Your Biometric Accepted Here

Initial resistance gives way to mainstream acceptance when biometrics allow convenient and secure access

• By Phil Scarfo
• Aug 01, 2014

What is it about biometrics that triggers so much worry? In the past, concerns seemed to have their foundation in law enforcement’s use of fingerprints; the association between fingerprints and criminality was strong. Today’s objections seem to be more related to fears that we are handing over our identities to government and commercial organizations—that we are being watched.

While the adoption of biometrics has never been more widespread, highly-successful security- and privacy-enhancing applications have been deployed worldwide across all industries; yet, the general public narrative remains focused more on the risks rather than the benefits. Concerns about user privacy, reliability, performance and even personal safety often dominate many of today’s articles and discussions involving biometrics. While all of these concerns merit debate, the industry finds itself in the position of having to correct a wide range of misconceptions and myths while a discussion of the very real benefits of biometrics is left by the wayside.

What is it? (It’s personal.)

Perhaps the reason is because biometrics is so…personal. The irony is: If other identity-trading industries were measured on an equivalent, risk-only basis, companies like Google, Facebook and Amazon wouldn’t be the household names that they are. These and other companies thrive because, despite the very credible risks they pose to user identity, privacy and security, they also offer significant and measureable benefits that both users and providers seek and value.

The level of personalization and services that can be provided based on user identity is highly desirable. Shoring up user identity with biometrics allows for a higher level of security, privacy and convenience. The risks of user authentication in transactions are already generally accepted; the benefits of biometrics are substantial.

With biometrics, there is no form of user authentication that is more democratic, more inclusive or more tightly linked to personal identity. There are no language, literacy, race, gender or age barriers limiting the use of biometrics. All other user authentication methodologies, including passwords, cards, tokens or other physical credentials, have the same risks as biometrics but are far more difficult for users to understand, use, remember and deploy. And, only biometrics definitively says “who” is transacting.

Biometrics in Everyday Lives

Automating biometric authentication with a fingerprint sensor, for example, that recognizes the customer, not a clerk, allows for many desirable benefits. Banks in Brazil, Argentina, South Africa and elsewhere are showcasing the utility of biometrics, demonstrating that customer security is enhanced with its use. Equally important, services are made more convenient and secure. Customers welcome the simplicity of biometrics, and they see biometric authentication as a more convenient way to do business.

Banks see this as a way to lower the risk of identity theft and fraud, while offering more tailored and enhanced services. This more holistic view of “convenient security” makes them better able to retain existing customers and grow their businesses. Biometric authentication is used at more than 50,000 ATMs in Brazil, making the use of biometrics quite routine for millions of bank customers there.

In healthcare settings, providers, payers and patients all benefit from having strong authentication via biometrics. Knowing “who” with a greater degree of certainty helps both user and provider ensure that services are being delivered to the proper individual. Fewer medical mistakes and greater efficiency occur, which ultimately helps lower costs and improve patient care.

Additionally, compliance requirements, like those imposed in North America by DEA to manage Electronic Prescription of Controlled Substances (EPCS), are also made simpler with the use of biometrics. Doctors no longer need to reach for a physical credential or one-time password (OTP) to meet compliance requirements or to do their job. A simple “touch-and-go” approach to workflow in a hospital enables secure identification at a shared user workstation while providing tailored, personalized and secure access to patient’s medical records. This is an enhancement in both cost efficiency and administrative relief.

In some developing countries where literacy is an issue or access to government programs is limited, biometric identification can make the difference between citizens getting access to food, benefits or critical services. Patients in a nationwide Mexico healthcare system, for example, can biometrically identify themselves and ensure that the person getting treatment is who they claim to be, not someone pretending to be that individual or an identity thief. As another example, small children in Africa, who are desperately in need of life-saving vaccines, have demonstrated that the use of biometrics by medical staff can keep track of those who have been treated, ensuring that more children are protected and fewer vaccines are wasted.

Biometrics is now being used in consumer applications and on smart devices and cell phones to protect private and sensitive information that otherwise might be vulnerable, simply because users value convenience over security. Although the risk of spoofing is legitimate, is that risk really greater than not locking personal devices for lack of convenience?

Benefits of Biometrics

The use of biometrics in every one of these applications has provided one or more of the following benefits: more security, certainty about who was transacting, privacy and ease of use, regulatory compliance, cost savings and convenience. In short, whether the application or use case is a serious commercial enterprise application, civil program or just a personal security assistant, the value and benefit of biometrics is and will likely continue to be compelling.

We live in a complex world where our digital identities have become increasingly important and where we constantly face threats. Risks are an inescapable reality and therefore must be considered. But, it is also short-sighted to overlook the benefits as these may often far outweigh the risks.

Many people will continue to focus on what’s wrong with biometrics. However, the expectation is that as people better understand what’s right with the technology and the benefits offered, biometric authentication will become even more accepted and mainstream.

This article originally appeared in the August 2014 issue of Security Today.