Unlocking the End-user Perception

An observation as a creator of identity verification solutions is that while industry leaders are often excited by the opportunity to leverage biometrics, there are often concerns raised about the end-user mindset during the conversation. Primarily, what are end-users’ expectations of biometric technology? What concerns might they have about its usage to authenticate and protect their access?

Security and identity management leaders have access to information that permits us to be discerning and technology-forward end-users. Understanding the perception of end-users who may be a bit more unfamiliar with the industry is key to unlocking the strategy and approach to the implementation of biometrics.

Targeting Insights
Aware recently conducted a study of U.S. participants with key questions targeting insights into their perceptions of biometrics. According to this survey, overall consumer receptiveness towards biometric authentication is high, with most respondents reporting they use it “often” or “always” in their daily lives. Furthermore, participants indicated they overwhelmingly believe that biometrics are set to become more prevalent in the next five years.

Biometric adoption by organizations presents an opportunity to enhance the end-user experience, increase security, and streamline operations. Still, three key concerns can create barriers to more widespread biometric technology adoption – the presence of bias in biometric technology, concerns over data breaches and adherence to privacy laws, and end-user abandonment when biometrics are deployed by organizations.

Here, we’ll discuss these questions at a deeper level, and we will also share, with insights from the study, how they can best be addressed by organizations looking to lead with biometric technology.

Bias in biometric technology can lead to unfair outcomes. The belief that facial biometrics are not accurate across races/ethnicities/genders and can lead to unfair treatment of minority groups.

Insights. There are various public organizations and private companies who have received scrutiny in the last decade for using a biometric facial technology that generated a percentage of false positives on people of color and different genders disproportionate to the Caucasian male demographic.

These circumstances often make national headlines and can create public distrust of biometric-based solutions. These solutions are deployed with positive intentions – automation, security, fraud prevention – but negative press and solutions with inconsistent demographic and gender performance drive organizational concern and distrust among end users.

Fortunately, there are many biometric authentication technologies that are far more accurate and able to overcome racial and gender bias, making biometrics good for business, and moreover, society. Today, NIST testing confirms the top biometric algorithms are over 99 percent accurate across a variety of demographics.

The result is facial biometric systems that are delivering “close to perfect” performance with miss rates averaging a mere 0.1 percent.  These types of biometrics are the most reliable and accurate forms of identity verification in the world when compared to traditional user verification.

It is also important to remember that facial recognition can be just as effective at providing exculpatory information as it does inculpatory information – meaning it can be used to clear innocent individuals as well as it can confirm a guilty party.

What needs to happen. While differences in algorithms’ performance have been studied in laboratory testing by public and private organizations globally, performance in real-world settings must be a focus for all biometric stakeholders. Overall, the industry needs to continue training algorithms on the most robust, diverse data samples across demographic groups and ensure test beds are incredibly diverse.

Furthermore, conducting these comprehensive, real-world evaluations provides a fuller picture of the effects (positive or negative) of biometric identification technologies on communities that have faced historical patterns of disadvantage.

In addition, the government needs to continue focusing on efforts to ensure civil rights are protected when it comes to biometrics. For example, in March 2024, the Office of Management and Budget (OMB) issued a memorandum on governance and risk management for federal AI use. As one example of how this manifested, the Transportation Security Administration mandated that airlines nationwide had to offer alternative forms of verification to biometrics, without requiring people to sacrifice their place in line.

Breaches of Biometric Data are a Significant Threat
Biometric data collection is perceived to pose serious data security and privacy threats, with the survey highlighting worries about data breaches and misuse of personal data topping the list of concerns about biometric authentication.

Insights. By far, consumers prefer that a biometric system stores data locally on their device. In many cases, this is already happening, and there are other ways to circumvent the challenges associated with storing biometric templates, including stateless APIs. With stateless APIs, data persists only as long as is needed to do the transaction, and then it’s immediately discarded after that.

Other examples of how biometric data can be protected include the “cancellable biometric” – where a distorted biometric image derived from the original is used for authentication. For example, instead of enrolling with your true finger (or other biometric), the fingerprint is intentionally distorted in a repeatable manner and this new print is used.

If, for some reason, your old fingerprint is "stolen," an essentially "new" fingerprint can be issued by simply changing the parameters of the distortion process. Finally, one of the most groundbreaking new techniques involves breaking biometric templates down into anonymized bits. This approach to breaking biometric templates up and storing data throughout a network in the form of anonymized bits makes it virtually impossible for a hacker to access complete biometric templates.

What needs to happen. There needs to be continued advances in protecting data so that even in the unlikely event that a hacker can access biometric data, it would be useless.

And, of course, best practices need to continue being followed, such as never storing biometric data alongside personally identifiable information (PII), so that even if data was accessed, it would be useless.

Moreover, according to the study, significantly more consumers report feeling uninformed versus informed about how their biometric data is being stored and used. Organizations offering biometric authentication therefore have an excellent opportunity to better inform consumers, building consumer confidence and acceptance even further.

Reluctance to Provide Biometrics Will Lead to Abandonment
There is a conviction that biometrics will lead to end users abandoning an enrollment or process, particularly when there’s a lack of alternative options to biometrics offered.

Insights. The study showed that proper implementation of biometrics – including transparent policies and appropriate opt-outs, for instance – contribute to organizational trust. Furthermore, most end-users indicated they are already sharing biometric data for ease of use in many areas of their lives today. Offering support for multi-modal biometric options also helps, giving consumers the option to authenticate via the modality they are most comfortable with (fingerprint, face, voice).

What needs to happen: Above all else, organizations offering biometric authentication need to promote transparency. The public must be provided with sufficient information to understand how and when they are interacting with biometric identification technologies; if not, this can lead to heightened suspicion and a lack of public trust.

Information should always be posted in an easily understandable format on organizations’ websites, and clear notice should be provided in all places where biometric data is being collected. Alternative methods of authentication should always be offered; furthermore, the availability of multi-modal biometric options provides much appreciated flexibility.

Organizations have a tremendous opportunity to capitalize on the benefits of offering biometric authentication, as it is the only form of identity verification that effectively balances and delivers superior security combined with an exceptional end-user experience when compared to traditional authentication methods.

The organizations that correctly leverage biometric products will be those that deploy only the top algorithms to prevent bias; use innovative techniques to secure biometric data; and are fully transparent about when and how biometrics are being used. By providing multiple biometric authentication options and always offering an alternative, non-biometrics-based means of authenticating, organizations can stay compliant and win end-user trust.

This article originally appeared in the September / October 2024 issue of Security Today.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.