How secure is your stored biometric data? That depends on how secure the means of storing it is.
All of the storage methods detailed above use encryption to protect biometric data, but anything that is encrypted can be decrypted. In the end, encrypted data of any type is only as secure and trustworthy as the people who have access to it.
Biometric data storage on a device is more secure than storage in a database. Database storage can be convenient and cost effective. However, with large numbers of biometric templates for users, databases can be an attractive hacking target, and if they are successfully hacked, a large volume of data becomes vulnerable. Encryption helps, but exercising control over who has access to data and how they use it is the key to risk reduction.
In extremely rare instances, the comparison of an unauthorized user’s trait to an authorized user’s biometric template can result in an unwarranted verification. The rate at which this happens–the false accept rate (FAR)--is considered one of the most important statistics by which the security of a biometric algorithm is measured. In contrast, the rate at which a biometric trait is rejected and fails to properly verify an authorized user is known as the false reject rate (FRR). Acceptable FAR rates are typically one or two in 100,000, while acceptable FRR rates are less than five or ten percent of attempts.
Another concern is the risk to privacy, as biometric data is likely to bring targeted advertising to the physical world, where in-store cameras collaborate with social media companies to identify you and display in-store ads to you specifically. Fortunately, some government bodies are aware of current trends, and laws are being created to control the way biometric data is used. The General Data Protection Regulation (GDPR) addresses these concerns in Europe, and a growing number of states are enacting or considering Biometric Information Privacy Laws (BIPAs).