Beyond authentication: Why biometrics will reshape commerce, not just payments

Yesterday at Stripe Sessions, I had the opportunity to speak about something I've been thinking about deeply for a long time: the gap between how commerce works today and how it should work.

Stripe Sessions is one of those events where the conversation is always a few years ahead of the market. This year, the themes running through the main stage and breakouts, agentic commerce, AI-native models, the changing nature of customer experience, all pointed in the same direction. The infrastructure of commerce is being rebuilt from the ground up. And identity is at the center of that rebuild, whether we name it explicitly or not.

That's what my session was about. I want to share the core argument here, because I think it's one of the most important conversations our industry needs to have.

The trust is already there

Let me start with what I think is an underappreciated fact: consumers have already accepted biometrics. Not in some hypothetical future. Right now.

Most of the people in that Stripe Sessions room walked through biometric authentication at the airport to get there. They unlocked their phones with their face or fingerprint that morning. 83% of Gen Z and 87% of Millennials are already comfortable using biometrics, and these aren't early adopters. They're the next dominant spending generation. Even among Gen X, 58% are comfortable with it.

More tellingly, 81% of consumers say they believe biometrics are more secure than passwords. The consumer trust barrier is gone. The technology is ready. What's missing is the infrastructure to scale it.

The problem no one talks about: The identity gap

Here's the thing that bothers me about how the payments industry frames biometrics: we treat it as an authentication problem. A security layer. A way to replace a PIN.

But the real opportunity is much bigger than that. It starts with a problem merchants deal with every single day.

Merchants run sophisticated omnichannel businesses. Inventory is unified. Pricing is unified. Marketing is unified. But identity? Identity is broken the moment a customer walks through the door.

When you shop online, the merchant knows exactly who you are. They know your purchase history, your preferences, your behavior. The experience is personalized to you. But the moment you walk into that same brand's store, or pull up to their drive-thru, or use their self-checkout, you disappear. You become anonymous. You could be their best customer, and they have no idea.

That's the omnichannel identity gap. And it's not a technical problem. It's a structural one.

We've been authenticating the wrong thing

To understand why biometrics are genuinely different, not just incrementally better, you have to understand what the current system actually does.

Today, we authenticate objects. Cards. Phones. Passwords. Tokens. The payment system trusts what you possess, not who you are. And that's the foundational flaw.

If someone steals your card, they can become you. If someone compromises your device, they can become you. If someone social-engineers your password, they can become you. Fraud doesn't attack people. It attacks the objects we use to represent people. And we've spent decades building increasingly sophisticated ways to protect those objects: EMV solved counterfeit fraud, tokenization solved PAN exposure, 3DS addressed remote authentication. Each layer was better. None of them changed the underlying model.

Biometric-initiated transactions change the model. Authentication shifts from something you carry to who you are. You cannot steal a fingerprint and use it at a point of sale. You cannot present someone else's face as your own. The person becomes the credential, and that's a structural shift, not a feature upgrade.

What this actually feels like

Let me make this concrete, because I used two examples in my session that I think land better than any diagram.

Getting your morning coffee takes five separate steps when you pay with your phone: order at the counter, unlock your phone, open the app, select payment, scan the QR code. Five steps to prove you have the right credentials to pay for a $7 coffee. We've normalized this. We shouldn't have.

Your weekly grocery run is six interactions. Buried in those six steps are three that exist purely because the system doesn't know who you are. Scanning your loyalty card. Showing your ID for the bottle of wine you've been buying for 20 years. Tapping or inserting your card. Three friction points. Three separate identity problems. All solved the same way.

With biometrics, every one of those moments, loyalty lookup, age verification, payment authentication, collapses into a single moment of recognition. You are known. The system handles the rest. That's not a feature improvement. That's a redesign of the checkout experience.

The broader vision: Commerce becomes identity-initiated

Once you have persistent, portable, consent-managed identity, the use cases multiply fast.

Think about what it means for retail: one-look checkout, clienteling that works because the associate instantly sees your preferences and history, returns without receipts because your identity is your proof of purchase. Think about what it means for stadiums: ticketless entry, express concessions, age-verified alcohol purchases without anyone checking an ID. Think about quick service: the drive-thru that knows your order before you speak, loyalty applied automatically, dietary preferences surfaced for every transaction.

These aren't speculative. The technology exists. The consumer acceptance is there. What we're building toward is the ecosystem that makes it interoperable.

The real challenge: Standards and interoperability

Here's where I want to be honest about where we are in the journey.

Today, biometric deployments are largely siloed. The same person might enroll their face for a loyalty program, again for a payment application, again for venue access, again for age verification. Same biometrics. Multiple enrollments. Each system storing its own template, using its own standards, operating in isolation.

That fragmentation creates friction for consumers and limits scale. Imagine having to enroll 25 times to use biometrics at 25 places. No one will do that.

The solution isn't more deployments. The solution is standards. Standards that make enrollment portable, so you enroll once and use it everywhere. Standards that enable template portability, secure exchange protocols, interoperable authentication methods, and vendor-neutral ecosystem participation. Without standards, biometrics remain fragmented applications. With standards, biometrics become a network.

Think about what the card network did for banks. It connected them through shared rails and shared rules. Think about what the internet did for merchants. A biometric network does the same thing for identity. It connects who you are to every commerce interaction, persistently and securely.

That network doesn't get built by any single company. It requires alignment across merchants, payment networks, regulated financial institutions, consumer platforms, loyalty providers, and KYC systems. When those partnerships align, regulatory trust increases, adoption accelerates, and network effects compound. The winners in biometric commerce will be ecosystem participants, not silo builders.

What Stripe Sessions reinforced

What struck me at Stripe Sessions this year was how clearly the broader themes connected to this argument. The conversations about agentic commerce and AI-native models are, fundamentally, conversations about a future where commerce happens around the consumer. Where systems act on your behalf, make decisions for you, execute transactions fluidly across channels.

That future only works if identity is persistent and trusted. An AI agent buying something on your behalf needs to know who you are. An agentic checkout experience needs to recognize you across sessions. The frictionless commerce experiences everyone is imagining assume a layer of identity infrastructure that doesn't yet exist at scale.

Biometrics are that infrastructure. Not as a feature. Not as a security add-on. As the foundational identity layer that makes everything else possible.

Where we go from here

We are at the beginning of a genuine structural shift, from credential-dependent commerce to identity-initiated commerce. The credential era treated people like objects to be verified. The identity era treats people like people.

The consumer trust is there. The technology is ready. The use cases are proven across retail, quick service, grocery, entertainment, and financial services. What the industry needs now is the courage to build shared infrastructure instead of proprietary silos, and the discipline to align around standards that create real interoperability.

At Verifone, that's the network we're working to build. We believe the right partners to build it with are the companies already thinking seriously about the future of commerce. The conversation at Stripe Sessions was a reminder that those companies are out there, asking the right questions.

The next step is building the answers together.

‍