Biometrics: giving power to the people
This is a guest post by Raphaël de Cormis, VP Innovation Labs at Gemalto
It’s a revolution that has only just begun. Over the new few years – and beyond – biometrics will enable daily lives to be redesigned and reimagined. Innovative new approaches to identification and authentication will transform not only countless routine processes, such as authorizing bank transactions or passing though airport border control, but also the very nature of our relationships with government departments, public bodies and private enterprises. Many of us have already caught a glimpse of the possibilities – unlocking our smartphone with a fingerprint or selfie, for example. But in terms of what biometrics can ultimately deliver, the surface has barely been scratched. Moreover, it’s not just a step change in convenience that we can look forward to. By giving us the power to prove, beyond any reasonable doubt, that we are who we claim to be, biometrics will strengthen dramatically our ability to resist modern threats such as cyber-crime, illegal immigration and global terrorism. As a result, confidence in the online domain, and opportunities for greater convergence with the physical world, will flourish. Our digital lifestyles will no longer be compromised by an endless treadmill of usernames, passwords and PINs. All too often, these are over-simplified or carelessly stored, creating a fundamentally weak link in our cyber-defenses. With the advent of biometrics, the flawed and laborious, password-based approach will be confined to history. In its place will come solutions that can simultaneously fulfil the two compelling priorities of the 21st century consumer: convenience and security.
Of course, the science of biometrics is nothing new. Widespread exploitation of fingerprints as a means of unique identification dates back to the early 20th century, when police forces in France, the UK and USA recognized their potential to help bring offenders to justice. In the early 1980s, the introduction of the AFIS (Automated Fingerprint Identification System) marked another first, this time by marrying biometrics with the power of modern electronics. The result was a step change in the speed with which prints taken from an individual or crime scene could be matched with data held on file.
Whilst early developments focused on law enforcement, recent years have seen a dramatic acceleration in the breadth and depth of biometric deployments. Initially, governments and public authorities took the lead, most notably with the introduction of the ePassport. By storing the holder’s personal and biometric data within a secure embedded microprocessor, these documents have made it far easier for agencies to tackle identity fraud and counterfeiting. Increasingly, the same approach is being applied to national ID schemes, as well as healthcare, welfare, civil registry and voting programs.
The success of these initiatives has in turn stimulated the interest of the commercial world. Here the launch of the iPhone 5s in 2013 proved a major milestone, introducing millions of people to the fingerprint scanner. Adoption was remarkably quick, with consumers demonstrating boundless enthusiasm for the idea of using unique personal characteristics to confirm their identity. Subsequently, the development of new technologies and techniques has been swift. They encompass physiological biometrics – including fingerprint, facial and iris recognition, as well as the shape of a hand or vein pattern – and behavioural characteristics, such as the way an individual walks, types on a keyboard or talks.
Alongside this compelling end user appeal, the key to biometrics’ transformative power lies in the fact that so many of the secure transactions that we undertake – in both the physical and digital domains – are built around the principle of ‘two factor authentication’. To date, that has typically meant a combination of something we have, such as a payment card or mobile phone, and something we know, like the aforementioned PIN or password. Crucially, biometrics replaces the latter with something we are; something that can’t be readily copied, forgotten, lost or stolen.
Extending the benefits even further, biometric techniques can now be combined with systems that use the very latest risk scoring, behavioural biometrics and machine learning systems to create rich, multi-dimensional portraits of each individual, and then ensure that authentication processes always match the true risk posed by a transaction. Moreover, it is possible to tailor authentication not just to the level of assurance needed, but also the personal preferences of each individual end user. For service providers, biometrics therefore provides a means of staying one step ahead of the bad guys, whilst delivering new standards of customer satisfaction through highly customized processes. Biometrics also offers an equally seamless route to compliance with stricter regulatory requirements, including KYC obligations and the new PSD2 in Europe.
However exciting the possibilities, the task of accurately and reliably tackling the complex business of capturing, storing and matching biometric data should not be underestimated. It relies on the expertise and experience of numerous stakeholders, and an armoury of sophisticated acquisition tools, algorithms, and much more besides. But an innovative array of solutions is already demonstrating just what can be achieved, given the right strategy and support. For example, progressive banks are enabling their customers to use selfies to facilitate rapid, self-service account enrollment. Airports are introducing automated eGates that allow travellers to use ePassports and facial recognition to speed their way through border control. And Gemalto recently launched the world’s first biometric EMV payment card, with a built-in fingerprint scanner for PIN-free authentication.
Under the catch-all term of biometrics, it is clear that the solutions currently being deployed already embrace a diverse array of techniques. And the trend is only set to accelerate. For example, behavioural biometrics – including how the end user interacts with a touchscreen or keypad – is now supporting sophisticated risk analysis for payment transactions. Similarly, live facial recognition solutions have progressed markedly in recently years, to reach levels of accuracy that are now well beyond what even a well-trained human eye can hope to achieve. Of course, each particular technology carries with it strengths and characteristics that must be carefully aligned with the demands of the application and its end users. But in pursuit of truly silent, seamless authentication, the questions that need to be addressed go far beyond the technical. As we hurtle rapidly towards a new era, data protection and privacy laws are struggling to keep pace. Societies around the world therefore have important decisions to make concerning how, when, where and with whom we are prepared to share our newly created biometric profiles. Furthermore, we need to take all the measures necessary to ensure that they never fall into the wrong hands. With all the technology building blocks dropping into place, it is almost certainly this privacy debate that will ultimately play the key role in determining the speed with which we arrive in the new biometric age, and what precisely it looks like when we get there.
About the author
Raphaël de Cormis is VP Innovation Labs at Gemalto, where he leads investigations into new technologies, usage trends and social impacts to enhance their solutions. His current focus is Biometrics, Machine Learning in Cybersecurity, Self-sovereign Identity and SaaS ecosystem integration (cloud or edge).
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.