Biometrics security authentication Authentication is one of the most annoying steps required in order to log in to an online service or call center system. “Can’t log in?”, “Forgot your password”?, “Not sure what your login is?”, “The new password must be at least 8 characters and contain at least 1 special character”. Do you know these messages inside out? Recent technological advancements help us authenticate faster and not to drawn in the see of passwords, PINs and security questions. With biometry it’s not only more convenient but also safer and more secure. The new whitepaper by Comarch ICT discusses this issues.

 

What is biometrics?

There are three basic authentication methods. Typically, you’re asked to tell something you know (e.g. a password or a private key). Sometimes a company asks you to present something you have, e.g. an ID, membership card, or a hardware token. Passwords and PIN codes continue to be the most popular user identification solutions. Tokens are slightly less popular but they are also widespread. These methods fail when you forget a piece of information, or simply don’t have an ID or token with you. There’s only one thing  that you cannot forget – it’s your body. Biometric methods are based on “what you are”, and many security specialists consider them to be much better and more comfortable than traditional authentication methods.

Biometrics is a field of study that looks at the methods of measuring biological and behavioral traits in living organisms, including humans. Many of those traits and their combinations are unique, which makes it possible for us to distinguish between each other. The most popular authentication mechanisms are based on fingerprints, finger veins, facial recognition, retinal or voice biometrics. It was Apple who played a pioneering role by employing, among other things, fingerprint sensors for the user to access their mobile phones and for a mobile payment system ‘Apple Pay’. Today, many other mobile phone manufacturers such as Samsung, Microsoft, Huawei, HTC and Oppo offer solutions supporting biometrics technologies. Voice biometrics, in turn, is basically used to compare a customer’s voice with a set of previously taken voiceprints to see if a given statement was factually made by a given person.

 

Why Biometrics?

The first thing is security. Each year, hundreds of millions of Euros are obtained by deceit by means of stolen personal data such as passwords and PINs. In the dark web you can buy this kind of information. Below I listed the most common data threats. This table also shows that certain methods of authentication are prone for such attacks.

 

Potential Data Threats

 

Voice biometrics

PIN and password

Security questions

Hardware token

Data breach/theft

Low

Medium

Medium

High

Providing access to data

Low

High

High

Medium

Brute Force

Low

High

High

Low

Social engineering

Low

Medium

High

N/a

Hacking

Low

Medium

Medium

Low/Medium

Phishing

Low

Medium

Medium

Low

Vishing

Low

High

High

Low

Source: Opus Research

 

Higher level of security means that organizations can reduce potential losses and the risk of their reputation being affected. Biometric methods are also cost effective. In a long run, voice authentication is much cheaper than systems used today. The extra security of biometric passwords helps us verify user’s identity and exclude accounts being accessed by unauthorized individuals.  Moreover, an average verification takes 20 seconds less than classical methods. It cuts down on callers’ frustration and is thus likely to boost their loyalty. Better customer service also makes winning new customers much easier. Another advantage of biometric methods is  ease of use. When traditional passwords should be long and complex (e.g. include lower- and upper-case letters, digits as well as special characters). Furthermore, biometrics is language-independent. It is about how you say something rather than what you say. It means that the system may be adjusted to the needs of multiple international branches. The language that you use ceases to be relevant.

 

For Whom?

Biometric methods are widely used by banks, insurance companies, public administration and healthcare institutions. The financial industry uses biometrics mostly to verify customers’ identity at branches or for authorization as part of financial operations. In recent years, a number of Europe-based banks have launched pilot projects that address biometric payment systems. In 2011, such a project was launched by IS Bankasi A.S. of Turkey, which had previously delivered a number of biometric ATMs. In 2012, Banque Accord in France launched a pilot project at the Auchan hypermarket chain. The solution is based on a WPAN card from MasterCard and either of alternative biometric technologies: Finger Print and Finger Vein.

Implementation of biometrics allows public administration to further promote electronic transactions, get rid of paper-based processes and improve performance of public administration systems. An example of one of the largest biometric projects is the IDENT base managed by the Department of Homeland Security, Immigration Control & Enforcement (USA). In 2012, an average of 188,000 biometric enquiries were observed, and between 2004-2014, a total of 148 million.

A survey for 2012 published by the Ponemon Institute shows that 94% of hospitals in the US have experienced in the last two years at least one case of personal data breach. Authors of an article published in Journal of American Medical Association analyzed a data base of the Department of Health and Human Services which had data of over 500 companies leaked between 2010 and 2013. The article shows that 949 thefts occurred during that period, affecting 80 million information resources. The reports reveal that stolen information included receipts issued to patients and insurance information. Meanwhile, biometric tools enable medical data to be accessed with the highest degree of security. Those numbers, paired with new technical possibilities, show that biometrics is the future. Nobody can steal your voice or fingerprints.

 

Read the entire material here:

How Can We Help? 💬

Want to reduce the cost of your IT infrastructure? Need improved data security? Let’s chat.

Schedule a discovery call