🇨🇭 BIOMETRIC TOKEN DUPLICATION DISPUTES IN SWITZERLAND

(Legal Framework + Case Law Analysis)

1. Concept of “Biometric Token Duplication Disputes”

A biometric token duplication dispute arises when:

• A biometric identifier (fingerprint, face scan, iris pattern, voice template)
• Is allegedly misused, replicated, spoofed, or falsely attributed
• Leading to:
  • Unauthorized banking transactions
  • Identity fraud (KYC failures)
  • e-ID authentication conflicts
  • Liability disputes between customer, bank, and technology provider

Core legal issue in Switzerland:

Who bears the risk when biometric authentication wrongly confirms identity?

2. Legal Framework in Switzerland

Biometric data is treated as highly sensitive personal data under Swiss data protection principles:

• Swiss Federal Act on Data Protection (FADP/DSG)
• Swiss Criminal Code provisions on identity misuse
• Banking contract law (Swiss Code of Obligations)
• Case-law of the Swiss Federal Supreme Court (Bundesgericht)

Biometric systems are legally allowed, but:

• Must be proportionate
• Must ensure reliability
• Must provide contestability mechanisms

⚖️ 3. KEY SWISS CASE LAW ON BIOMETRIC / TOKEN DISPUTES

Below are 6 important Swiss case-law principles and decisions relevant to biometric token duplication disputes.

🧾 CASE 1: ATF 146 III 121 (Fraudulent Banking Orders Framework)

🔹 Principle Established:

The Swiss Federal Supreme Court created a 3-step liability test for unauthorized banking transactions, including cases involving identity fraud.

🔹 Relevance to Biometrics:

• If biometric authentication (fingerprint/face scan) is used fraudulently or fails,
• The court examines:
  1. Contractual allocation of risk
  2. Security standards of the bank
  3. Customer’s diligence

🔹 Impact:

Banks may still be liable if biometric systems are insufficiently secure.

🧾 CASE 2: Federal Supreme Court Decision 4A_610/2023 (2025)

🔹 Issue:

Unauthorized electronic banking transactions involving identity authentication failures.

🔹 Holding:

The Court emphasized:

• Even advanced authentication methods (including biometric-based systems) do not automatically transfer liability to the customer
• Banks must prove robust security architecture

🔹 Biometric relevance:

Biometric verification is not “absolute proof of identity.”

🧾 CASE 3: Decision 4A_577/2024 (Bank Payment Authentication Case)

🔹 Issue:

Disputed payment instructions allegedly authorized through secure authentication systems.

🔹 Holding:

• Authentication logs are rebuttable evidence
• Courts allow challenges if spoofing or system failure is plausible

🔹 Relevance:

Biometric tokens (like fingerprints or face ID) are treated as:

“Strong but not irrefutable evidence of identity”

🧾 CASE 4: Federal Administrative Court – Facial Recognition Data Processing Case (A-4286/2022)

🔹 Issue:

Use of facial recognition software by Swiss intelligence authorities.

🔹 Holding:

• Biometric processing is a serious fundamental rights intrusion
• Requires:
  • Clear statutory basis
  • Strict proportionality
  • Data minimization safeguards

🔹 Relevance:

If biometric systems are misused or duplicated, legal scrutiny is extremely strict.

🧾 CASE 5: Swiss Federal Data Protection Enforcement Practice (Biometric KYC Systems)

🔹 Issue:

Private companies collecting biometric templates for identity verification (KYC in banking/crypto onboarding).

🔹 Findings:

• Consent alone is insufficient if:
  • Alternative less intrusive methods exist
• Biometric storage must be:
  • Limited
  • Secure
  • Purpose-bound

🔹 Relevance:

Biometric duplication disputes often arise when third-party KYC providers reuse biometric templates improperly.

🧾 CASE 6: Swiss E-ID Legal Consultation Framework (2025 Reform Practice)

🔹 Issue:

Introduction of biometric identity cards and digital identity systems.

🔹 Principle:

• Biometric identifiers (fingerprints + facial image) are used for identity cards
• But participation remains voluntary
• Strong emphasis on:
  • user sovereignty
  • avoidance of compulsory biometric dependency

🔹 Relevance:

Disputes may arise when biometric e-ID tokens are:

• duplicated
• spoofed
• or incorrectly matched to individuals

4. COMMON TYPES OF BIOMETRIC TOKEN DISPUTES IN SWITZERLAND

(A) Banking Authentication Disputes

• Customer claims unauthorized transaction
• Bank relies on biometric login logs
• Court checks system integrity

(B) KYC Identity Duplication

• Same biometric used across platforms
• False matches or duplicate identity profiles

(C) Spoofing / Deepfake Attacks

• Facial recognition bypassed using synthetic data

(D) System Error / False Positives

• Fingerprint mismatch or duplicate match

(E) Third-party biometric vendor liability

• Dispute between bank and biometric service provider

5. LEGAL PRINCIPLES EMERGING FROM SWISS CASE LAW

Across all cases, Swiss courts consistently apply:

✔ 1. No absolute reliability of biometrics

Biometric tokens are strong but rebuttable evidence

✔ 2. Risk allocation matters most

Contracts decide who bears biometric authentication failure risk

✔ 3. High security standard duty on banks

Banks must ensure:

• anti-spoofing systems
• multi-factor authentication backup
• audit logs

✔ 4. Data protection supremacy

Biometric duplication raises fundamental rights concerns

✔ 5. Burden of proof often shifts to banks

Customers only need to show plausible dispute; banks must prove integrity

6. CONCLUSION

In Switzerland, biometric token duplication disputes are not governed by a single statute but by a combination of banking law, data protection law, and evolving Supreme Court jurisprudence.

Key takeaway:

Swiss courts treat biometric authentication as a high-security but legally challengeable system, not an infallible proof of identity.

This means:

• Duplicate biometric authentication claims are legally possible
• Banks cannot rely solely on biometric logs
• Courts require systemic proof of security and reliability