Security at your fingertips. Or face and iris…

4 August 2016

4 min read

Today, cybersecurity is at your fingertips – or in your fingerprints, to be precise.

Security at your fingertips. Or face and iris… (Desktop)

Biometrics can authenticate a person’s identity by means of fingerprints, voice, iris, face, DNA and veins. There’s even foot recognition, of which more later.

So much so that Tractica predicts there will be more than a billion smartphones with fingerprint recognition by 2021 – that’s more than a third of the market1. It is likely to pervade almost every aspect of our lives, perhaps even replacing written signatures.

So why are biometrics so persuasive an idea? The rationale is simple: they offer a safe way to identify a user in a digital world that up until now has demanded passwords, which can be easily hacked.

Passwords must be kept secret, changed regularly, are never written down and contain a mix of numbers, letters and symbols.

Fair enough, but life is complex. Most of us today have multiple bank accounts, online retail and utility accounts, social media and government agency accounts that all require passwords. Businesses have even more.

So we need a secure form of identification and authorisation. That’s where biometrics come in.

When the digital world meets the real world we need to know that a user is who they say they are. Biometrics offer the only way to do that. Physical attributes are hard to replicate.

So it’s not just on our phones that biometrics are having an impact. Companies and government agencies are increasingly using digital fingerprints to identify people.

Fingerprint recognition, though, is just the beginning. The camera on a smartphone is also key to the imminent boom in facial recognition, as is their prevalence in public places.

Cameras offer a seamless and non-invasive way to capture and authenticate an identity. As a result, facial biometrics will become increasingly common.

Facial recognition can also help companies offer different levels of service to customers.

An airline might use it to identify frequent flyers at an airport, while a music festival might have a list of VIPs who have access to special areas. In both cases, mistaken identity or fraudulent claims can be virtually eliminated.

Perhaps more importantly, facial recognition could also be used in medicine. Doctors could use it to assess a patient’s health remotely, particularly when it is linked to the patient’s records. We use it already to spot fatigue in drivers.

Other biometrics include the vein pattern in an eye and the shape of a foot. While they are fascinating ideas, I’m not so sure they will take off. They’re not as seamless as facial recognition. Few of us will wish to remove our shoes before logging on.

Voice, on the other hand, offers potential. It isn’t as accurate as fingerprint or facial, and in research the public has shown itself reticent about using voice to release bank funds, for example.

This would appear to limit its applications, although driving does seem to be an obvious exception.

All these ideas come at a cost to both developers and adopters. This is where standards come in. If we want this technology to become ubiquitous and pervasive, standards are key. They will help keep costs down for everyone and ensure simple implementation.

The more standardised it is, the easier it is to make apps. For example, fingerprint recognition on smartphones varies between makers, adding to the complexity experienced by banks wishing to use it as identification.

It is also vital that regulators and lawmakers keep abreast of developments to speed progress. For example, the European Union has recently published the revised Data Protection Directive, which includes reference to biometrics for the first time.

And lawmakers will need to ensure that contracts signed using biometrics are legal – indeed, eventually the written signature could be completely superseded.

Ironically, a technology designed to aid security is only as good as its own security. That’s why collection and storage of biometric data needs to be regulated to keep it safe from criminal activity and corruption.

That means encryption and having the data stored as close to the individual as possible – securely on the smartphone rather than on a central database.

Where data is stored centrally, it should be separated from any identifier such as name, email or address so that if accessed illegitimately it would be useless. There is also research currently being done into chopping up the data into pieces that are stored separately.

Finally, those involved in biometrics need to keep up with research and development to ensure it is as safe and secure as possible. We at Safran are working on ways to ensure that biometrics such as facial and fingerprints offered for verification are from a live person, not a replica or photograph.

Mobile phones and fingerprints have already reached tipping point. Next it’s the rest of the world.

As biometrics permeate more of our lives we will move more freely, gaining entry to our homes, cars and offices. We will pass through airports and borders almost without friction.

They will cut fraud and costs, improve efficiency and open up new markets. It’s an exciting time. The power is not just at our fingertips but in our hands.

Anne Bouverot is CEO of Safran Morpho

Footnotes

1 Fingerprint Readers in Mobile Devices to Surpass 1 Billion Unit Shipments Annually by 2021

Print