How can travellers be sure that their data is in safe hands as biometrics become an increasingly standard feature at airports? 

Biometric solutions are successfully being used at airports around the world, delivering passenger experience and operational benefits. The technology’s further proliferation throughout the passenger journey is considered inevitable.

SITA’s latest Air Transport IT Insights, released in February, supports expectations of a biometrics-based future, with 70% of airlines expecting to have biometric ID management in place by 2026, and 90% of airports investing in major programmes or research and development in this area. Some 35% of airlines questioned have already implemented biometrics, with a further 35% planning to do so by 2026, while biometric identity management is at the top of the investment priority list for airports questioned.

Airports expect biometric, touchless and single-token passenger management technologies to be widely introduced by 2026, with 53% planning implementation of biometrics and self check-in and 54% at bag drop, according to the report.

CLEAR identity verification technology at Rhode Island T F Green International Airport’s main terminal
CLEAR identity verification technology at Rhode Island T F Green International Airport’s main terminal CLEAR

Concerns about data security

Biometric technology offers the promise of saving time, minimising disruption, and streamlining the passenger journey, improving the passenger experience as well as operational efficiencies.

But while passengers are increasingly embracing biometric-based travel solutions, concerns about data security persist. Half of all passengers questioned in the International Air Transport Association’s 2023 Global Passenger Survey raised concerns about data protection. In particular, passengers are concerned with data breaches, data being shared with other organisations, not knowing how long data will be stored for, and not knowing how data can be deleted. Some 40% of respondents said they would be more open to biometrics if they were confident their personal information is secure – up from 33%the previous year.

Stakeholders engaged in the sector are stressing the security of their solutions, however, with safety layers in place. “Security is at the heart of Amadeus’ systems in terms of application design and operations,” said a spokesperson for the travel technology company. “Under the supervision of our chief information security officer organisation, we continuously keep up-to-date with advanced security standards and IT industry best practices, securing our data, our products and our people, responding to incidents and achieving security compliance,” they added.

By scanning a QR code, passengers using the Kiosk Connect solution can connect to a common use kiosk 
By scanning a QR code, passengers using the Kiosk Connect solution can connect to a common use kiosk  Collins Aerospace

Amadeus has biometric solutions covering the passenger journey from self-bag-drop to boarding. Its portfolio is set to expand further with the recent announcement that it is acquiring Vision-Box, which has biometric solutions in service at airports worldwide. The €320m deal is expected to close in the first half of this year. Vision-Box will bring new biometric hardware and software to the Amadeus portfolio, including its border control solutions. The acquisition will allow Amadeus to offer a full end-to-end seamless passenger experience from booking to arrival at the airport through to border control and boarding, according to the Spanish company.

“The system is designed so that travel providers don’t need to hold the traveller’s biometric identifiers, which are instead stored on the traveller’s device, offering greater control and self-sovereignty,” said the spokesperson. In addition, the system is ‘consent based’, enabling travellers to leave and remove their data whenever they like. They can also choose to use biometrics for just a single trip so none of their data is stored beyond that trip.

Additional security measures

When biometric identifiers need to be sent to a third party for biometric matching, such as customs and border protection agencies, further security is involved. “The biometric identifiers are very thoroughly encrypted during transit – much like someone’s sensitive payment card information would be,” said the spokesperson.

Collins Aerospace’s SelfPass solution is installed at nine airports – Guam, Puerto Rico, Tokyo Haneda and six in the United States. Of these, only Tokyo Haneda has the full solution, incorporating an identity platform using biometrics where passengers enrol their biometric to use it for the rest of the journey, says Tony Chapman, director industry affairs, alliances and strategic initiatives, airport solutions, Collins Aerospace. The other airports use the SelfPass service for the US Customs and Border Protection (CBP) Traveler Verification Service (TVS) exit programme, where the biometric database and associated service is operated by the CBP.

Chapman says data is encrypted, both in transit and at rest. “Where biometric data is required to be stored at an airport, the data is encrypted and converted from an image to a template, where appropriate, which cannot be reverse engineered,” he said. Data is deleted from cameras as soon as the image has been processed and transmitted. Chapman says when data is required to be stored, it is done so on a dedicated local server, with appropriate controls for access and in accordance with local regulations, as well as being encrypted and accessible only to authorised users. For the CBP TVS programme, data storage and processing are under the management of the CBP.

Technology integrator NEC Corporation of America (NEC), whose aviation partners include SITA, IATA, Delta Air Lines and the Star Alliance, says addressing the ever-changing security threat to data starts with the company’s approach. In NEC’s case, this involves proven and trusted biometrics solutions built on privacy-by-design, according to Bill Carleton, director, advanced recognition systems.

“While constantly remaining vigilant to threats, we’re confident in the security of our technology and the role it can play in increasing privacy protections for consumers,” he explained. NEC’s self-sovereign digital identity provides a biometric solution that is much more secure than traditional methods of verifying identity, said Carleton. “Such an approach has been proven by decades of testing from the National Institute of Standards and Technology, as well as the confidence of leading government agencies using NEC technology for public safety and mission-critical systems,” he told Airports International.

NEC uses decentralised digital ID capabilities, with the passenger data remaining in the possession of the holder 
NEC uses decentralised digital ID capabilities, with the passenger data remaining in the possession of the holder  NEC

NEC uses decentralised digital ID capabilities, with the passenger data remaining in the possession of the holder, securely stored as an encrypted verified credential within their smartphone. “Throughout data transmission and storage, encryption measures are rigorously applied, both in transit and at rest,” Carleton said, adding that data minimisation is a default approach, ensuring that only the necessary information for a specific use case is shared, contingent upon user consent. “This comprehensive strategy enhances overall data security and privacy,” he explained.

Keeping data safe

In terms of storage, NEC adopts a customer-centric approach, limiting the stored information to what is required and based on active consent. “When data is shared with the backend, it is done based on explicit user consent, and only minimal data required for the specified use case is transmitted. Notably, this shared data is not retained long-term, as business rules dictate its availability for a limited period,” he added. Carleton points to identity information whereby access is typically granted for a predefined time, after which thedata is permanently deleted.

A recent programme has seen Frankfurt Airport operator Fraport rolling out SITA’s Smart Path biometric solution, which is powered by NEC’s I:Delight digital identity management platform, to all airlines, having previously deployed biometrics with Lufthansa and Star Alliance. SmartPath uses biometrics as identification from check-in through to boarding the aircraft, allowing passengers who have securely registered in advance on their mobile device or at the check-in kiosk using their biometric-enabled passports to pass through facial-recognition-equipped checkpoints without showing any physical documents.

Frankfurt Airport operator Fraport recently deployed SITA’s Smart Path biometric solution
Frankfurt Airport operator Fraport recently deployed SITA’s Smart Path biometric solution SITA

Identity specialist CLEAR has its CLEAR Plus identity platform in operation at 56 airports across the US, with almost 19 million members signing up and paying a subscription to use the service, with dedicated CLEAR lanes at airports allowing members to verify their identity with their eyes or fingerprint. The service is only available to US citizens and is certified by the US Department of Homeland Security (DHS).

The identity security service initially used cards when it launched in 2010, but subsequently evolved to fingerprint and iris verification. It is now transitioning to face as the primary biometric for a “faster, more intuitive, and secure experience”.

“Our new technology, NextGen Identity+ builds on our advanced identity verification technology and multi-factor authentication enrolment process, validates identity documents back to the issuing source, delivers one of the highest fidelity digital identities, and enhances checkpoint security,” said a CLEAR spokesperson.

Security is at the heart of the system. “Security is job one at CLEAR, where we are obsessed with making the customer experience safe and frictionless,” added the spokesperson. “Our comprehensive CLEAR Plus security platform has been qualified by DHS as anti-terrorism technology and provides the highest level of data protection to safeguard member information. Our programme ensures customers are in control of their own data, allowing them to delete it at any time. CLEAR operates on an opt-in basis and our policy from day one is to never sell data,” the spokesperson concluded.

Travellers using Sydney Airport have the option to use Google Maps Indoor Live View
Travellers using Sydney Airport have the option to use Google Maps Indoor Live View Sydney Airport

Biometric solution stakeholders are working to allay passenger concerns when it comes to data security. “NEC and our partners are increasingly gaining trust from passengers who have experienced our technology and can attest to its added efficiencies and security, which we provide without compromising privacy,” said Carleton. “Our priority is putting the customer in charge of their identity verification – the epitome of a decentralised identity.”

He points, for example, to NEC’s biometric partnership with SITA and Star Alliance, which is providing, at major airports across the world, a touchless, biometric identification experience from kerb to gate. “Passengers served by our collaboration are pleased with a technology developed and deployed based on industry-leading privacy-by-design principles. We generate trust among passengers by clearly communicating our strong data privacy principles and proving them,” Carleton told Airports International.

The level of passenger acceptance and trust varies around the world, according to Collins’s Chapman. In addition to security, passengers are concerned about the use of their data and whether it is being used or shared for non-authorised purposes, he says. “Aviation is undertaking a number of actions to explain that the use of biometrics within aviation takes place under controlled conditions and complies with all relevant legislation,” he explained.

Stored information infrastructure is restricted to what is required and based on active consent
Stored information infrastructure is restricted to what is required and based on active consent NEC

“The industry is currently setting recommendations and standards for the use of biometrics and the emerging use of ‘Self Sovereign’ digital identity where the passenger owns their own data and shares the minimum data that is required to complete the intended transaction.”

Regional variations

When it comes to data security regulations, the situation varies worldwide. “The lack of uniform frameworks across jurisdictions is one of the major roadblocks to biometrics becoming fully integrated and implemented,” said NEC’s Carleton. He points, for example, to the European Union which is advanced in moves to codify privacy protections through the GDPR, while countries such as the US are moving more slowly on data privacy issues.

“Some US states have taken the initiative to create strong regulations, but a state-by-state approach creates regulatory uncertainty for businesses and consumers and is not feasible over the long term. This is particularly true for companies operating in national and international markets. That is why NEC is encouraging federal frameworks for the government’s role in the growing digital identification market,” said Carleton.

Collins Aerospace believes that while a common framework “may be useful”, each country will still enact its own legislation. Chapman explained: “New legislation at the ICAO level will enable future standards for digital credentials, but specific country requirements will still apply. We supply systems that conform to legislation applicable to each country.”

Further reading: The future is biometric

Biometric technology is being deployed across the passenger journey – from bag drop to boarding – delivering improvements to the passenger experience and airport operational efficiency along the way.

There are several ways in which biometric solutions are already transforming the passenger experience, according to an Amadeus spokesperson. “Replacing manual document checks with biometrics can unlock many benefits, improving on-time performance and enhancing security,” they said, with passengers spending less than 20 seconds at self-serve bag drop and boarding time reducing considerably. “With demand for travel continuing to rebound, airlines and airports are focused on delivering an easier, faster experience that reduces queues and makes international travel more automated and enjoyable.”

While biometric elements are successfully being used at many airports, the ultimate aim is an integrated journey with biometric solutions easing pain points at each stage. “Our vision for future travel is fully digital and secured with biometric identification,” said Nick Careen, IATA’s senior vice president for operations, safety and security. “While the technology exists to do this at each stage of a journey, linking these steps together has proven challenging,” he conceded.

IATA did just this, however, late last year in a proof of concept demonstrating integrated digital travel from shopping for flights through to arrival at the destination. The test was conducted by British Airways on a journey from London Heathrow to Rome Fiumicino and involved partners including Accenture, Amadeus, AWS, IDnow, the Australian Border Force and online travel agent At the airport, biometric gates cleared the way for the passenger through security, into the lounge and onto the aircraft.

FLL has partnered with Amadeus to facilitate biometric boarding of flights for all international departures
FLL has partnered with Amadeus to facilitate biometric boarding of flights for all international departures Amadeus

Passengers are increasingly embracing the technology and looking to it to ease pain points in the journey, according to the latest passenger research by IATA. Its 2023 Global Passenger Survey found that travellers are seeking speed and convenience and are embracing technology including biometrics to deliver it. Passengers expect minimal wait times and streamlined processes at the airport and are keen to use biometrics to expedite procedures. IATA also found that confidence in biometric identification is increasing. Over the last 12 months, IATA found that 46% of passengers questioned had used biometrics at the airport – up from 34% in 2022. Some 75% of passengers questioned said they prefer using biometric data over traditional passports and boarding passes. Of those who had used biometrics, 46% reported an 85% satisfaction rate.

Biometrics could also find a role in other airport areas. “Biometrics are likely going to spread out to more customer service points,” predicts Amadeus, which has been investing in biometric technology since 2008. “Many airports are looking to increase non-aeronautical revenues and place a greater focus on retail and dining experiences. Biometrics could be introduced to offer passengers a quicker and more convenient way to pay for goods and services,” added the Amadeus spokesperson.

Furthermore, biometric technology could be used for wayfinding at flight information display systems and at information kiosks. 

Almost 19 million US travellers have signed up to the CLEAR Plus identity platform
Almost 19 million US travellers have signed up to the CLEAR Plus identity platform CLEAR