Unlocking the End-user Perception

An observation as a creator of identity verification solutions is that while industry leaders are often excited by the opportunity to leverage biometrics, there are often concerns raised about the end-user mindset during the conversation. Primarily, what are end-users’ expectations of biometric technology? What concerns might they have about its usage to authenticate and protect their access?

Security and identity management leaders have access to information that permits us to be discerning and technology-forward end-users. Understanding the perception of end-users who may be a bit more unfamiliar with the industry is key to unlocking the strategy and approach to the implementation of biometrics.

Targeting Insights
Aware recently conducted a study of U.S. participants with key questions targeting insights into their perceptions of biometrics. According to this survey, overall consumer receptiveness towards biometric authentication is high, with most respondents reporting they use it “often” or “always” in their daily lives. Furthermore, participants indicated they overwhelmingly believe that biometrics are set to become more prevalent in the next five years.

Biometric adoption by organizations presents an opportunity to enhance the end-user experience, increase security, and streamline operations. Still, three key concerns can create barriers to more widespread biometric technology adoption – the presence of bias in biometric technology, concerns over data breaches and adherence to privacy laws, and end-user abandonment when biometrics are deployed by organizations.

Here, we’ll discuss these questions at a deeper level, and we will also share, with insights from the study, how they can best be addressed by organizations looking to lead with biometric technology.

Bias in biometric technology can lead to unfair outcomes. The belief that facial biometrics are not accurate across races/ethnicities/genders and can lead to unfair treatment of minority groups.

Insights. There are various public organizations and private companies who have received scrutiny in the last decade for using a biometric facial technology that generated a percentage of false positives on people of color and different genders disproportionate to the Caucasian male demographic.

These circumstances often make national headlines and can create public distrust of biometric-based solutions. These solutions are deployed with positive intentions – automation, security, fraud prevention – but negative press and solutions with inconsistent demographic and gender performance drive organizational concern and distrust among end users.

Fortunately, there are many biometric authentication technologies that are far more accurate and able to overcome racial and gender bias, making biometrics good for business, and moreover, society. Today, NIST testing confirms the top biometric algorithms are over 99 percent accurate across a variety of demographics.

The result is facial biometric systems that are delivering “close to perfect” performance with miss rates averaging a mere 0.1 percent.  These types of biometrics are the most reliable and accurate forms of identity verification in the world when compared to traditional user verification.

It is also important to remember that facial recognition can be just as effective at providing exculpatory information as it does inculpatory information – meaning it can be used to clear innocent individuals as well as it can confirm a guilty party.

What needs to happen. While differences in algorithms’ performance have been studied in laboratory testing by public and private organizations globally, performance in real-world settings must be a focus for all biometric stakeholders. Overall, the industry needs to continue training algorithms on the most robust, diverse data samples across demographic groups and ensure test beds are incredibly diverse.

Furthermore, conducting these comprehensive, real-world evaluations provides a fuller picture of the effects (positive or negative) of biometric identification technologies on communities that have faced historical patterns of disadvantage.

In addition, the government needs to continue focusing on efforts to ensure civil rights are protected when it comes to biometrics. For example, in March 2024, the Office of Management and Budget (OMB) issued a memorandum on governance and risk management for federal AI use. As one example of how this manifested, the Transportation Security Administration mandated that airlines nationwide had to offer alternative forms of verification to biometrics, without requiring people to sacrifice their place in line.

Breaches of Biometric Data are a Significant Threat
Biometric data collection is perceived to pose serious data security and privacy threats, with the survey highlighting worries about data breaches and misuse of personal data topping the list of concerns about biometric authentication.

Insights. By far, consumers prefer that a biometric system stores data locally on their device. In many cases, this is already happening, and there are other ways to circumvent the challenges associated with storing biometric templates, including stateless APIs. With stateless APIs, data persists only as long as is needed to do the transaction, and then it’s immediately discarded after that.

Other examples of how biometric data can be protected include the “cancellable biometric” – where a distorted biometric image derived from the original is used for authentication. For example, instead of enrolling with your true finger (or other biometric), the fingerprint is intentionally distorted in a repeatable manner and this new print is used.

If, for some reason, your old fingerprint is "stolen," an essentially "new" fingerprint can be issued by simply changing the parameters of the distortion process. Finally, one of the most groundbreaking new techniques involves breaking biometric templates down into anonymized bits. This approach to breaking biometric templates up and storing data throughout a network in the form of anonymized bits makes it virtually impossible for a hacker to access complete biometric templates.

What needs to happen. There needs to be continued advances in protecting data so that even in the unlikely event that a hacker can access biometric data, it would be useless.

And, of course, best practices need to continue being followed, such as never storing biometric data alongside personally identifiable information (PII), so that even if data was accessed, it would be useless.

Moreover, according to the study, significantly more consumers report feeling uninformed versus informed about how their biometric data is being stored and used. Organizations offering biometric authentication therefore have an excellent opportunity to better inform consumers, building consumer confidence and acceptance even further.

Reluctance to Provide Biometrics Will Lead to Abandonment
There is a conviction that biometrics will lead to end users abandoning an enrollment or process, particularly when there’s a lack of alternative options to biometrics offered.

Insights. The study showed that proper implementation of biometrics – including transparent policies and appropriate opt-outs, for instance – contribute to organizational trust. Furthermore, most end-users indicated they are already sharing biometric data for ease of use in many areas of their lives today. Offering support for multi-modal biometric options also helps, giving consumers the option to authenticate via the modality they are most comfortable with (fingerprint, face, voice).

What needs to happen: Above all else, organizations offering biometric authentication need to promote transparency. The public must be provided with sufficient information to understand how and when they are interacting with biometric identification technologies; if not, this can lead to heightened suspicion and a lack of public trust.

Information should always be posted in an easily understandable format on organizations’ websites, and clear notice should be provided in all places where biometric data is being collected. Alternative methods of authentication should always be offered; furthermore, the availability of multi-modal biometric options provides much appreciated flexibility.

Organizations have a tremendous opportunity to capitalize on the benefits of offering biometric authentication, as it is the only form of identity verification that effectively balances and delivers superior security combined with an exceptional end-user experience when compared to traditional authentication methods.

The organizations that correctly leverage biometric products will be those that deploy only the top algorithms to prevent bias; use innovative techniques to secure biometric data; and are fully transparent about when and how biometrics are being used. By providing multiple biometric authentication options and always offering an alternative, non-biometrics-based means of authenticating, organizations can stay compliant and win end-user trust.

This article originally appeared in the September / October 2024 issue of Security Today.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3