Unlocking the End-user Perception

  • By Heidi Hunter
  • Sep 05, 2024

An observation as a creator of identity verification solutions is that while industry leaders are often excited by the opportunity to leverage biometrics, there are often concerns raised about the end-user mindset during the conversation. Primarily, what are end-users’ expectations of biometric technology? What concerns might they have about its usage to authenticate and protect their access?

Security and identity management leaders have access to information that permits us to be discerning and technology-forward end-users. Understanding the perception of end-users who may be a bit more unfamiliar with the industry is key to unlocking the strategy and approach to the implementation of biometrics.

Targeting Insights
Aware recently conducted a study of U.S. participants with key questions targeting insights into their perceptions of biometrics. According to this survey, overall consumer receptiveness towards biometric authentication is high, with most respondents reporting they use it “often” or “always” in their daily lives. Furthermore, participants indicated they overwhelmingly believe that biometrics are set to become more prevalent in the next five years.

Biometric adoption by organizations presents an opportunity to enhance the end-user experience, increase security, and streamline operations. Still, three key concerns can create barriers to more widespread biometric technology adoption – the presence of bias in biometric technology, concerns over data breaches and adherence to privacy laws, and end-user abandonment when biometrics are deployed by organizations.

Here, we’ll discuss these questions at a deeper level, and we will also share, with insights from the study, how they can best be addressed by organizations looking to lead with biometric technology.

Bias in biometric technology can lead to unfair outcomes. The belief that facial biometrics are not accurate across races/ethnicities/genders and can lead to unfair treatment of minority groups.

Insights. There are various public organizations and private companies who have received scrutiny in the last decade for using a biometric facial technology that generated a percentage of false positives on people of color and different genders disproportionate to the Caucasian male demographic.

These circumstances often make national headlines and can create public distrust of biometric-based solutions. These solutions are deployed with positive intentions – automation, security, fraud prevention – but negative press and solutions with inconsistent demographic and gender performance drive organizational concern and distrust among end users.

Fortunately, there are many biometric authentication technologies that are far more accurate and able to overcome racial and gender bias, making biometrics good for business, and moreover, society. Today, NIST testing confirms the top biometric algorithms are over 99 percent accurate across a variety of demographics.

The result is facial biometric systems that are delivering “close to perfect” performance with miss rates averaging a mere 0.1 percent.  These types of biometrics are the most reliable and accurate forms of identity verification in the world when compared to traditional user verification.

It is also important to remember that facial recognition can be just as effective at providing exculpatory information as it does inculpatory information – meaning it can be used to clear innocent individuals as well as it can confirm a guilty party.

What needs to happen. While differences in algorithms’ performance have been studied in laboratory testing by public and private organizations globally, performance in real-world settings must be a focus for all biometric stakeholders. Overall, the industry needs to continue training algorithms on the most robust, diverse data samples across demographic groups and ensure test beds are incredibly diverse.

Furthermore, conducting these comprehensive, real-world evaluations provides a fuller picture of the effects (positive or negative) of biometric identification technologies on communities that have faced historical patterns of disadvantage.

In addition, the government needs to continue focusing on efforts to ensure civil rights are protected when it comes to biometrics. For example, in March 2024, the Office of Management and Budget (OMB) issued a memorandum on governance and risk management for federal AI use. As one example of how this manifested, the Transportation Security Administration mandated that airlines nationwide had to offer alternative forms of verification to biometrics, without requiring people to sacrifice their place in line.

Breaches of Biometric Data are a Significant Threat
Biometric data collection is perceived to pose serious data security and privacy threats, with the survey highlighting worries about data breaches and misuse of personal data topping the list of concerns about biometric authentication.

Insights. By far, consumers prefer that a biometric system stores data locally on their device. In many cases, this is already happening, and there are other ways to circumvent the challenges associated with storing biometric templates, including stateless APIs. With stateless APIs, data persists only as long as is needed to do the transaction, and then it’s immediately discarded after that.

Other examples of how biometric data can be protected include the “cancellable biometric” – where a distorted biometric image derived from the original is used for authentication. For example, instead of enrolling with your true finger (or other biometric), the fingerprint is intentionally distorted in a repeatable manner and this new print is used.

If, for some reason, your old fingerprint is "stolen," an essentially "new" fingerprint can be issued by simply changing the parameters of the distortion process. Finally, one of the most groundbreaking new techniques involves breaking biometric templates down into anonymized bits. This approach to breaking biometric templates up and storing data throughout a network in the form of anonymized bits makes it virtually impossible for a hacker to access complete biometric templates.

What needs to happen. There needs to be continued advances in protecting data so that even in the unlikely event that a hacker can access biometric data, it would be useless.

And, of course, best practices need to continue being followed, such as never storing biometric data alongside personally identifiable information (PII), so that even if data was accessed, it would be useless.

Moreover, according to the study, significantly more consumers report feeling uninformed versus informed about how their biometric data is being stored and used. Organizations offering biometric authentication therefore have an excellent opportunity to better inform consumers, building consumer confidence and acceptance even further.

Reluctance to Provide Biometrics Will Lead to Abandonment
There is a conviction that biometrics will lead to end users abandoning an enrollment or process, particularly when there’s a lack of alternative options to biometrics offered.

Insights. The study showed that proper implementation of biometrics – including transparent policies and appropriate opt-outs, for instance – contribute to organizational trust. Furthermore, most end-users indicated they are already sharing biometric data for ease of use in many areas of their lives today. Offering support for multi-modal biometric options also helps, giving consumers the option to authenticate via the modality they are most comfortable with (fingerprint, face, voice).

What needs to happen: Above all else, organizations offering biometric authentication need to promote transparency. The public must be provided with sufficient information to understand how and when they are interacting with biometric identification technologies; if not, this can lead to heightened suspicion and a lack of public trust.

Information should always be posted in an easily understandable format on organizations’ websites, and clear notice should be provided in all places where biometric data is being collected. Alternative methods of authentication should always be offered; furthermore, the availability of multi-modal biometric options provides much appreciated flexibility.

Organizations have a tremendous opportunity to capitalize on the benefits of offering biometric authentication, as it is the only form of identity verification that effectively balances and delivers superior security combined with an exceptional end-user experience when compared to traditional authentication methods.

The organizations that correctly leverage biometric products will be those that deploy only the top algorithms to prevent bias; use innovative techniques to secure biometric data; and are fully transparent about when and how biometrics are being used. By providing multiple biometric authentication options and always offering an alternative, non-biometrics-based means of authenticating, organizations can stay compliant and win end-user trust.

This article originally appeared in the September / October 2024 issue of Security Today.

Featured

  • MetLife Stadium Uses Custom Surveillance Solution from Axis Communications

    Axis Communications, provider of video surveillance and network devices, today announced the implementation of a custom surveillance solution developed in collaboration with the MetLife Stadium security team. This new, tailored solution will help the venue augment its security capabilities, providing high-quality video at unprecedented distances and allowing the security team to identify details from anywhere in the venue. Read Now

  • U.S. Cyber Trust Mark Launches for Consumer Internet-Connected Devices

    The White House recently announced the launch of a cybersecurity label for internet-connected devices, known as the U.S. Cyber Trust Mark, completing public notice and input over the last 18 months. During that time, FCC Commissioners decided in a bipartisan and unanimous vote to authorize the program and adopt final rules, as well as the trademarked, distinct shield logo that will be applied to products certified for the U.S. Cyber Trust Mark label. Read Now

  • Motorola Solutions Expands its Retail Portfolio with Theatro Labs Acquisition

    Motorola Solutions has entered into a definitive agreement to acquire Theatro Labs, Inc., maker of AI and voice-powered communication and digital workflow software for frontline workers, based in Richardson, Texas. Read Now

  • FAST Announces National Security Technician Day Jan. 23

    The Foundation for Advancing Security Talent (FAST) has announced the third annual National Security Technician Day, an annual commemorative day held on Jan. 23 to honor security technicians across the country. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3