FB pixel

Physical and passive biometrics: finding the right security balance

Physical and passive biometrics: finding the right security balance
 

This is a guest post by Robert Capps, vice president and authentication strategist for NuData Security, a Mastercard company.

The use of biometrics technology for online authentication is picking up momentum in the cybersecurity industry. In fact, up to 90% of organizations will be implementing biometrics by 2020 according to a Spiceworks report, a professional IT Network. The adoption of these new authentication frameworks is also a reaction to the 1,579 data breaches in 2017 that have exposed over 179 million personal records. In essence, cybercriminals now have everything they need to commit online fraud, account takeover, open new lines of credit, and more.

Security Analysts at NuData Security found that, on average, account takeover attacks ratchet up to 50% of retailers’ web traffic – even more during peak shopping season. This is not surprising considering it only takes nine minutes for stolen data to be sold and used by cybercriminals, based on the Federal Trade Commission. Increasingly sophisticated attacks fueled by the exposed data have endangered traditional static authentication in record time. This critical situation is forcing online companies to rapidly adopt new technologies to verify customers online.

The physical biometrics boost

A growing trust in new technologies and biometrics-friendly devices are the key drivers behind the boost for biometrics. According to the Spiceworks report, fingerprint scanners top the list of the most popular physical biometrics in the workplace, followed by facial recognition, hand geometry recognition, iris scanners, voice recognition, and the least popular palm-vein recognition.

Physical biometrics are rapidly rising as they are a convenient way for consumers to verify themselves, and they can be used on different devices like smartphones, tablets, and computers. Ease of use and convenience are the fastest ways to drive adoption. It is easier for consumers to press their thumb on the screen for a fingerprint verification than it is for them to answer security questions and find an SMS code. Although fingerprints are not theft-proof, they are much harder to steal than passwords, dates of birth, and other static data.

Bridging physical and passive biometrics

The increasingly sophisticated attacks are making online businesses realize that one layer of security is not enough to protect their environment. Physical biometrics, as well as other types of security layers, are not bullet-proof when standing alone. To truly enhance online security, companies need to implement multi-layered solutions.

Additionally, solutions that include a passive biometrics layer can reduce unnecessary friction on good users. Passive biometrics and behavioral analytics verify customers by their behavior such as how a person holds their device, how hard they press the keys, how they navigate the sites, and hundreds of other behavioral signals that can be analyzed in real time to identify legitimate customers, machines, and imposters.

Multi-layered technologies that include passive and physical biometrics provide the right security balance. These technologies allow companies to let legitimate users go through while adding friction, such as a fingerprint scan requirement, only on those users showing high-risk signals. This balance between different biometrics technologies blocks fraudulent transactions even if hackers steal customer devices, identity, password or credentials.

Although there is no cybersecurity panacea, with different layers of security companies gain visibility into fraud threats and can stop them before they happen.

About the author

Robert Capps is a recognized technologist, thought leader, and advisor with over twenty years of experience in the design, management, and protection of complex information systems – leveraging people, process, and technology to counter cyber risks.

DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Yoti trumpets NIST age estimation results and testing plans

A new facial age estimation algorithm submitted by Yoti to the U.S. National Institute of Standards and Technology has placed…

 

Indonesia tests new digital ID system, calls on ASEAN to speed up DEFA negotiations

Indonesia is rolling out the limited release of its new digital government platform INA Digital. In this first phase, INA…

 

Colorado legislators wrangle laws on facial recognition in schools, data protection

Regulatory winds are blowing from both directions in Colorado, where a moratorium on AI facial recognition cameras in schools is…

 

Ethiopia kicks off digital ID enrolment drive in Addis Ababa

A month-long digital ID enrollment campaign gets underway in the Ethiopian capital, Addis Ababa, today October 10 in a move…

 

mDL authentication and biometrics among new modules from Veridocs

Kentucky-based authentication and identity management software maker Veridocs has launched modules for mobile driver’s license authentication, biometrics, mobile device verification…

 

Moldova works on aligning digital ID regulation with eIDAS 2.0

Moldova is working on aligning its digital ID regulation with the European Union and its Digital Identity (EUDI) Wallet. The…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events