Google forced by EU law to accept Face Unlock for transaction validation

Reintroduced on the Pixel 7 series at the insistence of fans, Face Unlock is intended for unlocking the screen, not as the primary method of identity validation in potentially risky scenarios, such as validating payments initiated from the phone.

The reason is as simple as it gets. The implementation chosen by Google is a low-cost one that attempts to compensate for the limitations of the optical camera with artificial intelligence algorithms responsible for further validating the image delivered by the phone’s front camera. Unlike the iPhone and even some older Pixel generations, facial recognition on the Pixel 7 phones relies on the phone’s front-facing camera, an optical system that’s easy for any hacker with minimal skills to “trick”.

The problem is that the argument raised by Google is not provided for in the current version of European legislation, which is formulated to force smartphone manufacturers to allow the use of all means of biometric authentication (such as fingerprint authentication and facial recognition) to facilitate online transactions.

As a result, Pixel 7 users in Europe have found that transactions they initiate are approved virtually instantly, just by looking at the phone’s screen. While convenient and could even be considered a step forward, the method that bypasses fingerprint validation is also far from the most secure.

Specifically, a reasonably good quality photo of the phone owner’s face could solve the problem of insufficient funds on your own bank card. The “scheme” works for both online store purchases and contactless payments. The only “good” news is that payments authorised by this method are limited, however, to no more than 5 consecutive transactions, or €100-150 total amount spent.