In the quest to secure our identity in an increasingly connected digital world, biometrics is flourishing throughout the globe. According to a TechSci Research report, India’s biometrics market is projected to grow at a CAGR of around 31% during 2016 – 2021. Government, banking & finance, energy & power, and consumer electronics are the key end user segments where deployment of biometric systems is witnessing an increase, and this trend is expected to continue over the next five years. In many banking services markets, biometrics is successfully authenticating millions of users at the ATM while improving the user experience, increasing transaction security and delivering trust in transactions. Accelerated adoption of biometric authentication at the ATM and related banking solutions (such as securing government pension payments, teller transactions and the opening of new accounts) are in large measure because biometrics is the only authentication method that ‘binds’ a user’s digital credentials to a person – a critical capability for eliminating digital identity theft in an environment that has become increasingly complex and vulnerable to security threats.
Increasing security can create barriers to legitimate access, but biometrics bring security and convenience together, simplifying authentication while making it more robust and reliable. The technology has now advanced to the point that today’s fingerprint sensors can distinguish between legitimate and counterfeit biometric characteristics, a capability known as liveness detection. Another innovation allows the deployment of intelligent encryption-enabled and tamper-resistant fingerprint devices that further strengthen secure authentication and protect user privacy.
Biometrics authentication will only grow in importance moving forward. We live in an environment where each of us has a growing list of digital identities for an expanding set of applications, stored on a variety of ID cards, tokens, smartphones and other mobile smart devices. Again, biometrics has the unique ability to bind this multitude of digital identities to an individual’s single, true identity. The challenge is how to verify this true identity in a manner that is private, secure and non-intrusive. Biometric authentication solves this challenge, creating a more satisfying and convenient user experience while ensuring that transactions are trusted and secure.
The challenge of authentication at the ATM
Worldwide, ATMs generally require that users validate their identity with something they have such as a card, and something they know such as a PIN. This has been in practice for decades, but is increasingly vulnerable to fraud; the more digital credentials and identities we store on ID cards, tokens and smart devices, the worse the problem turns into. According to the Norton Cyber Security Insights Report 2016, 49% of India’s online population, or more than 115 million Indians, are affected by cybercrime at some point with the country ranking second in terms of highest number of victims. Only biometrics can securely bind these digital identities to the actual person with whom they are associated. Plus, every new digital identity is just one more element to manage, and one more threat to someone’s one, true identity.
In the last three years, public sector banks (PSBs) in India have lost a total of INR 22,743 crore, on account of various banking frauds. Banks are tackling the fraud problem with approaches like EMV cards. But only biometrics can confirm ‘who’ is actually transacting, and whether that person is a legitimate bank customer or a fraudster. To do this while protecting privacy and combating identity fraud, the biometric solution must use liveness detection to distinguish live fingerprints from fakes while ensuring that ATMs aren’t difficult to use. Biometrics binds a unique individual to his or her true identity, and determines ‘who’ is actually using the system, while eliminating the hassle and security risks of PINs and passwords. Biometrics also eliminates the need to carry or remember anything, allowing access and transactions with the touch of a finger. It is the only true means of making security more convenient while also linking or binding digital identities to the individual.
Moving forward, using biometrics to authenticate mobile payments and other bank transactions will likely become a very big market driver. As Gartner predicted, by 2016, 30% of all organizations would be using biometrics on mobile devices and has long upheld the conviction that biometric solutions are the must-have for enterprise mobile authentication. With applications like Apple Pay and initiatives from the FIDO Alliance and others, biometric authentication is becoming more prominent in consumer-facing applications.
Meanwhile, with new technology adoption comes new risks: as biometric applications become increasingly widespread, and are relied upon for securing personal transactions, deployed solutions are likely to be targeted for attack. Consequently, it will be increasingly important for those deploying biometric authentication to understand that not all biometric devices and solutions are created equal. For example, many ATMs are outdoor; in that case the biometric device at the ATM should be able to obtain high quality image under the conditions that are common in ATM environment such as dry, humid, ambient light, with large population and wide demographics. Considering major challenges such as high quality image acquisition, fake finger attacks, man in middle/ replay attacks, a thorough evaluation of biometric technology in target environment with target population is strongly recommended.
ATM transactions must be convenient, and all identities used to conduct them must be protected. Banks must balance and even combine security and convenience as they manage risk, and biometric authentication makes this possible.
It enables us to protect our one true identity in a way that is balanced, reasonable and efficient. Nothing in life is without risk but there are no longer valid technical or business reasons to rely on outdated security systems and practices. With biometrics, we can securely and conveniently use a myriad of digital credentials, knowing that our true identity is protected. We don’t have to forfeit security for convenience or vice-versa – we get both.
Sujan Parthasaradhi
Director of Biometric Applications,
APAC, HID Global
