stockton University. “These systems, while highly accurate, can still generate false positives and negatives.

“For example, the simple use of a medical mask, sunglasses or a hat can affect the system’s function.” So, presumably, can physical changes in appearance and voice that come with time. Additional threats include AI-generated voice spoofing and deepfake technology. Until more data is available on the effectiveness and accuracy of biometric identifying technology, says Bokunewicz, it’s important to approach it with caution.

In the so-called privacy-by-design approach, data collection is limited to information that’s necessary for operations and requires customer consent for additional uses. “Transparent communication around how player data is used in bonuses and rewards programs can also encourage customers to continue allowing certain data uses,” according to the Better Business Bureau. “They just need to feel they’re receiving clear value in return.”

Biometric tools are becoming ubiquitous. New York Governor Kathy Hochul recently came out in support of their use to keep young New Yorkers from underage gambling, especially online.

In her State of the State address in January, Hochul urged state gaming commissioners to “block location-sharing and do more to cut off access to online sports gambling so our kids aren’t ensnared by addiction at a young age.” That includes facial recognition and thumbprint scanners to keep people under 21 from creating sportsbook accounts or using the accounts of others.

The technology will undoubtedly become more complex as criminals find more ways to hijack personal information. Experts endorse a multi-modal security model or three-point authentication, often defined as 1.) something you know, like a password or PIN number; 2.) something you have, like an ID card or key; and, 3.) something you are, a personal trait like your face or voice.

“As AI advances, bad actors can increasingly exploit stolen biometric data using synthetic voices, deepfake images or automated impersonation,” says Cardno, “potentially bypassing traditional human verification processes such as call-center checks.”

The Eye in the Sky

The 2011 film thriller Minority Report was set in a futuristic society where citizens are tracked and monitored by eye scans, which collect hundreds of unique points of reference, then reduce them to the equivalent of bar codes to identify subjects. That’s no longer fiction.

In China, millions of facial recognition cameras can identify jaywalkers as they cross the street and inform authorities before they get to the other side, then “name and shame” them on public billboards. A citation can shave points off the offender’s “social credit score;” too many points can potentially affect credit ratings, mortgage rates and the like. Some say it’s not so much Orwellian surveillance as a broad-based version of E-ZPass. And in the plus column, the infrastructure is so sophisticated that it’s reportedly helped solve thousands of criminal cases.

Today, cameras are everywhere. Consumers have become accustomed to using multifactor authentication to unlock bank accounts, email accounts, cellphones and computers. Our phones seem to listen to us—or are they reading our minds? For better and worse, it’s just the world we live in. And biometric technology is part of it.

“In short,” says Cardno, “biometrics offer powerful benefits, but without careful architecture and layered security, they introduce new and permanent risks that casinos must proactively manage.”