December 11, 2015 -
This is a guest post by David Benini, Vice President of Marketing at Aware, Inc.
Some form of identity theft is at the heart of most financially-motivated fraud. Synthetic identity fraud, based on skillful creation of fictional identities, is a significant and fast-growing source of losses to fraud. Identity fraud and its derivative crimes cost banks, retailers, healthcare providers, governments, and ultimately consumers and taxpayers around the globe hundreds of billions of dollars every year, and this figure continues to grow.
Use of biometrics is growing because our fingerprints, faces, irises, and voices have truly special properties that make them an effective barrier to fraudsters attempting to surreptitiously impersonate us. They are useful because unlike names, ID numbers, email addresses, and passwords, they are comparatively more unique, secret, permanent, consistent, difficult to reproduce, and—most notably—physically bound to us, which also happens to be very convenient.
More than just “something we are”, biometrics allow us to permanently bind ourselves physically to digital information; a powerful capability that enables us to not only biometrically authenticate, but also to biometrically de-duplicate; that is, to determine through biometric search whether someone is surreptitiously attempting to establish a false identity. Said another way, identity proofing with biometric search helps assure the integrity of our identity data: that one identity represents each person, that each person has only one identity, and that the identity data associated with a biometric can be trusted.
Robust identity proofing requires the enrollee to present identity documents and information in-person as part of an application or onboarding process. The process might additionally draw upon public and private data sources. A biometric enrollment and search performed as part of this process serves as a highly confident “duplicate check” to ensure that the applicant is not already registered in the system, perhaps with different identity information. Once a duplicate check is performed, a biometric enrollment digitally links the enrollee’s trusted unique record to them physically through their biometrics. These biometrics can then be used perpetually to prevent future attempts at false representation of their identity information by a fraudster. The process also establishes a high level of trust in the authenticity of the identity data associated with the enrolled biometrics, making them more useful for future biometric authentications.
BIOMETRICS AS A SERVICE
“Biometrics-as-a-Service” offerings promise to make robust identity fraud prevention truly universally accessible. A services-based subscription or pay-per-use alternative will gain adoption from a large segment of the market for the same reasons that support a $100 billion software-as-a-service (SaaS) market (Forrester Research, 2015): no upfront costs, predictable future costs, and the freedom to select from and switch to competitive offerings.
Security is the fastest growing area of IT investment (IDG Enterprise, 2015), and the lower costs and risks of a services model promise to make biometrics-powered identity fraud prevention solutions accessible to a much larger percentage of the public- and private-sector organizations that need them. The nature of the services will vary; they might be public cloud-based or run on a single private server; they might include only biometric search and identity proofing or authentication; they might be based on a particular biometric modality. But they will change the landscape of high-performance biometric search and match, just as SaaS has changed the landscape of enterprise software.
CERTIBIO: BIOMETRICS-AS-A-SERVICE IN PRACTICE
As the largest provider of digital certificates in Brazil, Certisign has gained a deep understanding of identity and security. It has led them to recognize the power of biometrics to address identity fraud, as is evident from the recent launch of biometric identity proofing and authentication services by their new subsidiary, “Certibio”. As in much of the world, identity fraud is a problem in Brazil where the service is launching, so there is demand for a service that is not only robust but also sufficiently flexible and scalable to address a variety of customers and requirements.
Certibio provides biometric identity proofing and authentication services to its customers, which might include banks, government agencies, retailers, or any other type of business that wishes to biometrically authenticate its employees and/or customers. By consuming these as services, Certibio customers avoid an upfront investment in biometric enrollment and data storage equipment and software and avoid the risk and costs of future maintenance and obsolescence.
The Certibio service emphasizes the value of identity proofing, which serves to ensure that the individual applying for an account is in fact who they claim to be, and that the biometrics that they collect are of high quality and bonded unambiguously to trusted identity information. They ensure that the biometrics they collect during the identity proofing process are of sufficient quality for reliable future authentications and that they are linked to reliable, professionally-vetted identity information.
A key feature of the Certibio service it is sufficiently flexible to accommodate a variety of customer requirements, in terms of functionality, performance, privacy, and security. At the center of the multi-tiered Certibio system is a management platform, used to coordinate business logic and workflow across the system, as well as administrative functions. It serves as a central service between biometric collection workstations used for biometric enrollment, identification, and verification, and the various matching services available. These services include one-to-one biometric verification services provided by the government identity bureau, and biometric search and match services performed by Certibio. The Certibio biometric matching services are provided by the Biometric Matching Platform. Operating Platforms are used to manage the workstations.
Biometric identity proofing will emerge as a key identity fraud prevention approach; a means to validate the integrity of identity information at the time of collection. It will complement biometric authentication, enabling a higher degree of trust in the validity and uniqueness of the identity being claimed.
Biometrics-as-a-Service provided on a subscription or pay-per-use basis will be increasingly adopted by organizations that demand better security and identity fraud prevention measures but for whom the costs and risks of deploying their own bespoke biometric solutions are a less attractive alternative.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.