One of the companies that we deal with has installed a high security ID system. When you check in at reception for the first time, they take your picture and store it in a database. When you subsequently arrive for an appointment, they print an ID badge for you: it has an RFID chip inside to open doors. When visiting a few days ago, I was wandering around the building for various meetings: it wasn’t until lunchtime that one of my colleagues pointed out that the picture on the ID card wasn’t me. If anyone knows who this person is, pass on the link!
Pictures don’t seem to be a very good ID technology. I vaguely remember an experiment some years ago when a UK issuer started putting cardholders pictures on the back of cards as a fraud deterrent. Some researchers (I think this was in Scotland) changed the pictures on their cards to a) a gorilla and b) Mr. Spock. It turned out to make no difference: since no-one ever looked at the pictures, it didn’t matter what they were. If the POS accepted the card, that was that ("computer says yes").
I can’t resist the experiment. Next time a client sends me to this company, I’m going to put a picture of a gorilla on my ID card (obviously, a gorilla that doesn’t particularly look like me, otherwise it’s not an interesting experiment) and see if anyone notices.