Samsung's facial recognition technology which debuted on the Galaxy S8/S8+ will need more than four years to become secure enough for mobile transactions. Speaking to The Korea Herald, a source from Samsung said that high-level security actions are not suitable for the authentication method, as the technology still has some maturing to do:
Facial recognition isn't all that new of a feature. It has been available to Android devices since 2011 when it premiered with the Ice Cream Sandwich version of the OS under the name of "Face Unlock". Back then, the feature was denounced as being unreliable and prone to vulnerabilities, but Samsung has managed to revive it with its latest flagships by making the authentication process extremely fast and convenient.
The official stance of the Seoul-based manufacturer is that facial recognition currently only serves as a quick method to unlock the phone. The company freely admits that it has a lower security level compared to the iris and fingerprint scanning technologies. A Samsung spokesperson was quoted saying:
However, experts do agree that the ease and speed of use of facial and voice identification methods will make them the core biometric solutions of the future. The former are simply predisposed to become more common, as they don't require dedicated hardware components to work. Virtually every smartphone of today comes with a microphone and a selfie camera, while iris and fingerprint scanners aren't so broadly employed and add to the cost of production.
source: The Investor