Case Prompt: Face Recognition for Cardholder Verification at POS

You are interviewing for a Data Scientist role and are asked to evaluate a proposal to use face recognition to verify cardholders at physical points of sale (POS). Assume a large, regulated consumer financial institution in the U.S. with operations that may include EU and other jurisdictions. The system would perform 1:1 verification (is this person the enrolled cardholder?) at checkout.

Provide a structured, decision-ready response covering risk, compliance, technical criteria, alternatives, and stakeholder management.

Tasks

1. Risk Identification, Prioritization, and Ownership
   • Identify the top risks: privacy, bias/fairness, disparate impact, spoofing/presentation attacks, data retention, consent, and model governance.
   • Prioritize them (highest to lowest) and propose clear risk owners for each.
2. Decision Memo Proposal
   • Draft an outline memo covering: purpose and scope; legal/regulatory review (e.g., BIPA, CCPA/CPRA, GDPR); DPIA/PIA steps; data minimization; retention schedule; and deletion workflows.
3. Go/No-Go Criteria and Monitoring Plan
   • Define quantitative thresholds: accuracy by demographic slices, false match ceilings, liveness/spoofing controls.
   • Specify human-in-the-loop escalation, red-teaming, rollback plan, and incident response SLAs.
4. Less Intrusive Alternatives
   • Propose alternatives that achieve the same business goal with lower risk (e.g., device-based verification). Recommend one and justify it.
5. Executive Pushback Scenario
   • A VP insists on launching despite fairness concerns. Draft how you would push back, align stakeholders, and propose a time-bound pilot with guardrails that still allows for a hard stop.