Your Biometric Accepted Here
Initial resistance gives way to mainstream acceptance when biometrics allow convenient and secure access
- By Phil Scarfo
- Aug 01, 2014
What is it about biometrics that triggers so much worry? In
the past, concerns seemed to have their foundation in law
enforcement’s use of fingerprints; the association between
fingerprints and criminality was strong. Today’s objections
seem to be more related to fears that we are handing
over our identities to government and commercial organizations—that we are
being watched.
While the adoption of biometrics has never been more widespread, highly-successful
security- and privacy-enhancing applications have been deployed worldwide
across all industries; yet, the general public narrative remains focused more
on the risks rather than the benefits. Concerns about user privacy, reliability, performance
and even personal safety often dominate many of today’s articles and
discussions involving biometrics. While all of these concerns merit debate, the industry
finds itself in the position of having to correct a wide range of misconceptions
and myths while a discussion of the very real benefits of biometrics is left by
the wayside.
What is it? (It’s personal.)
Perhaps the reason is because biometrics is so…personal. The irony is: If other
identity-trading industries were measured on an equivalent, risk-only basis, companies
like Google, Facebook and Amazon wouldn’t be the household names that
they are. These and other companies thrive because, despite the very credible risks
they pose to user identity, privacy and security, they also offer significant and measureable
benefits that both users and providers seek and value.
The level of personalization and services that can be provided based on user
identity is highly desirable. Shoring up user identity with biometrics allows for
a higher level of security, privacy and convenience. The risks of user authentication
in transactions are already generally accepted; the benefits of biometrics
are substantial.
With biometrics, there is no form of user authentication that is more democratic,
more inclusive or more tightly linked to personal identity. There are no language,
literacy, race, gender or age barriers limiting the use of biometrics. All other
user authentication methodologies, including passwords, cards, tokens or other
physical credentials, have the same risks as biometrics but are far more difficult for
users to understand, use, remember and deploy. And, only biometrics definitively
says “who” is transacting.
Biometrics in Everyday Lives
Automating biometric authentication with a fingerprint sensor, for example, that
recognizes the customer, not a clerk, allows for many desirable benefits. Banks in
Brazil, Argentina, South Africa and elsewhere are showcasing the utility of biometrics,
demonstrating that customer security is enhanced with its use. Equally
important, services are made more convenient and secure. Customers welcome the simplicity of biometrics, and they see biometric authentication as a more convenient
way to do business.
Banks see this as a way to lower the risk of identity theft and fraud, while
offering more tailored and enhanced services. This more holistic view of “convenient
security” makes them better able to retain existing customers and grow their
businesses. Biometric authentication is used at more than 50,000 ATMs in Brazil,
making the use of biometrics quite routine for millions of bank customers there.
In healthcare settings, providers, payers and patients all benefit from having
strong authentication via biometrics. Knowing “who” with a greater degree of
certainty helps both user and provider ensure that services are being delivered to
the proper individual. Fewer medical mistakes and greater efficiency occur, which
ultimately helps lower costs and improve patient care.
Additionally, compliance requirements,
like those imposed in North
America by DEA to manage Electronic
Prescription of Controlled Substances
(EPCS), are also made simpler
with the use of biometrics. Doctors no
longer need to reach for a physical credential
or one-time password (OTP) to
meet compliance requirements or to
do their job. A simple “touch-and-go”
approach to workflow in a hospital enables
secure identification at a shared
user workstation while providing tailored,
personalized and secure access
to patient’s medical records. This is an
enhancement in both cost efficiency
and administrative relief.
In some developing countries where
literacy is an issue or access to government
programs is limited, biometric
identification can make the difference
between citizens getting access to food,
benefits or critical services. Patients in
a nationwide Mexico healthcare system,
for example, can biometrically
identify themselves and ensure that the
person getting treatment is who they
claim to be, not someone pretending to
be that individual or an identity thief.
As another example, small children in
Africa, who are desperately in need of
life-saving vaccines, have demonstrated
that the use of biometrics by medical
staff can keep track of those who have
been treated, ensuring that more children
are protected and fewer vaccines
are wasted.
Biometrics is now being used in
consumer applications and on smart
devices and cell phones to protect private
and sensitive information that
otherwise might be vulnerable, simply
because users value convenience over
security. Although the risk of spoofing
is legitimate, is that risk really greater
than not locking personal devices for
lack of convenience?
Benefits of Biometrics
The use of biometrics in every one of
these applications has provided one or
more of the following benefits: more
security, certainty about who was
transacting, privacy and ease of use,
regulatory compliance, cost savings
and convenience. In short, whether
the application or use case is a serious
commercial enterprise application,
civil program or just a personal security
assistant, the value and benefit of
biometrics is and will likely continue to
be compelling.
We live in a complex world where
our digital identities have become increasingly
important and where we
constantly face threats. Risks are an inescapable
reality and therefore must be
considered. But, it is also short-sighted
to overlook the benefits as these may
often far outweigh the risks.
Many people will continue to focus
on what’s wrong with biometrics.
However, the expectation is that as
people better understand what’s right
with the technology and the benefits
offered, biometric authentication
will become even more accepted and
mainstream.
This article originally appeared in the August 2014 issue of Security Today.