When biometric technology first rose to prominence in the security sector, it was seen as something of a solution for high risk sites. In the intervening years, many biometric offerings have been ‘dumbed down’, with mixed results. However, is the technology about to be shaken up by an unlikely third party? Benchmark considers the future.
iometric technology – the use of a human behaviour or characteristic as an identification credential – has been in use for security purposes for many years. When it first appeared, it was prohibitively expensive for all but the highest risk sites.
Often, even if a customer could justify the cost, the personnel using the systems would often be unhappy or uncomfortable with the technology. Some thought it an invasion of privacy, others were concerned about communicable diseases, and one trial of an iris scanner at an air force base failed because of unfounded fears that the devices could be detrimental to sight.
It did not bode well for the adoption of biometric technology into the mainstream that some had predicted.
As time passed, costs fell and many users developed a better understanding of the various technologies. A few years ago there was a somewhat concerted effort to push biometrics, and specifically fingerprint recognition, into the mass market. The outcome was an increase in low cost readers, many of which delivered a poor degree of accuracy and questionable reliability.
Whilst acceptance of basic biometrics might have been on the up, the end result was that users’ expectations were not met. Over the years Benchmark has tested a number of biometric products, predominantly using fingerprint recognition, and with very few exceptions, which can be counted on one hand, found them to be disappointing.
Despite this, biometric technology and specifically fingerprint recognition have never had a higher profile. The driver has been the smartphone and tablet market. This is despite the technology having something of a questionable launch into the consumer sector.
Apple’s fingerprint scanner on the iPhone was compromised within two days of its launch, and every subsequent tweak has seen something of a race develop to see who can ‘break’ the upgrades first.
Apple has not been alone, with several smartphone manufacturers seeing fingerprint-based security being exposed. Whilst the reality is that much of the so-called ‘cracking’ of the systems is done with complicity, it doesn’t deliver a positive image of biometric technology. However, manufacturers increasingly see the use of biometrics as offering a potential alternative to passwords and PIN codes, and developments continue.
When Samsung launched the Galaxy S5 last year it claimed to have learned lessons from the failures of other manufacturers. Despite this, it took four days for the technology to publicly compromised. This led to some service providers, including PayPal, to issue statements to users in order to calm fears that their finances and other data were secure.
Whilst the fingerprint scanning technology used in smartphones is not exactly the same as that which is used in security, the two are inevitably linked. The smartphone industry swamps security-based biometrics in terms of revenue, and therefore developers will act faster for the handset manufacturers.
That the technology is increasingly being used for much more than unlocking a phone hints at the potential profits on offer, as well as the potential losses!
With a number of heavyweight businesses calling for increased development in biometric technology – the smartphone and tablet manufacturers have been joined by financial organisations and other service providers – the mobile data and communications sector will drive further innovation. Many of the emerging technologies will also be available to those delivering security-based solutions.
An indication of the types of biometric authentication being considered was given in a recent interview with Jonathon Leblanc of PayPal, in the Wall Street Journal.
Leblanc, who has been actively delivering a presentation entitled ‘Kill All Passwords’ to tech-based audiences in Europe and the United States, highlights the weaknesses associated with passwords and PINs, and identifies the potential role that advanced biometrics could play in future finance and service activities.
Many of the technologies he discusses have a passive approach, in that there is an element of interaction with the human body. Leblanc claims that fingerprint and eye characteristic scanning are ‘old hat’, because of the limitations and weaknesses of external body characteristics being used as a credential. Instead he looks towards internal body characteristics. These include the already established vein recognition technologies, but add in heartbeat monitoring along with the use of ingestible microcomputers which could use stomach acids to charge batteries, and biometric technology moves to another level.
For example, Leblanc makes reference to injectable microscopic devices which could be placed under a user’s skin. These could then monitor the heart’s electrical activity. The goal is to eliminate the issue with existing biometrics of false accepts and false rejects.
Whilst the use of passwords and PINs can be strengthened by additional technologies such as location services and existing biometrics, these have currently failed to prevent unauthorised access to finances and services. By moving biometrics to an intrinsically internal level, the ability to spoof a user’s identity is greatly reduced.
The ability to use technology to gather greater levels of passive biometric data is currently being exploited in the medical sector, and this includes involvement with many of the on-line service companies. For example, last year pharmaceutical company Novartis agreed a deal to develop a smart contact lens. The device can be used to measure glucose in tears, thus allowing diabetics to monitor blood sugar levels via a smart device. The originator of the contact lens technology was Google!
Considering the advances in body monitoring being made by the significant players in on-line services, and the financial clout of finance companies such as PayPal, the drive for developers to create advanced biometric technologies is growing every day. In a number of situations it is not a case of developing new ideas from the ground up, but more one of adapting technologies already in development to offer a greater degree of flexibility.
An element of fiction?
Leblanc’s message has been embraced by the IT and technology markets, but surprisingly it hasn’t yet made any ripples in the security market. This is despite the fact that future demands will be a significant driver to accelerated innovation.
For some the ideas bear all the hallmarks of science fiction, and if you take such a view they’re easy to dismiss. However, Leblanc makes it clear that behind every idea he discusses, there are already companies or start-ups working on projects to deliver the solutions to market!
Why does PayPal count?
When Jonathon LeBlanc, Head of Global Developer Advocacy at PayPal, discussed biometrics with the Wall Street Journal, it would be easy to dismiss his thoughts as being forward-looking guesstimates of a technologist, rather than defined goals signpost future developments. He admitted that PayPal was positioning itself as a ‘thought leader’ in the field, but added that the company was working with developers. He also added that PayPal was currently working with fingerprint scanning, and was ‘definitely looking at the identity field’.
PayPal is the largest on-line money transfer service, and in 2013 it handled transactions worth $160 billion. Its own revenues were in excess of $6.5 billion. The company has previously invested in businesses to help with fraud prevention. What is interesting is that PayPal sees fraud as a risk management issue than a criminal one. In short, it will invest to mitigate threats, and its ability to invest in the most secure methods will drive developers looking into advanced biometrics.
Where PayPal leads, the consumer and on-line markets will follow. This will create higher expectations for biometric solutions, and will subsequently impact on the electronic security industry.
While the words of Jonathon Leblanc might conjure up a futuristic vision for some, others will see it as a green light to create advanced technologies. After all, it’s a viable move if the customer is a global leader with a different approach to loss prevention!