How government biometrics are moving into the private sector
This is a guest post by Ethan Ayer, CEO of Resilient Network Systems.
Biometrics have been used in the government sector for many years, with fingerprint recognition being the first practical adoption of the technology. Over a century ago, law enforcement began fingerprinting criminals, recording them on paper cards which were stored in filing cabinets and warehouse repositories. Today, advances in computer and mobile technology allow a police officer to readily fingerprint a suspect using a biometrics app downloaded to his or her smartphone. Fingerprint biometrics are also used for access to security-restricted buildings and are an accurate digital identification solution for various government applications such as border control, national identification cards, voter registration and passports.
As security attacks become more pervasive and sophisticated, biometrics will become an essential component of identity management. The online identities predominantly used today will be replaced by the more nuanced and accurate identifiers that biometrics can provide. Private industries are starting to adopt biometric recognition technologies that replace traditional usernames and passwords to provide increased security for enhanced consumer experiences and transactions.
Biometric modalities and uses
The success and accuracy of fingerprint technology led to the exploration of other biometric modalities where an individual’s unique physical characteristics could serve as valuable identifiers in varying use cases. Face, eye and voice biometrics, along with fingerprint recognition, are the most widely used within government agencies. Early on it was believed that modalities could, and should, be ranked by degrees of effectiveness, but as the technology evolved, it became evident that no single biometric modality could be considered better than another. Instead, it was discovered that different modalities offered their own benefits dependent upon specific parameters, such as who would be using the biometric, in what environment and for what purpose.
Given these parameters, a deploying agency can select the best biometric modality for a specific use case based on the level of identification accuracy required for security purposes and/or the ease of use by the end user. In addition, certain deploying agencies opt for the least invasive biometric modality in order to limit invasion of privacy issues. For example, eGovernment agencies, such as the Veteran’s Administration, find voice recognition to be a particularly useful modality for individuals needing high-level security access due to its effectiveness over long distances in an analog-type environment. Other agencies, such as those in intelligence, ban the use of phone and laptop cameras, so only non-visual biometrics are possible.
Facial recognition biometrics are often deployed in law enforcement and military use cases where individuals are viewed from a distance in order to determine a level of identity either before or after the individual was viewed. Customs and Border Protection officers may use it to view individuals at a distance before engagement, while the FBI might review CCTV recordings of suspects caught on camera after a crime has occurred. Facial recognition is a non-invasive system that generally provides reliable matching and fast results. But like all biometric modalities, it has its unique drawbacks and challenges. Some of the factors that limit facial recognition are lighting, face angle and facial complexion. Better lighting conditions and lighter complexions provide the greater contrast of different sampled facial locations, and both are needed to reach the required level of accuracy.
Eye biometrics encompasses a variety of biometric sub-modalities that all characterize an individual’s eyes, but work with different areas of the eye. Retina and iris scanning are the two most widely used, with iris gaining ground due to its less intrusive nature and significantly lower false-positive scores. Many government organizations and corporate buildings already use iris scanning as a means of restricting access to certain areas of high security. Iris scanning is used in the same scenarios as voice biometrics, where the users themselves are attempting to be authorized into a system or location.
The move to the private sector
While biometrics have played a vital role in government and law enforcement, the use of biometrics technology in the private sector has grown exponentially. In 2016, a report published by CC Research entitled Biometrics: Technologies and Global Markets revealed that the steadily growing need for security in both the public and private sectors is driving big growth in the biometrics market. From protecting personal property and financial transactions to ensuring employee integrity, biometrics are being used to control access to personal computers, ATM machines, residential communities, office buildings and much more.
Like government agencies, businesses are experiencing a significant increase in phishing and spearphishing attacks. The Anti-Phishing Working Group (APWG) observed more phishing attacks in the first quarter of 2016 than in any other three-month span since it began tracking data in 2004. The APWG also reported that the number of phishing websites it detected jumped an alarming 250 percent between October 2015 and March 2016. Requiring higher-trust authentication methods, such as biometrics, can significantly reduce risk and offer greater protection of sensitive data.
Businesses utilize fingerprint biometrics as part of their point-of-sale and employee time card clock-in systems. Financial institutions use it for identification purposes along with PINs and bank cards. Even retail stores have started using facial recognition to not only monitor shoplifters, but to build a database of VIP customers.
Healthcare management applications are trending towards biometric iris recognition technology to establish accurate patient identification and identify proper insurance status in order to prevent fraud and duplicate medical records. And, of course, voice recognition technology is widely used by the general public on mobile phones and devices.
A holistic approach to security
As biometrics become more pervasive, it’s important to recognize they are only as good as the systems that use and enforce them. What’s needed is a system that goes beyond point solutions – one that connects authentication, authorization and policy enforcement and is executed separately from applications. Just adding an additional biometric factor is not sufficient. Once assessment and authorization are removed from an application, it gives organizations greater flexibility and control. They can understand the context of an access request and respond accordingly with an appropriate and adaptive level of authentication.
The key to using biometrics is to apply them in a way that is appropriate to the context, specifically applying levels of security that are adaptable and flexible in varying applications.
New technologies that focus on contextual access can connect to online databases and other authoritative sources to answer sophisticated questions like ‘Is this person a doctor?’ or ‘Is this a trusted device?’. These additional attributes augment identity so that organizations can be more confident that they are granting access to the correct parties.
In the next decade, usernames and passwords will have gone the way of the floppy disk, and facial scans and other biometric identity recognition devices will have become the norm. The future is already happening in pockets around the world with an astonishing variety of applications. A theme park located in Wuzhen, China uses facial recognition to verify guests as paid attendees when approaching certain checkpoints throughout the park. The Venetian Hotel and Casino in Las Vegas recently started using facial recognition software to drive sales. Cameras capture an image of a person passing by and an algorithm determines their gender and approximate age. The advertisement can then present them with products most likely to appeal to their demographic.
This is the direction of identity management, and private industry can get on board by exploring innovative tools and technologies that can increase their bottom line while providing the highest level of protection for consumers. Utilizing a multi-factor approach to biometric technology allows organizations to not only optimize the benefits of these tools, but to achieve greater security as breaches and attacks become more prolific.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.