Banking on biometrics security at the workplace: 5 factors to consider
By Danny Lim July 24, 2017
- Privacy is a significant concern among individuals using biometrics for identification
- Effective biometric authentication needs to be permanent, universal, distinctive, easy to collect
AS BUSINESSES undertake digital transformations, it becomes increasingly important to take steps to secure their data.
The propensity of a secure digital environment is largely being propelled by the rising demand for mobile and smart devices, cannibalising both enterprise and consumer markets. The need for enhanced security authentication leveraging on new technology tools offers significant advantages over traditional access controls.
Biometrics security is increasingly gaining interest as a key tool, and it is important for companies to know how best to harness its benefits.
The rise of biometrics in enterprise security
The government sector including border control, national identification and law enforcement agencies have been early adopters of biometrics. High-risk industries such as the banking sector are investing heavily in biometrics as well.
According to Frost & Sullivan, in 2015, banks and financial institutions spent approximately US$350 million on voice biometrics, with spending likely to double to US$700 million by 2019.
The need for data security has grown, as consumers and industries incorporate the use of electronics in everyday life. The propensity of a secure digital environment is largely being propelled by the rising demand for mobile and smart devices, cannibalising both the enterprise and consumer markets.
We are also seeing growing demand for biometrics applications for identity authentication and online transactions across multiple industries.
In Pwc’s Global State of Information Security Survey 2017, biometrics was cited by 40% of executives as the priority safeguard organisations will be looking into in the coming 12 months.
Understanding the challenges of biometrics security
Biometrics presents certain unique challenges that might not arise from conventional methods such as password or paper documents.
Privacy is a significant concern among individuals using biometrics for identification. Biometrics is also inherently device-dependent. Almost all biometrics features and applications required is device-specific for individuals to get access to their sensitive information.
Another challenge for biometrics users and solutions carriers is that because of the multi-party system, the need to establish a biometrics propriety solution can diminish especially when there are more than two or three parties in the same working environment process.
There are different users with varying roles, access needs, devices, and mobile device management profiles that are not controlled by the carrier. This could reduce standardization in working processes and policies, and decrease productivity due to lack of collaboration, resulting in poorer company performance.
Hence, new policy and biometrics security enhancement measures beyond devices are extremely important and essential for the future cybersecurity landscape.
The ultimate level of accountability: A hybrid approach to biometrics security
An effective biometric authentication needs to be permanent, universal, distinctive and easy to collect. Combining biometric authentication with existing access control, such as tokens, passwords or PINs provides the ultimate level of accountability.
With various biometric technologies available, organisations should consider five factors to select the most appropriate system: cost effectiveness, accuracy, ease of use, environment, and safety.
Choose a biometric system that is right for the organisation’s budget. Weigh the costs of implementing and operating the application against the potential returns of investment in terms of strengthened security, improved user experience, and decreased amount of time spent on maintaining the authentication method.
Accuracy is an important factor to consider while choosing between the various biometric technologies. It is based on several criteria such as the False Acceptance Rate (FAR) and False Rejection Rate (FRR).
FAR measures the percentage of invalid inputs that are incorrectly accepted. FRR determines the probability that the system fails to detect a match between the input pattern and a matching template in the database.
Ease of use
Each person should be able to use the biometric application regardless of age, gender, ethnic origin or profession. Users should also be able to use the application even if they are wearing glasses, contact lenses or a beard, using a wheelchair, have high or low blood pressure, illness, using oils or creams on their skins, or have external injuries.
Consider the physical environment of your organisation in which the biometric application will be implemented. Environmental factors such as temperature and humidity can affect the quality of data gathered.
Biometric applications should adhere to specified ISO standards, so that international authorities, institutes or organisations approve of the technology implemented. Should users be concerned with hygiene, organisations can consider applications such as palm-vein recognition technology that offer contactless operation.
The application of biometrics for identification across markets led by convergence trends affecting biometrics technology providers, ICT networks, security and cloud storage industries, at risk verticals such as banking, healthcare, and retail as well as OEMs and device manufacturers including smartphone makers is set to stay.
New developments and systems including encrypting biometric data on features like finger prints and palm-vein scanner technology can potentially be major security tools for the biometric industry. A strong and robust biometrics security authentication solution will help organisations secure their networks against unauthorised access, while also reducing the risk of attack from hackers and identity thieves.
Danny Lim is the head of Platform at Fujitsu Singapore.