Knowledge and recognition: new wave biometrics
This is a guest post by Ajay Bhalla, President, Cyber & Intelligence at Mastercard.
How do we know someone is who they say they are? It used to be simple. People were identified by sight, name, voice or, if needed, a trusted third party could vouch for them. We relied on a combination of known attributes and recognition to verify the identity of an individual. Only later came documents like passports, ID cards and drivers’ licences.
Today the question is more challenging: How do I identify someone I don’t know, can’t see and isn’t physically present? We can exchange knowledge – in the form of passwords, PINs, memorable data or personal details. But these verification methods come at a price – not least the loss of privacy, inconvenience, insecurity and identity fraud.
The first wave of biometrics – physical – has provided a solution. Matching physical features to known attributes, whether fingerprint, face, voice or a range of emerging factors. But the new wave of biometrics – behavioural – provides even greater possibilities when combined with physical.
In 2023 alone, it’s anticipated that 37.2 billion transactions, at a value of $2 trillion, will be authenticated by biometrics. And most of those transactions are remote – the individual is not present. The biometrics revolution is clearly upon us. And that’s because this pivotal technology addresses a fundamental challenge of transacting in the expanding digital world – it allows us to more accurately confirm we are who we say we are. It’s a return to knowledge and recognition – but this time the science of familiarity is powered by AI.
Enhancing physical biometrics
Physical biometrics continue to diversify, making existing solutions (e.g. fingerprint, face and voice) more secure and intelligent, and exploring new physiological credentials (e.g. palm and eye) to verify an individual’s identity. Here are just a few of the developments taking hold:
– Touchless fingerprint scanners – These readers acquire fingerprint images using advanced 3D imaging technology without the need to touch the device. This overcomes challenges associated with sensor-based scanners, such as wet and dry fingers, ghost images left on the scanner and hygiene concerns.
– Fingerprint on debit and credit cards – These cards combine embedded fingerprint sensors with chip technology for dual authentication to make transactions more secure. The digital fingerprint is encrypted on the card, avoiding honey pots of sensitive information and increasing data security.
– Palmprint and palm vein – Quite simply, the palm is larger than the finger, meaning more distinctive features can be captured. As the contactless scanning technology improves, palmprints could become more widespread. Palm vein scanning – where infrared light is used to scan unique and complex vein structures – could represent a further evolution here. As an internal biometric, it’s harder to fake. And it’s based on blood flow, so has an inbuilt test of life.
In the real world, we rely on more than just physical appearance to identify an individual. Similarly, in the digital world, we need to go beyond physical biometrics and factor in advanced technologies like AI and machine learning (ML) that recognise behavioural traits.
Consider a hypothetical example: your neighbour, Lyn, knocks on your door to borrow your lawnmower. You feel confident in lending it to her because, first, you recognise Lyn (physiology). Second, it’s not unexpected for you to see your neighbour at your front door (context). Third, Lyn has borrowed the mower before (history), and as a result you assess (intelligence) the risk of lending her the lawnmower as low. All of these factors combine to create a high level of confidence in that particular interaction.
In the same way, AI and ML are capable of learning to recognise behaviours relevant to the task at hand and making split-second decisions. In mobile commerce, behavioural analytics can assess the passive biometrics of how an individual interacts with their phone: how they type, swipe and navigate websites and apps. From those individual data points, a user profile can be created which is difficult for fraudsters to spoof. AI and ML solutions are also effective because they learn. The more samples they have, the smarter the identification will be. They can also be a dynamic presence. Known as continuous verification, multiple behavioural biometrics can be combined in the background to constantly verify the individual, without this additional layer of security causing any disruption at all.
Crucially, these authentication techniques don’t require extensive personal information. You don’t need to know Lyn’s date or place of birth, her criminal record, bank balance or maiden name in order to lend her the lawnmower. You just need to know enough to recognise Lyn and to be confident she can be trusted in this interaction.
Biometrics beyond transactions
It isn’t just consumer transactions that are being transformed. Patient safety and privacy have long been important issues in healthcare. And with a rise in demand for contactless and virtual services, biometrics have a huge role to play, ensuring that everyone has safe access to the vital support that they need. Voice authentication for example, can be used as a far more secure and convenient login to telemedicine portals, allowing physicians’ to quickly and securely access patients’ medical records.
This forms part of a wider need for better identification in the industry. In 2007, it was revealed that over a single year, thousands of patients in the UK received the wrong treatment because of identification errors. To combat this, healthcare providers and hospitals are increasingly deploying palm vein scanning for patients and fingerprinting new-born babies and their mothers.
The high levels of security and number of checkpoints demanded in the travel sector also make it a prime focus for the application of biometrics. With the need for social distancing and hygiene of paramount importance, facial recognition and phone-based fingerprint biometrics are really coming into their own.
As employees begin to return to places of work around the world, biometric solutions will become a mainstay of working lives – to enter the building, log into devices and access documents. Continuous verification will work in the background to improve employee experience, security and prevent repeat logins.
One thing is clear: we are going to see the importance of and dependence on biometrics play an exponential role in how we transact and interact moving forward. The current crisis has led to an uptick in cyber-attacks and the importance of strong authentication has come to the fore.
Effective biometrics melt into the broader experience of consumer-centric services. The advent of biometric solutions has prompted a shift from knowledge-based methods of verification to those that employ intelligent recognition – replacing the password with the person. But the continued adoption of such technology is dependent on users’ faith in its safety. As our identity becomes increasingly digital, those of us designing the technology need to make sure we’re also advancing trust in it. That means employing security-by-design, an approach that places the protection of identity data at the heart of biometrics. Knowledge, recognition and security.
To learn more about biometrics, read From Password to Person: Evolution of Biometrics produced by Mastercard, in association with the International Center for Biometric Research and The Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.
About the author
Ajay Bhalla is president of cyber and intelligence solutions for Mastercard. He leads the team that develops products or solutions that enhance safety, security and experience for consumers, merchants, partners and governments around the world. Ajay is a member of the company’s management committee.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.