Facial recognition vs behaviour detection: which do you actually need?
It is the question every UK retailer asks when shrinkage runs at roughly 1.4 to 1.7% of turnover and theft alone reached £2.2bn last year across more than 20 million incidents (BRC). The honest answer is that facial recognition and behaviour detection answer different questions, and most retailers need both. Behaviour detection asks "is a theft happening right now?" Facial recognition asks "is this a known repeat offender, or is this a member of staff?" This page lays out the difference plainly, including the GDPR profile of each, so you can decide what your estate needs and in what order.
Two different questions, not two competing products
Behaviour detection and facial recognition are often pitched as alternatives. They are not. They sit at different points in the same job, and the most useful way to choose is to be clear about which question you are trying to answer.
Behaviour detection watches the actions on a camera and asks whether a theft is happening right now. It reads concealment in clothing or a bag, grab-and-run, and unusual behaviour at the till, on a per-camera basis. It does not care who the person is, which is exactly why it works on anyone, including a first-time offender who has never set foot in your store before. For a single store, this is the right floor to start from.
Facial recognition asks a different question entirely: is this person someone you already know about? It matches a detected face against your banned list and your staff and trusted-visitor whitelist. It cannot tell you a theft is in progress, and it has nothing to match a genuine first-timer against. Its value is identity, and that value compounds across an estate, which is why we treat it as the cross-store layer that sits on top of behaviour detection rather than a replacement for it.
"Is a theft happening right now?"
Action-based, per-camera, and effective on anyone. This is the layer that catches the incident as it unfolds, whether or not the person is known to you.
Because behaviour detection reads what a person is doing rather than who they are, it flags an incident the first time it happens. There is no watchlist to build and no prior record required. That makes it the sensible foundation for a single store, and the part of the system that does the day-to-day work of surfacing live theft for a manager to look at.
It is not a verdict. The platform flags only unambiguous behaviour and a human reviews every flag before anything happens, so everyday shopping does not trigger an action. Detection runs on a small edge node in the store, on the IP cameras already on the wall, so an alert can land in minutes rather than surfacing hours later in a recording review. See the detail on the
behaviour-based shoplifting detection
page.
"Is this a known repeat offender, or is this staff?"
Identity matching against a banned list and a staff whitelist. Its real value is cross-store, and it carries a higher GDPR profile that has to be handled properly.
Facial recognition earns its place when the same offenders work multiple sites. A repeat offender flagged at one store can be recognised at every store, and your own staff and trusted visitors can be whitelisted so they do not generate noise. That cross-store reach is the thing behaviour detection cannot give you on its own, because behaviour detection has no memory of who someone is between cameras or between sites.
It also carries a higher data-protection profile, and that has to be respected rather than glossed over. Recognition is not identification: a match surfaces a candidate, and a human confirms before any name, ban or report is attached. In QuantumEye, face data is stored separately from video, every consequential action is reviewed by a person, the audit log is append-only, and retention is bounded by category. Using facial recognition lawfully needs a clear lawful basis and a DPIA. The
GDPR-safe face recognition
module and our write-up on
how we built it
cover that in full.
Why most UK retailers need both, in order
For a single store, behaviour detection is the floor. As you grow into an estate, facial recognition becomes the layer that connects incidents across sites. The order matters more than the choice.
A practical sequence works for most retailers. Start with behaviour detection so live theft is being caught and evidenced from day one, on the cameras you already have. That alone changes the economics of a single site. Then, as the same faces start showing up across your estate, add facial recognition as the cross-store layer that recognises known offenders and quiets down your own staff through a whitelist.
Neither layer prevents theft on its own, and we are careful not to claim otherwise. Both detect, flag and build evidence so a human can act. Behaviour detection is the answer to "what is happening now," facial recognition is the answer to "who is this, and have we seen them before," and a sensible loss-prevention setup uses each for the question it is actually good at. If you would rather see the whole category in one place first, the
AI loss prevention
guide walks through how the pieces fit.
The difference, in one table.
| Behaviour detection | Facial recognition | |
|---|---|---|
| Question it answers | Is a theft happening right now? | Is this a known repeat offender, or is this staff? |
| What it detects | Actions: concealment, grab-and-run, till incidents | Identity: a face matched to a list |
| Needs a watchlist? | No. Works straight away with no prior record | Yes. Needs a banned list and a staff whitelist to match against |
| Catches a first-time offender? | Yes. It reads the action, not who the person is | No. There is nothing to match a genuine first-timer against |
| Cross-store repeat-offender value | Low. It has no memory of identity between sites | High. A face flagged at one site is recognised across the estate |
| GDPR profile | Lower. No identity match, still human-in-the-loop | Higher. Recognition needs a lawful basis and a DPIA, still human-in-the-loop |
| Where it runs | On the edge node in the store, on your existing cameras | Identity match layered on top, with face data kept separate from video |
| Best starting point | The right floor for a single store | The cross-store layer as you scale to an estate |
What this does not change.
The useful comparison is the honest one. Here is what stays true whichever way you go.
Common questions.
Facial recognition vs behaviour detection: which one do I need?
For a single store, start with behaviour detection. It catches theft as it happens, on anyone, with no watchlist required, which makes it the right floor. Add facial recognition as you grow into an estate, because its value is cross-store: it recognises known repeat offenders across every site and whitelists your own staff. Most UK retailers end up using both, with behaviour detection as the foundation and facial recognition layered on top.
Does facial recognition catch a first-time shoplifter?
No. Facial recognition matches a face against a list of people you already know about, so a genuine first-time offender has nothing to match against. Behaviour detection is what catches a first-timer, because it reads the action, the concealment, the grab-and-run, the till incident, rather than the identity of the person.
Is facial recognition legal for UK retail under GDPR?
It can be, when it is built and operated correctly. Facial recognition carries a higher data-protection profile than behaviour detection, so it needs a clear lawful basis and a DPIA. The architecture matters too: recognition is kept separate from identification so a human confirms every match, face data is stored separately from video, the audit log is append-only, and retention is bounded by category. QuantumEye is ICO-registered and ISO/IEC 27001 certified.
Does behaviour detection need a human to review it?
Yes, always. The platform flags only unambiguous behaviour and a human reviews every flag before anything happens. Nothing consequential is automated. That human-in-the-loop design applies to both behaviour detection and facial recognition: the system proposes, a person disposes.
Do I need new cameras for either of these?
No. QuantumEye is a software platform, not a camera vendor. Both behaviour detection and facial recognition run on the IP cameras you already have (RTSP / ONVIF), with detection on a small edge node in the store, so there is no rip-and-replace.
Will facial recognition or behaviour detection stop theft from happening?
Neither prevents theft on its own. Both detect, flag and build evidence so a human can act. Behaviour detection surfaces a live incident in minutes; facial recognition tells you whether the person is a known offender or a member of staff. Acting on that, an intervention, a ban, a report, is always a human decision.
See both layers running in your store
A 30-day pilot, typically one store, fully featured, on the cameras you already have. Run it against your own anonymised incident history to see behaviour detection and facial recognition working on real footage before you roll out. A first-store pilot is usually live in around two weeks, and it takes about 20 minutes to scope, online.