Consumer-grade biometrics could give enterprises false sense of security, ID R&D white paper warns
The growing popularity of biometrics in consumer devices, such as smartphones, gives some enterprises easy opportunities to adopt fingerprint, face or sometimes iris biometric authentication to secure corporate assets. These convenient technology options are not necessarily appropriate to enterprise uses, however, and could provide a false sense of security, according to a new ID R&D white paper.
“Consumer vs enterprise-grade biometrics” draws a distinction between the consumer-grade biometrics and their more robust enterprise offering counterparts.
“Companies frequently ask us why customers can’t just use the biometrics on their phones to login,” ID R&D President Alexey Khitrov told Biometric Update in an email. “We wrote this paper to explain that while consumer-grade biometrics offer convenience, they are far from what enterprises need to meet their security requirements and keep users safe.”
Noting that consumers have been estimated to unlock mobile devices 150 times each day, ID R&D points out that the native biometric technologies provided by smart consumer devices are designed for convenience, to make it easy for people to apply a minimum level of security. Logging into enterprise applications are made more convenient through the use of consumer biometrics, but not more secure, the company argues.
Enterprise biometrics are defined by ID R&D as biometrics deployed in the application, and not dependent on a specific device. The company provides a five-point comparison to show the implications of this difference, such as the use of layered biometrics and other authentication factors in enterprise systems. Account takeover attacks, one of the most common types of attacks on enterprise customers, are not prevented by consumer biometrics, as the takeover involves convincing the enterprise, typically through the use of stolen credentials, that their device has changed.
While major banks have adopted consumer-grade biometrics to authenticate customers, putting FIDO standards in place at best, challenger banks are now rolling out mobile-only banking with enterprise-grade biometrics, ID R&D writes.
Enrollment for enterprise-grade biometrics is easy, according to ID R&D, and can be carried out simultaneously with KYC checks during onboarding, allowing customers to use their same credentials with a new device without re-enrolling. Biometric data converted into templates and then encrypted for storage, stored separately from personally identifiable information, keeps customer’s sensitive data safe, even in the event that a biometric database is breached.
Company awarded for best biometrics solution
At the 2020 AI Breakthrough Awards, ID R&D has been selected as the “Best Overall Biometrics Solution.”
ID R&D offers solutions for voice, face and behavioral biometric authentication and anti-spoofing capabilities, as well as a standalone liveness detection product, which can be combined with any facial recognition system for stronger authentication and fraud prevention. The passive liveness technology is based on extensive research and development, and convolutional neural network (CNN) deep learning algorithms, the company says.
“Liveness detection is critical to the integrity of remote or unmonitored biometric authentication, including access to online and mobile applications, identity verification during digital onboarding, and physical access,’” says Khitrov. “It’s equally important to achieve this without introducing friction into a process built on the promise of making security both stronger and easier, and ID R&D has done just that. We are proud to receive a 2020 AI Breakthrough Award in recognition of our success and innovation in this area.”
Winners for the 2020 awards were chosen from more than 2,750 nominees from more than 15 countries.
“While it’s getting more difficult for businesses to protect themselves and their customers against data breaches and fraud with traditional authentication methods so vulnerable to hacking, ID R&D uses the power of AI and the science of biometrics to transform the user experience,” comments James Johnson, managing director, AI Breakthrough. “We congratulate the entire team at ID R&D and want to recognize their incredible innovation and achievement with our ‘Best Overall Biometrics Solution’ award in the 2020 AI Breakthrough Awards program.”