Biometric authentication refers to identifying individuals through unique biological traits such as retinas, irises, voices, facial characteristics, and fingerprints. Biometric authentication is generally considered to be a more reliable and faster way to identify users/individuals because biometric data is unique to each of us. Nobody can change it. Apart from ensuring identity assurance, biometric authentication is very easy and often is a simple one-step solution for users like Apple’s Face ID. It also enables easy fraud detection as biological and behavioural traits cannot be hacked or duplicated.
Businesses are adopting biometric authentication since it allows them to ensure security of their customers that entails higher customer satisfaction and conversion rates as well as better protection of their business ecosystems from malware, bots and cybercriminals. By 2023 identity corroboration hubs will displace existing authentication platforms in more than 50% of large and global enterprises. An identity corroboration hub ensures management of a true digital identity tied to a person with real-time monitoring authentication.
In 2023, overall digitalization of all businesses was accelerated by the COVID-19 pandemic. In order to reduce physical contacts between consumers and devices, banks and other financial services providers take advantage of biometric authentication software. Fingerprints, facial and voice recognition are becoming extremely popular ways to authenticate a user for payments. According to a survey commissioned by Visa a few years ago, 86 % of the respondents were interested in biometric technologies to verify identity or make payments. Nearly half of those surveyed said that they would think of leaving a bank or mobile services provider that would not offer biometric authentication in the future. When it comes to the shift in payment patterns, Visa indicates that amid the pandemic overall contactless usage in the USA has grown 150 % since March 2019. Let’s have a look at a few examples below.
In Romania, UpRomania, a financial services provider, presented its customers PayByFace app for payments enabled by facial recognition technology to reduce physical contacts in affiliated stores.
Amazon has recently announced Amazon One palm-based scanner for “real-world” shops. The solution will be first tested at Amazon’s stores in Seattle. Customers are not supposed to press their palms down on the device itself. The scanner uses the information embedded in their palm to create a unique palm signature that it can read every time they use it. Amazon emphasizes that customers’ palm images are encrypted and sent to a secure area in the cloud, where relevant signatures are issued.
Google is also said to test biometric fingerprint payment features for desktop. It is supposed that biometric software is being developed for fingerprint-enabled enrollment and authentication in partnership with Stripe, payment processing platform.
MasterCard and Idemia are cooperating to release a biometric card that utilizes a fingerprint to authorize transactions at physical payment terminals. The card named F.CODE Easy leverages the seamless experience of biometric authentication of a smartphone and transfers it to a smart card.
“As people make a permanent move to contactless transactions, the biometric card promises more choice and greater security for consumers. With Mastercard’s focus on digital commerce, this solution is a testament to the innovative partnerships Mastercard cultivates and its mission to provide fast, frictionless payment experiences that are protected at every point,” said Mr. Matthew Driver, Mastercard’s Executive Vice President, Services, Asia Pacific.
China UnionPay, the country’s biggest card provider, has also certified its first biometric fingerprint card technology. UnionPay’s biometric payment cards will make use of IDEX Biometrics, Norwegian company specializing in fingerprint imaging and recognition software. This event is expected to boost mass biometric technology adoption in China since UnionPay supports more than half of all cards issued on the global brand networks.
Facial biometrics has also become an extremely popular benchmark for authentication. Apple’s Face ID is one of or even the most well-known consumer facial biometrics systems, which takes advantage of a grid of infrared dots to measure the physical shape of a user’s face. Even though Face ID verifies users wearing sunglasses or thick beards, wearing masks due to the COVID-19 outbreak is a hassle for the technology. In May 2023, Apple removed the delay in failing to verify the user’s face and showing a passcode for an alternative authentication.
In July 2023, the National Institute of Standards and Technology (NIST) (USA) reported that the accuracy of facial recognition solutions had reduced significantly in matching digitally applied face masks with photos of the same person without a mask. Masked images recognition failure varied from 5 to 50 percent. The NIST research team revealed that the more of the nose a mask covered, the lower the facial recognition accuracy was. Besides, the shape and color of a mask also affected users verification. Black masks degraded the authentication process compared to surgical blue ones.
However, some experts in the industry see another problem here.
“Modern face recognition relies quite heavily on the area around the eyes. The old paradigm – measuring the geometry of the shape of the face in general – that was obsolete five years ago”, says Andrew Bud, chief of iProov, facial verification services provider. According to him, the problem with masks is that they make genuine presence assurance too complicated. “Most genuine presence assurance solutions will struggle to deal with a large mask covering the majority of someone’s face,” Mr. Bud adds. Iproov developed an alternative to face recognition – Palm Verifier, biometric authentication software for recognition through a picture of a hand. Ultimately, as the company puts it, users should change their attitude toward facial verification and briefly take their masks off.
A trend to watch in 2023 and in the near future related to the issue of authentication failures is the use of multi-factor biometric authentication. The combination of different types of biometric traits improves security because the chance of spoofing fingerprint and iris data is nearly zero. An enhanced security level could also be added through liveness detection technology. Biometric software companies incorporate biometric samples of liveliness into their solutions preventing customers’ systems or devices being spoofed by a photo or 3D mask. For example, Selfie-Check software asks users to turn their heads to left, to the right, or make random head movements to confirm their identity.
Another trend in biometric authentication is utilizing behavioral biometrics software. Behavioral biometrics solutions track a person’s traits and micro-habits like voice, keystrokes when typing, navigational or engagement patterns etc. The system can revoke the access to a user if their typing speed or mouse cursor activities differ from how they usually look like. Authentication based on behavioral biometric data generally takes place without the knowledge of a user. Users can give their consent to data collection at the point of enrolment, but they might not be fully aware when exactly it happens.
This makes behavioral biometrics inferior to other types of biometric authentication in terms of users’ privacy. Users want to know how their data is used and where and how long it is stored.
“Recently, we have seen a number of attempts to establish legislative frameworks for biometric data. In Europe, the General Data Protection Regulation gives control to individuals over their personal data and establishes the regulatory environment for businesses. The GDRP addresses biometric data, as well. In the U.S., relevant privacy laws became effective in some states in 2023. Thus, in California, the Consumer Privacy Act (CCPA) entered into force on 01 January 2023. In March 2023, New York residents received protection of their information through the adoption of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). Both these regulations provide safeguard to biometric data and impose relevant data security requirements on businesses.” – comments Vladimir Antonovich, Chief Operational Officer at Elinext.
Increased regulation efforts will likely continue in the near future as biometric software initiatives escalate.
Biometric authentication market represents a fast-growing opportunity both for software development companies and their customers. Secure and personal identity verification utilizing biometric data help users prove their identity, make payments, gain access to information, unlock devices, etc. in a number of industries from banking to airport security systems. Amid the pandemic, contactless biometrics software is definitely not something that will disappear.