"The kiosk can capture facial biometrics and match it to a database"
So, one step further down the road to biometrics being used for the most mundane things.
Why does a club require you to give up your face to some datacenter that gives no guarantee that it knows how to manage that data securely and is not under legal obligation to do so ?
The sooner we treat biometrics with the same level of care and security that we treat financial data, the better.
Banks are under serious obligations to have the right to handle our money. Firms using biometrics should be as well, because I can't change my face if you foul up.