Biometric Authentication 101
Here’s the scoop on biometrics, how it provides the most secure and convenient form of authentication, and how different industries can benefit.
Biometric authentication uses a person’s biological characteristics to authenticate that they are truly who they claim to be. This security process identifies people using fingerprints, facial scans, voice prints, retina scans, iris scans, or behavioral biometrics like gait, keystrokes, typing speed or mobile touch, interactions, and swipe.
Biometric authentication works by extracting data points, via AI-powered algorithms, from a user’s biometric factor during an onboarding process like identity proofing and verification and storing that data as a secure, biometric template that will be used for future authentications.
The stored biometric credential is compared to the live factor that is presented during authentication, for example a selfie being compared to a face template. By comparing the biological characteristic (biometric factor) a user presents with the verified identity data that has already been stored in an organization’s database, these two processes, together, form the safest, most reliable, and most user-friendly strategy for onboarding and account access.
While the use of biometric authentication is on the rise, so is fraud incidence. The pandemic especially fueled an increase in identity fraud; according to Comparitech, incidents nearly doubled between 2019 and 2020. The Federal Trade Commission also found that fraud losses rose from $1.8 billion in 2019 to $3.3 billion in 2020 to $5.8 billion in 2021.
Biometric authentication offers businesses across industries the invaluable ability to improve security with the safest factors (biometrics) available in the market today without complicating or adding friction to account access for users.
Types of biometric authentication
Humans have many unique biological characteristics that can be used to identify them. Using any particular characteristic for authentication depends on having a device that can accurately “read” and capture the biometric factor. With fingerprint readers and facial scanning capabilities built into a majority of today’s mobile phones, tablets, and computers, and voice recognition available with many virtual assistants and phone calls, biometrics have become increasingly popular.
As modern users have become more and more comfortable using them to unlock their devices, biometrics has cemented itself as a reliable and secure method of authentication – and a great way to preserve accessibility and a convenient user experience. Behavioral biometrics are also seeing increased usage. Different biometric factors offer different degrees of practicality for everyday use.
Fingerprint and palm scans
The Chinese were the first to use fingerprints for identification, as early as 221 BCE. According to the UK’s National Cyber Security Centre (NCSC), “fingerprint systems analyse the locations of ‘minutiae’ – the endings and bifurcations of the friction ridges on the pads of your finger. Often, additional information, such as the number of ridges between minutiae points, is also used.” Interpol reports that “no two people have the same fingerprints, not even identical twins.”
Palm scans work identically to fingerprint scans, except they require the user to place their entire palm on a scanner rather than a single finger.
Their uniqueness combined with ease of use – a person simply places their finger or palm on a computer key, phone button, or another reader, respectively – contribute to the popularity of fingerprints as an authentication factor and of palm scans as an alternative method.
Facial scans
When facial identification software reads a human face, the AI-powered biometric algorithms look for distinguishing facial landmarks. These can include cheekbone shape, distance between the eyes, lip contour, eye socket depth, ear contour, and distance from forehead to chin.
Facial scans are easy for customers and employees, as the user need only place their face in front of a device’s camera. The use of face biometrics also fosters financial inclusion and accessibility, as it’s simplicity removes barriers many people may experience with other forms of authentication.
Voice recognition
The qualities of a person’s voice are formed by physical characteristics like the shape of the larynx and other features including accent, rhythm, vocabulary, and intonation. Speech recognition systems can be text dependent, where a person has to say a particular word or phrase, or text independent, where a person can speak freely.
Today’s voice recognition algorithms are highly sophisticated and can differentiate between real and synthetic voices, like deepfakes. Voice recognition is very easy for customers and employees to use – all they need to do is talk.
Behavioral biometrics
There are uniquely measurable patterns in a variety of human activities, from typing on a keyboard, to swiping between screens on a mobile device, to simply walking. Behavioral monitoring, which can take place on two main platforms – keyboard and mouse or mobile device – is nearly invisible for customers and employees, who simply perform the measurable activities as usual.
Keyboard and mouse analytics can measure dwell time, key-to-key, total time to type, and mouse movements. On mobile, behavioral biometrics can leverage the chipsets embedded in a device to measure dwell, flight time, exchange, globularity, intensity, reactive shift, XYZ force, and XYZ motion. Mobile devices offer a rich behavioral dataset.
AI and machine learning analyze these patterns and create measurable data that can be used to authenticate identity. Because it can operate in the background of a web or mobile session, behavioral biometrics can enable continuous identity monitoring, which reduces the opportunity for criminals to take over a legitimate session.
Retina and iris scans
A staple of spy and sci-fi movies, retina and iris scans aren’t in widespread use for authentication. This is mostly because these techniques require specialized hardware.
Retina scans use infrared light to read the retinal blood vessels. No two systems of capillaries in the retina are the same, and they can be affected by cataracts, diabetes, and other health conditions.
Retina scans can be less convenient for users, as they require holding the eye close to the scanner and remaining still and unblinking.
Iris scans use infrared light to take a high-contrast photograph or video of the iris. The authentication system then performs mathematical pattern techniques to verify the identity. Irises are unique and don’t change over a person’s lifetime.
Iris scanning can be done at a distance, making it easier for customers and employees than retina scanning.
Hand geometry
Hand geometry measures elements including the length, width, thickness, and surface area of a person’s hand. While not as unique as other biometric factors, hand geometry is typically used to identify employees. According to the FBI, “Hand geometry recognition systems are widely used for applications in physical access, attendance tracking, and personal verification.”
This biometric factor is easy for users, who only need to place their hand in a reader.
Benefits of biometric authentication
Biometric authentication offers several advantages over other authentication methods.
Overcome the weaknesses of passwords
Biometric authentication provides stronger protection against fraud than password-based authentication. A 2020 study by The Zebra, Pew Research Center, and NBC News reported that 39% of consumers use the same password for every service and that 79% of Americans share their passwords with people outside their homes. Google has found that 59% of U.S. adults have incorporated a name or birthdate into their password for an online account.
Biometric factors can’t be lost or shared, they aren’t written down to help people remember them, and they don’t contain personal information that’s readily available to fraudsters online. This makes them inherently more secure than not only passwords but any other factors available.
Increase security against fraudsters
Unlike personal information that is widely available online and that can be used to try and access an account, biometrics can only be possessed by a single, unique person. Identity proofing and authentication technologies such as liveness detection ensure that still images, video captures, or voice recordings can’t be manipulated and substituted for corresponding biometric factors.
Biometrics are also immune to the types of fraud that passwords and other knowledge-based authentication factors are vulnerable to: phishing, social engineering, man-in-the-middle, and other kinds of attacks.
Make enhanced security more convenient for customers and employees
Biometric authentication is simple for customers and employees, only requiring them to, for example, press their fingerprint against a scanner or take a selfie. There’s nothing to remember and no other items necessary for the user to have in their possession.
People are already familiar with biometrics, which increases its perceived convenience and security as well as its adoption rate. PYMNTS has reported that 58% of consumers believe biometric authentication methods are faster and more convenient than other login methods. The Experian 2022 Global Identity and Fraud Report found that when asked what the safest recognition methods were, 80% of respondents said physical biometrics and 76% said behavioral biometrics.
Save money
Businesses spend an incredible amount of time and money dealing with password resets on an annual basis. Gartner estimates that 40% of all support calls are for password resets, and employees lose 11 hours per year just handling these resets. In 2019, Yubico released a survey that estimated the average annual cost of productivity loss for password resets at $5.2 million per company.
According to Google data captured between March and April of 2023, authenticating with passwords was only successful 14% of the time, while authenticating with Google’s biometric passkeys was successful 64% of the time. These numbers directly correlate to customer satisfaction and, in turn, customer retention.
Perceived downsides of biometric authentication
Biometrics can provide great advantages when it comes to securely authenticating customer data and accounts. While no security system is 100% impervious to fraud, there are perceived weaknesses of biometric systems that are no longer accurate today. Four subjects that have come under fire include bias, database vulnerability, privacy, and cost. These areas of concern are, at this point, virtually moot, as biometric technology has advanced and still provides far greater advantages than legacy authentication technology like passwords, OTPs (one-time passwords), and physical keys or tokens.
Bias
Like other systems that depend on AI and machine learning, biometric authentication systems need to be trained. This means that data – data that is as varied as possible – is needed. For facial recognition systems, if training has been performed primarily using photos of faces belonging to people of the same or similar demographics, the system can perform poorer than a system trained on larger, more varied groups of faces.
But as facial recognition technology has advanced, most systems have met the threshold of necessary data input, meaning these inaccuracies have greatly decreased to the point of being statistically insignificant.
Database vulnerability
The security of a biometric authentication system depends in part on how well-protected the database that stores the biometric information is. Despite this, stolen biometric information is harder – in fact nearly impossible – to use for fraud than stolen passwords and other knowledge-based authentication methods: even if a biometric template is stolen, it cannot be reverse engineered into a usable representation of a person’s face, fingerprint, or voice.
Privacy
Consumers may be concerned that their biometric information will be shared with law enforcement, immigration officials, and other organizations. To combat this, there has been a rise in biometric privacy laws, both as stand-alone legislation and as part of more comprehensive consumer privacy acts. According to Bloomberg Law, Illinois, Texas, and Washington have biometric privacy laws, while California, Colorado, Connecticut, Utah, and Virginia “have passed comprehensive consumer privacy laws that, once in full effect, will expressly govern the processing of biometric information.”
Privacy concerns with AI and biometric authentication are being addressed as rapidly as governing agencies and organizations are able – updates that should give users more confidence in the technologies.
Cost
Adopting biometric authentication, like all technology, does come with certain costs. These costs, however, are negligible when you consider how an organization can save millions of dollars just by avoiding password recovery expenses alone when they make the move to biometric authentication. The investment in more advanced, secure, and convenient authentication indisputably pays off on many fronts of a business.
How industries benefit from biometric authentication
As fraud increases, many industries are turning to biometric authentication to provide the highest level of protection for their customers, employees, and data.
Financial services
Financial services organizations are particularly popular targets for fraudsters. They hold highly sensitive customer data and enable access to clients’ money in a world where that access is increasingly digital. Biometrics can help secure data and assets by increasing the security for all types of customer transactions and interaction points, from opening an account to making payments to transferring and withdrawing money to signing documents.
Public sector
In the wake of the increased fraud associated with pandemic relief and unemployment insurance programs over the past three years, the Center for Democracy & Technology reports that “at least 20 states” have adopted biometrics to better identify citizens making those claims. The public sector and government agencies hold millions of sensitive records, personally identifiable information (PII), and data points about private citizens, making security a top concern for this sector.
Travel & hospitality
Across the travel and hospitality industry, biometrics are increasing security and user convenience. Some airlines have begun allowing flyers to check-in using facial recognition. Intellectsoft tells of a hotel in China that lets visitors check-in using facial scanners. In the future, biometrics could replace room keys for both guests and staff, control access to areas such as lounges and pools, and replace handwritten signatures for orders and on-site purchase. These enhancements also reduce staffing costs and minimize physical touch points – two business considerations brought about by the pandemic and which are still impacting organizations today.
Healthcare
Among its many uses in healthcare, biometrics can assist with patient matching and patient identification. Ensuring the right records are matched with the right patient both improves the quality of care and reduces costs associated with duplicate records. Telehealth, insurance fraud, and controlled substance access are also better enabled by biometric authentication.
When patients need virtual care, being able to confidently verify and authenticate their identities digitally and with minimum friction gets them the care they need, when they need it, and allows all parties involved to avoid the fines and issues associated with medical identity fraud and insurance fraud. And when patients need to access their prescriptions and controlled substances, biometrically authenticating themselves with a quick, easy selfie is much more efficient than waiting in long pharmacy lines – not to mention safer, as technicians are subject to human error when trying to verify someone’s identity with just a physical document and birth date or other kind of KBA (knowledge-based authentication) in person.
Protect your customers with biometrics
Biometric authentication offers a large advantage in security over traditional passwords and knowledge-based authentication systems.
With biometric authentication, you can:
- Reduce costs
- Combat fraud
- Demonstrate to customers that you’re aggressively protecting their accounts and data
- Provide access that’s secure and convenient through methods customers are already comfortable using
Learn more about the power of biometric authentication from Daon.