Revolut is facing a legal challenge potentially worth millions due to its storage of user biometric data in the US.
Court documents from Illinois revealed a class action complaint has been made against the London-based fintech to “put a stop to its unlawful collection, use and storage” of “sensitive biometric data”.
The plaintiff, Tina Haralampopoulos individually and on behalf of others, has accused the unicorn of unfairly collecting user biometric data through the facial recognition technology used in its customer onboarding process, in which new users submit a selfie and images of a passport, driver’s license or other ID.
“The actual biometric uploading process does not disclose any third parties’ participation nor does defendant [Revolut] disclose how applicants’ biometric data is collected, stored, and destroyed,” said the documents.
Illinois passed the Biometric Information Privacy Act (BIPA) in 2008. BIPA requires strict compliance from firms handling biometric data. Requirements include consent from users, disclosure that biometric data is being stored, secure storage of biometric data and the timely destruction of it.
Several other states in the US have similar laws, including Texas and Washington, however, Illinois’s is considered the strictest.
The act, which applies to private companies, prescribes $1,000 per violation and $5,000 if the violation is considered intentional or reckless.
Revolut last year surpassed one million customers in the US, potentially giving the firm a hefty fine to pay should it lose the case.
Revolut declined to comment on the situation.
Revolut last month posted a revenue surge of 45% to $1.1bn for 2022, however, administrative expenses, which rose by 75%, massively cut into profits.
The fintech is also awaiting a decision on its application for a full UK banking licence.