Though biometric analytics have been around for a few years now, Apple and Samsung’s recent introduction of fingerprint readers to their newest mobile devices prove that biometric security systems are going to be more and more commonplace in the public sector. The research organization Goode Intelligence estimates that biometric authentication will be on most mobile devices by the end of 2015 and that by 2019, it will be used by 5.5 billion people worldwide. Familiarity with biometric analytics means ease of use for employees and consumers alike.
Deciding to use biometric analytics as a means of security depends greatly on the asset being protected; however, the cost is coming down as the technology is researched, perfected and used more widely, says William Edaburn, Technical Security Specialist at Southern California Edison. As companies tire of entering passwords and keeping track of them all, as well as risk the potential for being hacked, biometric solutions are becoming the wave of the very near future, according to Kayvan Alikhani, Senior Director of Technology at RSA, the Security Division of EMC, and a provider of intelligence-driven security solutions
This is certainly the case for Crystal City Children’s Center, a non-profit early education program in Arlington, Virginia, which has embraced fingerprint readers to protect all of its precious assets, ages 12 weeks to 5 years. “We’ve been using this system since April 2014, and I am ecstatic with it,” says Luellen Matthews, Director of Crystal City Children’s Center. “I have no worries about access inside my building because I know the only people that can get in have to come through this biometric system or have had to make an appointment to tour the center with me.”
The switch from a punch locking system to fingerprint readers occurred when the Children’s Center moved to a new property. “It was a fluke that we went with this system. I was having dinner with a friend who is in the airline security system, and it wasn’t long after the Newtown massacre. I told him we were building this new center, and I needed to have a secure entry system. He said he didn’t know why we couldn’t use a similar system to what is used in the airports. That’s how it started.” The friend got her set up with the right people to make her needs reality.
Recently, Matthews received further confirmation that her security system works well on a variety of levels. “I had parents who are going through a divorce, and the father had a protective order taken out against him so he could not have access or communication with the children,” she says. “Once I get that in my hands, I have to follow that by law. Instead of having a confrontation with the father at the front door, I merely went into the master computer system and temporarily suspended his access to my building.” Though the father did come to pick up his kids and tried to get in, Matthews was able to deal with the situation without any threat to the children or herself. “I don’t see any reason why this kind of system couldn’t be used in regular schools too. It certainly works for us,” says Matthews.
Cerner Corporation, a healthcare information technology solutions company, uses both fingerprint scanners and a facial analytic card reader in different areas. “The fingerprint reader is on very specific buildings, the ones we consider high value,” says Mark Heiman, Security System Engineer at Cerner. “Since we have pharmacies on site, we have been putting the facial scanners there first. Facial is not necessarily more secure, but it’s easier to use. You just walk up to the reader, it reads your face, and it unlocks within a second.”
Heiman says Cerner looked briefly into using voice recognition, but there was a concern that a voice could be recorded and used falsely. In the end, they decided to go with fingerprint and facial recognition. “With the facial scanner, you can’t just use a picture because the scanner uses infrared, so a picture isn’t going to give off any infrared,” he says.
The environment can be a challenge for outdoor facial recognition scanners. “Even sunlight can affect the readers,” says Heiman. “Not too many of the scanners are outdoors, but the ones that are have had to be re-engineered.” So far they haven’t had any major problems with the facial recognition readers though. “Unless there are major changes to the face in a short period of time, like if you get in a fight your face swells up, there shouldn’t be problems.” Users are enrolled with and without their glasses so that there is no effect by wearing them.
The staff at the Toronto Forensic Services and Coroner’s Complex (FSCC) are likewise pleased with the iris reading system they have employed for the past two years, says Alan Dawes, Facility General Manager. “We have very stringent security requirements that are regulated because it’s a forensic facility,” Dawes says. “The devices we use are to maintain the perimeter so that people who shouldn’t be getting in can’t get in and, more importantly, to give us a highly audible trail to demonstrate who went where and when.”
Like most facilities that use biometric analytics, the FSCC uses two-factor authentication. “We use a simple, old-fashioned approach where we have the security card with the chip in it to go through card readers. The next step up is we use the iris readers,” says Dawes. “When we enroll people, we take a picture of their iris and it encodes that, and the data is embedded in the chip of the card. It takes a picture and compares what it is looking at with the card that’s presented.”
Because of the personal data and privacy issues involved, the unions associated with FSCC have taken a keen interest in their use of biometric analytics. Since the iris imaging information is kept securely in the chip of the user’s card, a database of information is not maintained. “It’s an upscale version of putting your photograph on the card, but it’s safer,” Dawes says. “There is no personal data in any way accessible on the cards or stored anywhere, so we’ve overcome that obstacle” in the eyes of the unions.
Dawes is a big proponent of iris imaging above other forms of biometric analytics because he feels it’s the most robust and non-invasive option. “I’ve tested it out personally at the facility, and it reads with significant accuracy. We’ve never had a fail, through glasses, through hazmat suits, through contact lenses. The only thing we found a problem with so far is when people have colored or patterned contacts. That’s like taking a fingerprint through a glove,” he says.
Dawes says the biggest challenge at FSCC has been integrating all of their security into one building management tool. “It’s not that these things are difficult, but there are thousands of devices that have to sync to the same queue. Getting that integration right has been a success story,” he says. “We are heavily audited by a couple different groups, so when I say it’s a success story, that’s not an opinion; it’s a repeated and heavily audited fact.”
Biometric Authentication in the Payment Space
Samsung and Apple have already integrated fingerprint authentication with PayPal and Apple Pay respectively on their newest mobile devices, and this trend is likely only going to increase, according to a USA Today report. Part of the push for biometric authentication is due to incidents like the Target and Home Depot breaches, in which millions of consumers had their credit card numbers stolen. Biometric payment companies are trying to get away from storing centralized data in order to enable a safer purchase experience for consumers, the USA Todayreport says.
“Decentralized biometrics are great, because they’re in the hands of the consumer,” says Bob Reany, Senior Vice President of Authentication Services at MasterCard. With databases full of customer information, a hacker can get millions of credentials in one swoop. If this sensitive data is kept on a device itself instead, such as with using a fingerprint scan, suddenly there’s not so much of a target for thieves, Reany says.
“With device information, location information, account history, and biometrics layered on top of that, I think ecommerce is going to get safer,” says Reany. Using layers of security is key to safer online shopping experiences. “Device ID and geolocation are great tools for sorting out who is suspicious and who isn’t, but the last mile is to identify who the consumer is,” Reany says. “That’s where we’re working on biometrics. We think facial recognition, voice recognition, and these fingerprint readers on the phone work well. They uniquely identify the customer.”
Though Reany’s team was initially excited about voice recognition as a way to authenticate payment, they were surprised to find that customers aren’t very excited about using it. “You don’t want to have to verify with your voice while you’re on the subway or in your cubicle trying to order something,” he says. “Facial recognition, though it has technical challenges, is more accepted thanks to selfies.” Iris imaging is coming along too as an option for payment authentication. “The resolution of these phones is so good that they can just focus on the eye,” says Reany. “There are a lot of unique characteristics in your iris that make it work well.”
One challenge in the biometric authentication realm is privacy, Reany says. “Every government seems to have different regulations and conditions for privacy, so programs will vary depending on the country. These aren’t consistent yet.” Legislation and regulation are being worked on, but uniformity is a long way off.
The other big challenge, says Reany, is consistency. “Apple is way different than Samsung as far as the security layers, the hardware-based security, how they protect data on the phone, etc.,” he says. “It’s still the Wild West a little bit. Phones have got to get safer and more consistent.”
Edaburn of Southern California Edison finds integrating security systems with biometric analytics to be a challenge. “This is often the case with different systems and brands and companies. In reality, it’s proving to be difficult, even though they say they are integrative,” he says. “There are a lot of issues in getting the two systems to talk to one another in an efficient manner.”
The Bottom Line
One of the potential advantages for businesses in using biometric security is to not have to distribute, replace or pay for access cards, says Edaburn. “You have your fingerprint, iris or voice with you, and that’s pretty hard to fake. It’s much more secure than a card,” he says.
Biometric analytics are also easy to use and they cut down on error, especially when two-factor authentication is used. “It all depends on what you’re trying to protect,” he says. “Biometrics may not be the way to go in areas where there is a lot of personnel going in and out. It’s typically not used in a high traffic area because there’s a processing time for how long it takes the system to look up and verify.” Hand geometry, iris scans, and fingerprint readers are the most commonly used biometric analytics, says Edaburn. “With hand geometry and fingerprints, the error rate is typically less than 1 percent.”
As with every kind of security, “any security system, biometrics or otherwise, is only as good as its people,” Edaburn says. “You can have the best security system in the world, but if you don’t train the people, it’s useless.”