Unlocking the End-user Perception -- Security Today

Unlocking the End-user Perception

By Heidi Hunter
Sep 05, 2024

An observation as a creator of identity verification solutions is that while industry leaders are often excited by the opportunity to leverage biometrics, there are often concerns raised about the end-user mindset during the conversation. Primarily, what are end-users’ expectations of biometric technology? What concerns might they have about its usage to authenticate and protect their access?

Security and identity management leaders have access to information that permits us to be discerning and technology-forward end-users. Understanding the perception of end-users who may be a bit more unfamiliar with the industry is key to unlocking the strategy and approach to the implementation of biometrics.

Targeting Insights
Aware recently conducted a study of U.S. participants with key questions targeting insights into their perceptions of biometrics. According to this survey, overall consumer receptiveness towards biometric authentication is high, with most respondents reporting they use it “often” or “always” in their daily lives. Furthermore, participants indicated they overwhelmingly believe that biometrics are set to become more prevalent in the next five years.

Biometric adoption by organizations presents an opportunity to enhance the end-user experience, increase security, and streamline operations. Still, three key concerns can create barriers to more widespread biometric technology adoption – the presence of bias in biometric technology, concerns over data breaches and adherence to privacy laws, and end-user abandonment when biometrics are deployed by organizations.

Here, we’ll discuss these questions at a deeper level, and we will also share, with insights from the study, how they can best be addressed by organizations looking to lead with biometric technology.

Bias in biometric technology can lead to unfair outcomes. The belief that facial biometrics are not accurate across races/ethnicities/genders and can lead to unfair treatment of minority groups.

Insights. There are various public organizations and private companies who have received scrutiny in the last decade for using a biometric facial technology that generated a percentage of false positives on people of color and different genders disproportionate to the Caucasian male demographic.

These circumstances often make national headlines and can create public distrust of biometric-based solutions. These solutions are deployed with positive intentions – automation, security, fraud prevention – but negative press and solutions with inconsistent demographic and gender performance drive organizational concern and distrust among end users.

Fortunately, there are many biometric authentication technologies that are far more accurate and able to overcome racial and gender bias, making biometrics good for business, and moreover, society. Today, NIST testing confirms the top biometric algorithms are over 99 percent accurate across a variety of demographics.

The result is facial biometric systems that are delivering “close to perfect” performance with miss rates averaging a mere 0.1 percent.  These types of biometrics are the most reliable and accurate forms of identity verification in the world when compared to traditional user verification.

It is also important to remember that facial recognition can be just as effective at providing exculpatory information as it does inculpatory information – meaning it can be used to clear innocent individuals as well as it can confirm a guilty party.

What needs to happen. While differences in algorithms’ performance have been studied in laboratory testing by public and private organizations globally, performance in real-world settings must be a focus for all biometric stakeholders. Overall, the industry needs to continue training algorithms on the most robust, diverse data samples across demographic groups and ensure test beds are incredibly diverse.

Furthermore, conducting these comprehensive, real-world evaluations provides a fuller picture of the effects (positive or negative) of biometric identification technologies on communities that have faced historical patterns of disadvantage.

In addition, the government needs to continue focusing on efforts to ensure civil rights are protected when it comes to biometrics. For example, in March 2024, the Office of Management and Budget (OMB) issued a memorandum on governance and risk management for federal AI use. As one example of how this manifested, the Transportation Security Administration mandated that airlines nationwide had to offer alternative forms of verification to biometrics, without requiring people to sacrifice their place in line.

Breaches of Biometric Data are a Significant Threat
Biometric data collection is perceived to pose serious data security and privacy threats, with the survey highlighting worries about data breaches and misuse of personal data topping the list of concerns about biometric authentication.

Insights. By far, consumers prefer that a biometric system stores data locally on their device. In many cases, this is already happening, and there are other ways to circumvent the challenges associated with storing biometric templates, including stateless APIs. With stateless APIs, data persists only as long as is needed to do the transaction, and then it’s immediately discarded after that.

Other examples of how biometric data can be protected include the “cancellable biometric” – where a distorted biometric image derived from the original is used for authentication. For example, instead of enrolling with your true finger (or other biometric), the fingerprint is intentionally distorted in a repeatable manner and this new print is used.

If, for some reason, your old fingerprint is "stolen," an essentially "new" fingerprint can be issued by simply changing the parameters of the distortion process. Finally, one of the most groundbreaking new techniques involves breaking biometric templates down into anonymized bits. This approach to breaking biometric templates up and storing data throughout a network in the form of anonymized bits makes it virtually impossible for a hacker to access complete biometric templates.

What needs to happen. There needs to be continued advances in protecting data so that even in the unlikely event that a hacker can access biometric data, it would be useless.

And, of course, best practices need to continue being followed, such as never storing biometric data alongside personally identifiable information (PII), so that even if data was accessed, it would be useless.

Moreover, according to the study, significantly more consumers report feeling uninformed versus informed about how their biometric data is being stored and used. Organizations offering biometric authentication therefore have an excellent opportunity to better inform consumers, building consumer confidence and acceptance even further.

Reluctance to Provide Biometrics Will Lead to Abandonment
There is a conviction that biometrics will lead to end users abandoning an enrollment or process, particularly when there’s a lack of alternative options to biometrics offered.

Insights. The study showed that proper implementation of biometrics – including transparent policies and appropriate opt-outs, for instance – contribute to organizational trust. Furthermore, most end-users indicated they are already sharing biometric data for ease of use in many areas of their lives today. Offering support for multi-modal biometric options also helps, giving consumers the option to authenticate via the modality they are most comfortable with (fingerprint, face, voice).

What needs to happen: Above all else, organizations offering biometric authentication need to promote transparency. The public must be provided with sufficient information to understand how and when they are interacting with biometric identification technologies; if not, this can lead to heightened suspicion and a lack of public trust.

Information should always be posted in an easily understandable format on organizations’ websites, and clear notice should be provided in all places where biometric data is being collected. Alternative methods of authentication should always be offered; furthermore, the availability of multi-modal biometric options provides much appreciated flexibility.

Organizations have a tremendous opportunity to capitalize on the benefits of offering biometric authentication, as it is the only form of identity verification that effectively balances and delivers superior security combined with an exceptional end-user experience when compared to traditional authentication methods.

The organizations that correctly leverage biometric products will be those that deploy only the top algorithms to prevent bias; use innovative techniques to secure biometric data; and are fully transparent about when and how biometrics are being used. By providing multiple biometric authentication options and always offering an alternative, non-biometrics-based means of authenticating, organizations can stay compliant and win end-user trust.

This article originally appeared in the September / October 2024 issue of Security Today.

Allied Universal Security Professional Frederick Tucker Honored for Life-Saving Actions During Library Shooting
09/16/2024
PureTech Expands Integrated Solutions with Axis Communications
09/13/2024
ISC East Announce Keynote Speakers and Education Track for 2024 Conference
09/12/2024
ASSA ABLOY Acquires Level Lock
09/12/2024
Genetec Expands Security Center SaaS With Launch of Operations Center
09/11/2024
Research: 12 Percent of CISOs Faced Budget Reductions in 2024
09/10/2024
Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution
09/05/2024
FAST Launches “Talent for Tomorrow” Fundraiser in Conjunction With Workforce Development Month
09/04/2024

Featured

Teaching Old Dogs, New Tricks

After more than 30 years in the security integration business, today’s video surveillance systems are certainly not the same CCTV systems I sold and installed when I first started hanging cameras. Back in the day, there were only a handful of companies out there and one that started with a “P” stood above the rest. If you were fortunate enough to get invited to travel on their private jet out to California to tour the factory, it was a real honor. I have a picture somewhere in my garage collecting dust, of me sitting in the co-pilot seat. I know, old-man highlights, but still very cool. Read Now
- Dealers and Integrators
Learning to be a Strategic Skeptic: Promoting Critical Thinking, Digital Literacy
- Cybersecurity
Why Communication is Key in an Emergency

During an emergency, communication with the outside world can be a critical component when it comes to response time and saving lives. Emergency communications typically consist of alerts and warnings; directives about evacuating the premises; information about response status, and other matters that can impact response and recovery. Read Now
- Facility Security
Trust But Verify

Today’s world is built on software—whether it is third-party applications, open-source libraries, in-house developed tools, operating systems, containers or firmware. Organizations worldwide depend on these diverse software components to power their operations, connect with customers, and drive innovation. However, this reliance on software comes with hidden dangers: the blind trust placed in these software products. Many companies assume that the software they purchase, and use is secure and free from vulnerabilities, but recent high-profile software supply chain breaches have proven otherwise. The reality is that every piece of software, no matter how reputable the source, increases the organization’s attack surface and poses new risks. Read Now
- Cybersecurity

Webinars

Napco Access Pro, Occupational Health & Safety, Security Today

The Security and Safety Summit
Salient Systems, Hanwha Vision (formerly Hanwha Techwin), Omnilert, Eagle Eye Networks Inc, HID Global, i-PRO Americas Inc., Arcules, Napco Access Pro

Before And After The School Bell Rings: K-12 Life Safety is 24-7-365
Hanwha Vision (formerly Hanwha Techwin), Eagle Eye Networks Inc, Salient Systems, Alcetel-Lucent Enterprise, IPVideo Corporation

Smart Buildings: Focus on Networking and Video Surveillance

Whitepapers

Arcules

Physical security shift happens
HID Global

Securing K-12 Schools From the Inside Out
HID Global

The Truth Behind 9 Mobile Access Myths

New Products

A8V MIND

Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3
Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3
EasyGate SPT SPD

Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3