In the wake of the ‘Fourth Industrial Revolution’, technological innovation poses a double-edged sword for those that adopt the latest breakthroughs. As Atheneum expert Steve Cook explained at a recent workshop for a longstanding client, the field of biometrics is case in point for both the good and the bad that implementers must contend with.
Biometric authentication uses distinctive body measurement to identify a user. These measurements are often divided between physiological and behavioral factors that include fingerprints, DNA, typing rhythm, gait, iris and face recognition. The applications are manifold in a host of industries, not only those intuitively linked to security such as law enforcement, ID systems or monetary transactions but also within healthcare, education, automotive and wearables. The implementation trend will continue to increase in these segments, compounded by the growth of consumer-targeted smart home and IoT technologies. The field of mobile banking is perhaps the best demonstrator of both the opportunities and dangers of the growing trend towards biometric adoption – this has been reflected by recent requests for Atheneum experts as clients look to ensure that they take advantage of biometric opportunities while avoiding associated pitfalls.
Over 60% of the $30.8bn payment transactions for this year’s ‘Singles Day’ (a popular shopping holiday in China on 11/11) were secured using biometrics. The penetration of biometrics within financial services is growing and this trend is set to continue as users grow more accustomed to the technology – a recent study suggesting that 67% of us are currently comfortable using biometrics and that 87% would consider using biometric authentication in the future. The use case for banks to adopt biometrics is based on enhanced security, customer engagement, brand perception, cost reduction and heightened competition galvanized by the digital banking revolution. By 2023, UK Finance has predicted that around 35 million people or 72% of the UK adult population will bank in the future via a phone app and the majority will make use of biometric technologies that are quickly becoming industry standard in all smart devices.
The heightened standard of ‘Strong Customer Authentication’ within the recent EU Payments Services Directive (PDS2) has also been a strong driver towards biometric authentication. It sets out three independent verification criteria that must be fulfilled before a transaction can be completed: knowledge (passwords), possession (usually a smart device) and inherence, something the user is i.e. a biometric. As the deadline for adherence to PDS2s technical requirements looms (September of this year) we are beginning to see biometrics move beyond mobile payments. NatWest and RBS recently announced plans to trial biometric cards with inbuilt fingerprint technology that would enable transactions above the current contactless limit to proceed within a PIN entry.
The danger with biometrics is the possibility of impersonation or ‘spoofing.’ There are a host of ingenious methods that enable users to falsify various biometric tests. For example, AI can be used to animate a still image to give the appearance of true ‘liveness’, as demonstrated by market-leaders in the anti-spoofing field, Face Tec. There are various videos online that demonstrate how quickly human actions such as smiling/blinking can be falsely imposed onto an image. Such capabilities should raise red flags for the swathes of banks that have adopted facial verification with ‘blink to prove liveness’ features as their vulnerability to a long litany of fraudulent activities is exposed.
These AI tools are only the tip of the iceberg and should raise eyebrows for those considering the broad implementation of biometrics. This caution has been echoed by the leading research group Gartner in their work on ‘Identity and Access Management’ and on broader level by ISMG, whose recent report suggests that 9 out of 10 financial institutions are falling behind in their ability to authenticate customers and step up security.
In this environment staying abreast of developments in spoofing and biometrics is essential to ensuring the integrity of security systems of all sizes. Contact firstname.lastname@example.org to connect with over 800 Atheneum biometric experts.