What does the future of biometrics mean for your business?

Biometrics have the potential to make our lives simpler, but linking our digital identities to our unique physical characteristics is not without risks. In this article, we look at some of the emerging technologies in the field of biometrics, as well as how the changing digital landscape might affect your business.

What is biometric authentication?

Biometric authentication is the use of our biological characteristics to identify and authenticate digital trust. Types of biometric identifiers include:

• Fingerprints

• Walking gait

• Facial recognition

• Iris / eye scan

• Ear shape

• Speech patterns.

In the current context, most biometric enterprises are concerned with using physical characteristics for authentication.

Why biometrics?

The answer to this question can be found in the propensity for digital technologies to make our lives easier, smoother and more streamlined. Within biometrics, you can look at the confluence of two popular and effective changes in our digital landscape:

• Facial recognition

• Fingerprint unlock.

Apple: Unlocking biometrics

Apple introduced its home button fingerprint sensor in 2013. This incredibly practical form of biometrics showed how our body’s unique signatures can be used to streamline an everyday task like unlocking a phone, something you probably do dozens of times a day.

What is a relatively simple gesture soon becomes something bigger, with Apple Touch ID now being used to authentic payments via Apple Pay. With the Jobs empire already boasting a massive user base, it’s up to other companies to play catch up.

And now with the Samsung Note 8 and the iPhone X introducing facial recognition for easy unlocking – even in the dark – a new era of biometrics is about to begin.

Trust, the body, and the digital world

While police have been using fingerprints for about a century, with actual databases appearing in the 1980s, the iPhone is the first example of widespread consumer adoption of a digital biometric scan. As so often happens with the company that invented the Mac, the floodgates are open, and new and existing companies are rushing to market with new ideas in biometrics.

Abacus Project (Google)

In typical Google fashion, Abacus Project wants to aggregate a number of biometrics to provide security to your smartphone, and potentially other devices as well. Analysing elements like:

• Speech patterns

• Typing behaviour

• Walking gait

The big G thinks it can achieve a ‘live’ cumulative trust score, so that your phone basically just knows that it’s you. Essentially it will provide security to your smartphone 24/7, so you’ll never have to use a password again.

NymiBand (Nymi, Mastercard and TD Bank Group)

In a slightly more morbid gambit, Canadian biometrics company Nymi has teamed up with a couple of big financial companies to bring the first wearable credit card that uses heartbeat as authentication.

When held up to a payment terminal, the NymiBand uses an NFC chip and Always Ontechnology to provide payments similar to Tap and Go, with the wearer’s unique heartbeat authenticating the payment. With pin codes already on the way out due to Tap N Go, biometric applications are ready to step in.

Challenges to biometric implementation

While biometrics are poised to radically change many aspects of our digital and physical lives, bringing them closer together than ever before, there remains a number of challenges to implementation:

Accuracy over time

People’s body’s change. While some characteristics might change less than others, the effectiveness of scanning technology and the balance between security and accuracy will present challenges to businesses who authenticate their customers using biometric recordings.

Security

One of the big security concerns with biometrics is that the perception of unique security throws up a big problem once that security is compromised. Databases are compromised all the time. It’s not just a matter of you being you in biometric identification, but who the authoritative database says you are.

Regulations:

Industrial and government regulation will impact operational modelling and the potential for deployment of various biometric technologies.

Unreplaceable:

You can replace a password, but not your fingerprint. What happens if a customer loses a limb or an eye? These questions will need to be considered carefully.

An example:

To better conceptualise the challenges facing companies that utilise biometrics, let’s look at a banking example.

A user imprints their fingerprint, eye and ear into a banking database, allowing them to pay for transactions without requiring a credit card. The concept is simple and elegant.

Simply take the items to the counter, touch the glass payment station with your finger and you’re done.

However, a cyber breach on the banking database changes the details to someone else’s. Now, not only is someone else spending their money, but the company is posed with the problem of identifying who is who?

Trust, and how it is guaranteed, is still a big question in the field of biometrics. As consumer appetite grows for faster, more streamlined transaction methods, policymakers in government and business will have to come to agreements about how to guarantee trust for both enterprise and the consumer.

Unlocking biometrics

For businesses, the pressure is on to provide convenient service and smooth user experience without sacrificing security. For your business, there are two key types of biometrics to keep an eye on:

• Physical Characteristics: Biometrics based on the static characteristics of a person. Elements like fingerprints, facial features, vein pattern and irises. Trust checks are performed like password checks (i.e a one-off fashion).

• Behavioural characteristics: These metrics look more at repeated activities like vocal patterns, walk, gestures, keystroke dynamics and signature. This authentication may be carried out in on ongoing fashion.

The third lock

It’s important to acknowledge that biometrics also add an elusive ‘third lock’ to the security environment:

1. Something you have: Physical security tokens ID cards, mobile phone numbers to receive sms passwords.

2. Something you know: Secret password, passphrase, question and answer.

3. Something you are: Biometrics

In the current environment, two factor authentication is often seen as the best practical consumer level authentication, combining a mix of 1 and 2. However it’s safe to say that two-factor authentication is cumbersome, and tolerable to consumers only for rare checks.

With the addition of biometrics as a ‘third lock’, businesses will need to understand both the capacity of each type of authentication, and how combinations work to provide consumers and businesses with better protections (without sacrificing ease of use).

Preparing for the biometric future

Is your business ready for biometrics? As with most new technologies, there will be winners and losers, but in the rush to be first past the post, it’s important that companies across all industries be wary of the challenges these technologies will face, both with consumers and regulatory bodies. KPMG have already identified a four tier technical governance structure for biometric deployments:

1. Privacy management

2. Data Security management

3. Compliance

4. Vulnerability assessments

Identifying how your business can leverage these future technologies will be a challenge, but one that could reap significant rewards.