Facial recognition technology: a Citro explainer

Facial recognition technology is the new PIN number – it can open our smartphones and secures our banking apps. Rosalyn Page explains how governments are using it for policing and security and what you need to know about privacy and the accuracy of this technology as faces age or sag over time.

By Rosalyn Page

How does facial recognition work?

If you unlock your phone or an app on your phone with your face, you’re using facial recognition technology which takes biometric information from your face to validate your identity.

By capturing a face print and comparing it to digital images, it uses probabilities and artificial intelligence (AI) to establish the likeness between the scanned face and the digital image.

It’s important to note that there are 2 different forms of facial recognition:

1. one-to-one comparison, the type that’s used when unlocking a personal device, and

2. one-to-many identification, used in surveillance and customer satisfaction monitoring in stores and shopping centres to identify a face in a crowd. 

Other types of biometric identification technology includes:

  • fingerprint identification, used in policing;
  • voice recognition, used with government departments such as the Australian Tax Office (ATO) for account verification and to control internet-connected devices and with translation software; and
  • iris recognition, used in settings such as prisons.

To understand exactly how it identifies a face, let’s take a look at the process step-by-step.

Step 1: Facial detection

The process starts when the phone or other camera detects the image of someone’s face.

Step 2: Facial analysis

The face is ‘mapped’, usually by tracking the features such as the shape of the chin, the space between the nose and mouth, and measuring the distance between the eyes. This information is then converted into a string of points known as a ‘faceprint’, much like a thumbprint, which is unique to each person.

Step 3: Facial recognition

The facial recognition process then compares the person’s faceprint, or facial signature, to its database. It will then confirm whether or not there is a match between the scanned face and an image stored on the phone or in a database.

What we know about where facial recognition technology is used

While it’s not easy unravelling exactly how and where facial recognition technology is used, we do know it’s widely deployed in Australia, with a facial verification service (FVS) used 2.6 million times in the 2022-2023 financial year, according to Australian Government reports. 1

Here are some examples of the places it’s used in Australia.

•      Federal as well as some state and territory police forces are using the technology.

•      Government departments such as Home Affairs use it for a range of purposes including border control and passport checks at airports, identity confirmation and tracking criminal activity. Airlines like Qantas are also using it in airports.

•      Some retail stores and shopping centres have been found using the technology for ‘loss prevention’, which likely means they use it to identify known shoplifters.

•      Some sporting and concert venues including the Sydney Cricket Ground, Melbourne Cricket Ground and Qudos Bank Arena.2

•      Previously for Covid-19 containment with GPS tracking to monitor people in home quarantine.

Across many countries, facial recognition technology is also used in retail stores, banks, casinos, schools, workplaces, public transport and healthcare settings for identification purposes.3

China, Russia and the United Arab Emirates (UAE) top the list of countries with the most invasive use of facial recognition technology, but Australia ranks seventh ahead of India and Japan for its widespread use, according to a ranking by Comparitech.4

In 2021, the Office of the Australian Information Commissioner (OAIC) demanded 7-Eleven destroy face prints it had collected from customers who did not consent to have their biometric data stored.

What are the risks of facial recognition technology?

Facial recognition has been trained on a collection of facial images; however, there can be biases in the process of identification because it may be less accurate with certain types of faces.

There are concerns about racial profiling and protester identification because the technology has misidentified people of colour, especially women of colour, at higher rates, who are then at risk of being wrongly detained or even arrested.

Face print data can be combined with other data sets that a business holds about an individual to build a detailed profile on a person. These detailed profiles are valuable information for retailers who can then target consumers personally through personalised marketing campaigns.

Biometric data - such as face prints - is regarded as sensitive information under the Privacy Act and the Australian Privacy Principles (APPs). In Australia, biometric data must be collected, stored, and used in accordance with the law.

Under the Privacy Act, businesses can only collect a face print without consent if:

  • the business is identifying the person as a part of an automated verification process, if it is authorised by law; or
  • the business is required to collect it to prevent a serious threat to life, safety, or health of any individual.

Businesses using facial recognition technology need to establish that it has collected valid consent and has reasonable grounds for the collection of personal information.

Ageing and facial recognition technology

It appears that as faces sag and develop wrinkles, the technology has more trouble with identification.

Researchers from the Norwegian University of Science and Technology found the accuracy of the algorithms dropped as age increased. After 5 years, it started to fail and after 20 years or more, it had very little chance of a positive result.

A natural defence against facial recognition technology is ageing - if no new images of a face are captured then it only takes 5 years of ageing before facial recognition technology struggles to identify individuals.

Privacy concerns about facial recognition

Retailers and business are interested in facial recognition because they’re able to understand more about customer habits and preferences and develop personalised offers and marketing to them.

Many marketers see a future where sporting or music fans enter a stadium and can be identified through their device and facial recognition and targeted with personalised offers and messages, and then the data about their activities is collected for future marketing activities. 

However, the use of facial recognition technology has highlighted the privacy concerns around the loss of anonymity and security concerns to do with the collection, storage and sharing of sensitive biometric information.

Australia’s privacy principles (APPs) mean that people need to be given suitable notification, provide their consent and facial images should only be collected for a necessary function.

Consumer advocate CHOICE exposed the use of facial recognition technology by major Australian retailers Kmart, Bunnings and The Good Guys with limited public disclosure. These revelations highlighted the public’s lack of awareness and inability to provide proper consent if the retailers don’t disclose the technology is being deployed.  

In another example, while surveying customers about their in-store experience, 7‑Eleven was found to be collecting facial images which interfered with people’s privacy because it was not for a related function and adequate notice or consent wasn’t provided, according the OAIC. 5

How to know if facial recognition is being used

There’s no dedicated law and current privacy protections don’t require businesses to be completely transparent about when and how they use the technology.

CHOICE says the public should have a right to disclosure and consent about the use of facial recognition technology in stores and other places like stadiums and public areas.

 With the growing use of facial recognition technology and concerns about the invasion of privacy, there has been a push to regulate its use.

The Government has passed new laws to provide safeguards around individual recognition, although this doesn’t propose any safeguards around one-to-many facial recognition systems. 6

To check if a store or business is using facial recognition technology, look for a ‘Conditions of Entry’ sign at the entrance and check the privacy policy on its website for mentions of terms such as ‘under surveillance, CCTV and /or facial recognition technology’.

The OAIC says face prints are now being used as payment methods in stores and parts of public transport systems in China and this practice is expected to become more widespread.

A major credit card merchant is currently trialling a program they intend to roll out globally that will allow retailers to offer biometric payment authentication methods, including facial recognition and fingerprint scanning.7


1. Government sources: accessed December 27, 2023 accessed December 27, 2023 accessed December 27, 2023

2. accessed December 27, 2023 accessed December 27, 2023

3. accessed December 27, 2023 accessed December 27, 2023

4. accessed December 27, 2023

5. accessed December 27, 2023

6. accessed December 27, 2023

7. accessed December 27, 2023

Back to feed
Not yet a cardholder?

Start earning cashback today
with a Citro Card

It's easy:

1. Download the Citro App on the App Store or Google Play
2. Apply for your Citro Card
3. Link to your bank account and activate your Citro Card
4. Earn cashback to spend on whatever you want, whenever you want.

For a limited time only, enjoy the premium Citro membership for free!

Get more out of life.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Learn how we collect and use your information by visiting our Privacy policy