Facial recognition is one of the most powerful — and most regulated — capabilities in physical security. Used well, it lets a system flag a known shoplifter the moment they walk in, unlock a door for an employee without a badge, or find everywhere a specific person appeared in hours of footage in seconds. Used carelessly, it creates real legal and privacy exposure. This guide explains what facial recognition security cameras actually do, how the technology works, the laws you have to respect, and how to deploy it responsibly.
We'll use Verkada's approach — which Monarch designs and installs — as a concrete example of doing it the careful way, because how a system handles face data matters as much as whether it works.
Face detection vs. facial recognition: not the same thing
These two terms get used interchangeably, and the difference is important — legally and technically:
- Face detection simply notices that a face is present in the frame. It powers things like better exposure, counting people, or blurring faces for privacy. It doesn't identify anyone.
- Facial recognition goes further: it converts a face into a mathematical signature and matches it against known faces to answer "who is this?" This is what raises privacy questions, because it identifies specific individuals.
Most "facial recognition" security questions are really about that second capability — matching a live face against a list — so that's what this guide focuses on.
How facial recognition security cameras work
The process has three stages:
- Detect the face in the video.
- Encode it — turn the face into a numerical template (not a stored photo, in a well-designed system).
- Match that template against a defined list of faces — for example, a watchlist of people of interest, or an authorized-employee list at a door.
The critical design questions are where this happens and what's kept. In a privacy-conscious system, the matching runs on the device or platform you control, the face is stored as a non-reversible template that can't be turned back into a photo, and recognition only runs against a list you deliberately create — not a mass database of the public.
Which cameras have facial recognition?
In Verkada's lineup, face-based identification shows up in two distinct places:
- On cameras, as Person of Interest (POI) alerts. Cameras with the right onboard processor (many of the dome and bullet models) can match faces against a watchlist you build and alert you when someone on it appears — plus let you search footage to find everywhere a person showed up. It runs as part of the camera's onboard AI, managed in Verkada Command.
- At the door, as Face Unlock on the AF64 Access Station Pro. Here facial recognition is used as an access credential — an employee's face opens the door. The AF64 uses a 3D infrared depth sensor for anti-spoofing (a photo won't fool it), supports up to 50,000 enrolled faces, and processes all face data on the device, stored in a non-reversible format that can't reconstruct a face.
Are facial recognition cameras legal?
This is the question that matters most, and the honest answer is: it depends on where you are and how you use it. Facial recognition is legal for many business uses, but it's increasingly regulated, and a few rules drive everything:
- Biometric privacy laws. Illinois' BIPA is the strictest — it generally requires informed, written consent before collecting someone's biometric identifiers, and carries real penalties. Texas and Washington have their own laws, and more states are following.
- Consent and notice. Even where it's permitted, notifying people and (depending on the law and use) obtaining consent is often required — especially for employees enrolled in a Face Unlock system.
- Purpose limits and retention. Collect only what you need, for a defined purpose, and don't keep biometric data longer than necessary.
- Some jurisdictions restrict or ban it for certain uses, particularly broad public surveillance.
None of this is legal advice — it's the landscape, and you should confirm the rules for your state and use case. The practical takeaway: deploy facial recognition against lists you control (a watchlist, your own enrolled employees), with notice and a clear policy, on a platform that keeps the data secure and non-reversible — not as a dragnet against the general public.
Do facial recognition cameras actually work?
Yes — modern facial recognition is accurate when it's deployed well, and the same rules from our license plate recognition guide apply to faces: the result is only as good as the conditions. Accuracy depends on:
- Image quality and angle — a clear, reasonably frontal view of the face, with enough resolution and decent lighting.
- Anti-spoofing — for access use especially, depth/liveness detection (like the AF64's 3D infrared sensor) prevents a photo or video from fooling it.
- A well-curated list — recognition matches against the faces you've enrolled, so the quality of your watchlist or employee enrollment matters.
It is not the infallible, instant identification of TV. It's a strong tool for matching against a known list under good conditions — and it should be treated as one input, confirmed by a person, not an automatic verdict.
Do you actually need facial recognition?
This is worth asking honestly, because facial recognition carries the heaviest compliance burden of any camera capability — and a lot of security goals don't require it.
Modern AI cameras do a great deal without identifying anyone. People and vehicle analytics, occupancy trends, line-crossing and loitering alerts, and AI search ("find the person in a red jacket near the loading dock at 4 p.m.") solve most investigation and monitoring needs while only recognizing that there's a person, not who they are. For many businesses, that's the right balance: strong security, far less privacy and legal exposure.
Reserve true facial recognition for the cases that genuinely need identity:
- A real watchlist need — e.g. flagging individuals tied to prior retail theft incidents the moment they re-enter.
- Badge-free access — letting enrolled employees open a door with their face (Face Unlock), where you control enrollment and consent.
If your goal is "know what happened and find it fast," people/vehicle analytics usually get you there. If it's specifically "recognize this known person," that's when facial recognition earns its added responsibility. Choosing the lighter-weight tool when it's sufficient is itself a privacy best practice.
Deploying facial recognition responsibly
If facial recognition fits your security needs, these practices keep it effective and defensible:
- Match against lists you control — watchlists and enrolled employees, never a mass public database.
- Post notice and set a written policy covering purpose, who can access matches, and retention.
- Get consent where required — particularly for employees in a Face Unlock program.
- Keep face data on-device and non-reversible where possible (the AF64's privacy-by-design model), and access-controlled and audited everywhere.
- Use it as a flag, not a decision — a POI alert should send a human to verify, not trigger an automatic consequence.
Facial recognition with Verkada
The reason Monarch deploys Verkada for face-based security is that it's built privacy-first:
- Person of Interest alerts run on the camera's onboard AI and match against a watchlist you define in Verkada Command, with AI search to locate a person across your footage.
- Face Unlock on the AF64 Access Station Pro uses on-device 3D facial recognition for hands-free entry, with anti-spoofing and face data stored in a non-reversible format — see the AF64 Access Station Pro.
- Everything is managed in Command with role-based access, so who can see and use face data is itself controlled and logged.
This matters for the retail loss-prevention and office and government settings where face-based security is most useful — and most scrutinized.
Frequently asked questions
Which cameras have facial recognition?
In Verkada's lineup, many dome and bullet cameras with onboard AI support Person of Interest alerts (matching faces against a watchlist), and the AF64 Access Station Pro uses facial recognition as a door credential (Face Unlock). The capability depends on the camera's onboard processor, so it's worth confirming per model.
Are facial recognition security cameras legal?
For many business uses, yes — but it's regulated, and biometric privacy laws (Illinois' BIPA is the strictest) often require notice and consent, especially for enrolling employees. Rules vary by state and use case, and some jurisdictions restrict certain uses. Deploy it against lists you control, with notice and a clear policy, and confirm the rules where you operate. (This isn't legal advice.)
What's the difference between face detection and facial recognition?
Face detection notices that a face is present (for counting, exposure, or privacy blurring) without identifying anyone. Facial recognition goes further and matches the face against known faces to identify who it is — which is the capability that raises privacy and legal questions.
Can a photo fool a facial recognition camera?
A good system resists it. For access use, the AF64 uses a 3D infrared depth/liveness sensor specifically so a flat photo or video won't unlock the door. Liveness/anti-spoofing is an important thing to ask about for any face-based access system.
Is facial recognition the same as a person of interest alert?
A Person of Interest (POI) alert is one application of facial recognition: the camera matches faces against a watchlist you've built and notifies you when someone on it appears. It's recognition applied to a specific, controlled list — not identification of the general public.
Using facial recognition the right way
Facial recognition security cameras are genuinely powerful for flagging known individuals and enabling hands-free, badge-free access — but the technology is only half the story. The other half is deploying it against lists you control, with notice, consent where required, and face data kept secure and non-reversible.
If you're considering facial recognition for security or access, that's exactly the conversation worth having with someone who deploys it responsibly. Talk to a Monarch security expert and we'll help you figure out whether it fits, how to do it compliantly, and what privacy-by-design hardware looks like in practice.