Kyle Kilcoyne By Kyle Kilcoyne • April 25, 2017

A Call to Biometrics: Ready or Not, Why America's Time is Now

The Department of Homeland Security's Office of Biometric Identity Management issues RFI to help explain biometrics to public. 

Technologies using biometric identification for security have been gradually moving into the mainstream, and the industry just received a boost. The Office of Biometric Identity Management within the Department of Homeland Security recently announced a formal Request for Information asking businesses with biometrics-related solutions to detail what they do and how they do it. Essentially, Homeland Security has already been leading the way on biometrics and it is looking to other organizations to show how they may be able to take those efforts to another level through advances in identity management. With this effort, the agency is hoping to create a greater degree of consumer comfort with biometrics technologies.

The current federal administration is emphasizing protecting the nation's borders, and ramping up identity management plays a critical role in this process. This opens up many questions about identity control and privacy, and these issues are particularly evident as biometrics begin to progress from niche use cases to more mainstream applications. Biometric technologies are proliferating whether consumers are comfortable with them or not, and organizations must prioritize improving identity management if they want to keep pace with new forms of digital identity. 

How prominent are biometric technologies?

eyeetch.pngA study performed by the Center on Privacy and Technology at Georgetown Law found that approximately 117 million adults in the U.S. are affected by facial recognition programs used by state and local law enforcement. More agencies are using digital images of Americans alongside face-scanning technologies to perform digital line-ups when investigating cases.  In 16 states, law enforcement agencies are allowed to use images from driver's licenses and similar records to perform digital facial recognition when investigating crimes, the report said. If this large-scale project still sounds too obscure of a use case, consider this: a report from The New York Times explained that many major banks are using biometrics in online and mobile banking, with a wide range of identification methods being put into play in order to replace passwords with a more secure form of identity management.

What does this mean for consumers? How should businesses respond?

To answer these questions, let's look at what biometrics do, why they matter, and how identity management solutions are helping organizations maximize the value of biometrics while reducing their risk.

How do biometrics technologies work?

At their simplest, biometrics solutions authenticate personally identifiable, unique physical traits of an individual in order to verify identity. Fingerprint and retina scanners on phones, for example, are increasingly common biometric solutions. The problem is that biometrics are not foolproof and can be insecure if used as a single point of authentication. Furthermore, digital tools performing biometric analysis must store data pertaining to personal identifiers, creating risk if that data were to be stolen. Contrast the fungible nature of passwords with the permanence of biometrics to understand the severity of risk involved in the event of a biometrics data breach. Because of this, biometrics must be used in conjunction with supplementary technologies to offer a full identity management package.

Using biometrics within identity management

For consumers, biometrics are already beginning to break down layers of complexity associated with traditional onboarding processes, as financial institutions and other security-conscious organizations incorporate fingerprint scanning and similar authentication tools into their services. However, the rise of biometrics creates some real privacy concerns. If someone steals a user's fingerprint, that identifier is compromised permanently. You can scan a different finger, but you only have 10 fingers to work with. Thus, for biometrics to become a viable solution for digital identity authentication, the secure transmission and storage of this data must be paramount. 

Businesses incorporating biometrics into authentication have an opportunity to improve user experiences if they can also provide the breadth of security needed to assuage privacy concerns. Identity management solutions are capable of incorporating a variety of authentication methods, ranging from facial scans to analysis of biometric identifiers on official documents, in order to gain a clear picture of a user accessing a system. This breadth of functionality is critical, as the RFI coming from the OBIM shows a rapidly escalating transition to biometric use for identity authentication. Organizations must balance user experience functionality, security, and reliability to deliver full identity management offerings that take advantage of the relative strengths of biometrics as authentication solutions, while accounting for their inherent risks. The move toward biometrics ushers in an identity security arms race, and organizations can't afford to fall behind.

At Confirm, our leading technologies can process authorization credentials automatically, extract relevant data, and perform facial recognition. This provides added consumer security by incorporating multiple layers of authentication into the identity verification process, while allowing businesses to deliver streamlined user experiences enabled by digital authentication. 

As the federal government continues to push for mainstream adoption of biometrics solutions, and organizations increasingly develop technologies to perform biometrics-based digital authentication, identity management leaders are providing the underlying foundation needed to ensure safety and efficiency along the way.  

Screenshot 2017-04-25 10.54.27.png