In 2022, the digital identity solutions market was valued at US$28 billion. By 2027, this is expected to rise to more than US$70 billion[1]. Biometrics are everywhere now. 80% of smartphones now have biometric authentication enabled[2]. This technology is used in banks, law enforcement, airports, healthcare, and many more day-to-day interactions. But how much do you actually know about it?
For a topic that is so frequently a source of debate in the access control field, it is surprising how many myths about biometrics persist. Let’s look at some of the most common misconceptions.
1. Biometric information can be stolen.
Biometric technology utilises measurable human characteristics to determine and authenticate identity. It uses physiological factors to distinguish between people. The characteristics that are commonly used for biometrics include:
- Fingerprint patterns
- Facial features
- Voice sounds
- Iris patterns
- DNA make-up
- Hand markings
One of the biggest plus-points for biometrics is the inherent higher level of security it brings. An access control system that uses cards, tags, or keypad codes is subject to added risks. Cards can be stolen, tags can be lost, and keypad codes can be forgotten or misplaced. Despite the very prevalent misconception, your biometrics cannot be stolen.
Someone cannot physically steal your fingerprints, voice, or iris patterns. These factors can be cloned, but not stolen. Any decent biometric security system will have features available to identify and repel spoofed or cloned credentials.
For example, ievo fingerprint readers are certified ISOPAD Level 1 compliant. This means that they successfully identify and deny access to fake fingerprints. In addition, ievo readers have liveness detection built in. This technology identifies whether the finger presented to the reader is real skin with live blood flow before granting or denying access.
Biometric information can be copied. But it cannot be stolen.
2. Facial recognition is an infringement on my privacy.
There are two types of facial recognition systems: one-to-one and public. This distinction is essential for breaking down this very common misconception.
Public facial recognition systems are those used in places such as casinos and airports. They are generally used for surveillance purposes. Large numbers of faces are scanned and analysed constantly in order to identify and flag any known individuals. Lots of people believe public facial recognition systems are an infringement of their right to privacy.
This is where the myth kicks in. While public facial recognition remains controversial, one-to-one facial recognition is a different matter entirely. These are the kind of systems used for access control purposes. One-to-one facial recognition does not scan crowds of unknown people and pick out individuals. They do not have access to any other database besides that of their own internal system. Therefore, the only faces it recognises are those of people who have manually registered their face onto the system.
Registering your face on a one-to-one facial recognition access control system is not an infringement of your privacy. The database of faces can’t be sold or stolen, and no other unconnected device will be able to recognise your face as a result. If you are still uncomfortable with registering your face, many facial recognition system such as the ievo iface™ offer traditional card swiping technology as well.
3. My data is at risk in biometric systems.
Many people believe that biometric security systems are risky. If your fingerprint image was stolen or hacked, you can’t just replace it like you can a swipe card or keypad code. It’s an understandable fear. But fortunately, it’s not one you need to worry about.
Every security system is different, so we can’t speak for all of them. But we can tell you that your data is safe with ievo biometric solutions.
When you present your finger to an ievo reader, it takes a highly detailed photo of your fingerprint. The reader analyses the image and identifies up to 100 separate tiny details called minutiae. The pattern of those minutiae is used to create a digital template representing your fingerprint. The original image is permanently deleted and cannot be retrieved in any way.
The template that is created by ievo readers is proprietary. We also use a cutting-edge high security algorithm to enrol, extract, and match data. That means that even if someone was able to get hold of the template (which is unlikely in itself), it is useless to them. The template cannot be reverse-engineered to generate an image of your fingerprint. It cannot be used in any other fingerprint recognition systems, either.
Why is it unlikely that someone would be able to steal a fingerprint template? Because there is no data whatsoever stored on the ievo reader head. So even if someone ripped the reader off the wall and ran away with it, it would be completely useless. All fingerprint templates and other data are stored on the ievo Interface Board. This is a separate module that is installed away from the reader on the secure side of the door. And anyway, even if someone butchered a door and a wall and somehow managed to find the Interface Board, the data on it is still useless to them thanks to our algorithm protection.
Your biometric data is not at risk in the right hands. ievo solutions protect it robustly.
4. Biometric technology is unreliable.
There are two primary measures of the reliability of biometric technology. False Acceptance Rate (FAR) and False Rejection Rate (FRR) indicate how often a system recognises someone it shouldn’t or fails to recognise someone it should. For a long time, the reliability of biometric technology has called its reputation into question.
But this is no longer the case. While early biometric recognition systems struggled, technology has come a very long way very quickly. Sensors are significantly better today than they were 20 years ago. Data can be captured and analysed in much more detail much more quickly.
Today, most biometric system manufacturers have to make a conscious choice to prioritise either high security or user convenience. This really depends on where the biometric authenticator is located and what it’s for. For example, in a military facility, false acceptances are extremely dangerous and cannot be tolerated. In this environment, it matters less if authorised people have to try a few times before being granted access, as user convenience is not as important as security.
However, if your mobile phone’s fingerprint reader also prioritised security, it would be very frustrating to have to scan multiple times to unlock it. So it is probably more likely that your phone would allow a higher FAR in order to make the user experience as smooth as possible.
It is impossible to guarantee 0% FAR and 0% FRR. However, many biometrics manufacturers now advertise 0.0001% error rates or even less. And biometrics is a lot more secure than passwords! 80% of data breaches still occur as a result of weaknesses with traditional passwords[3]. People write them down, tell them to someone else, auto-fill them, and forget them. 21% of Americans admit to resetting a password more than once a week[4].
Biometrics is far more reliable than you think.
5. Biometric solutions are too expensive.
For many people, biometrics still feels like a futuristic, high-tech, Mission Impossible solution. And they assume that that means expensive.
Really, it’s all about perspective. The technology and components in biometric access control solutions are indeed newer and generally pricier than traditional card readers. However, when you look at the medium- and long-term view, you might even be saving yourself money.
First up, there’s no ongoing cost of a biometric solution. It’s installed, it’s used, and that’s that. For card readers, that is very much not the case. People do lots of things with swipe cards: they lose them, forget them, damage them, have them stolen. With card readers, while the upfront cost might be lower, you’re committing to constant ongoing costs to replace or replenish stocks of cards or tags. And that’s not to mention the cost to the environment of constantly producing more (usually plastic) cards.
And secondly, there’s the future-proofing factor. Investing in forward-thinking technology means it will work better for longer into the future. Biometrics offers higher security and higher technology that increase the effective lifetime of a newly-installed system. Opting instead for a cheaper card-based system based on older technologies means you’re already playing catch-up. That might mean you have to rip and replace a system again in the not-so-distant future anyway – with all the added costs that brings.
Things are changing – and fast
It’s understandable that people have reservations about biometrics. They’re worried about security, data protection, reliability, and cost. But very often, those worries are based on information and experiences of technology that is out of date. Today, biometric solutions are a viable, robust, and dare we say it – cost-effective access control solution.
At CDVI, we’re here to help you find the right solution for you and your customers. Find out more about our biometric security solutions today!
TL;DR
1. Biometric information can be stolen. Wrong! It can be copied, but never stolen. Biometric factors are unique to you and inherently part of you.
2. Facial recognition is an infringement to my privacy. You mean public facial recognition systems. In access control, the only way your face can be recognised is if you manually consent and register it in the system.
3. My data is at risk in biometric systems. ievo biometric solutions have robust built-in security features to ensure that your data is never accessible and never usable even if maliciously acquired.
4. Biometric technology is unreliable. Technology has come a long way, and impressions of biometrics as ineffective are often based on out-of-date experiences.
5. Biometric solutions are too expensive. Upfront costs of biometric technology might be higher than card reader solutions. But biometrics are much more future-proofed and do not come with the constant ongoing costs of replacing swipe cards.