Eye for I: How biometric technology is transforming our lives
Manufacturers of biometric devices must focus on innovation to stay ahead of cybercriminals in identifying loopholes and bridging gaps
Many of us recall entertaining episodes of television shows in the early 2000s, where biometric technology such as fingerprint and iris scanning were used to track criminals. The common man, in awe of it, believed that this application was limited to forensic investigations only.
However, it wasn’t too long before biometrics became a part of the daily lives of most individuals: employee attendance systems, eKYC, door access in offices, logging into systems and entering various secure premises were all dominated by biometric authentication. More recently, biometric authentication has been integrated in our mobile devices, banking transactions and government identifications; with an attempt to give higher-security control over critical data.
A number of traditionally time-consuming processes are now being automated by using biometrics. Biometric authentication technology is being used for access control or validating transactions. Globally, it is increasingly being used for mobile phone-based financial transactions. India has not been far behind in adopting this technology to its utmost potential.
Typically, biometric authentication uses some form of unique biological characteristics. Fingerprint scanning, iris scanning, and facial and voice recognition are some of the common forms of biometric authentications.
We can also use palm vein or full hand scanning, if needed.
Out of these, fingerprint and retina scans are more popular but face detection has also gained popularity as most devices now have high-resolution cameras.
Biometric authentication has made life easier for everyone. Workplaces don’t have heavy attendance registers anymore, the inconvenience of remembering different passwords on mobile devices is over and access to the office does not mandatorily require an identity card.
Individuals can access services, which in the past required a large amount of documentation and paperwork, by merely scanning their fingerprint. Even biometric-enabled door locks are now affordable, which come with a two-factor authentication process.
While biometric has been a front runner technology for mitigating potential risks, it has also given rise to a major concern: the security of biometric data, both when stored and when used. Biometric security has been a key topic of discussion at many forums with provocative debates on how this issue can be resolved. It is said that biometric-linked Aadhaar could help in cracking down on corruption linked to distribution of benefits. Earlier, a beneficiary’s identity could be easily manipulated by forging documents. With Aadhaar-linked biometric authentication, it would be easier for organisations to decipher suspicious patterns and combat fraud at an early stage. The use of biometrics in de-duplicating records and then cross linking them to other aspects of an individual’s transactions could potentially help in tracing irregular transactions, as biometrics cannot be duplicated. That said, with such a large biometric database being made accessible by the government for different services, the process of storing and authenticating the data has to be made more resilient to attacks. It is essential that adequate infrastructure, systems and processes are employed to safeguard the data. The manufacturers of biometric devices will be expected to focus on innovation to stay ahead of cybercriminals in identifying loopholes, and bridging gaps, if any.
The key to security is irreversible encryption. The scanners that are used to record biometric data must have an underlying software that safely converts it to a hash value that cannot be reversed to access the biometric data. This hash should then be transmitted to the server in an encrypted form and then matched with the originally recorded hash to complete the authentication.
Biometric data as a mode of authentication should ideally be used as one of the factors for authentication. A three-factor authentication process is recommended, based on:
• What you have: this could be a mobile phone, identity card, token, keys, or others, which the user would have in her possession;
• What you know: usually a password or pass-phrase, known only to the user;
• Who you are: the biometric information of the user.
Thus, biometric authentication when coupled with three-factor authentication process could help in mitigating cases of identity thefts and data leakages to a large extent. Further, innovations and developments in the field of blockchain technology can be implemented in the biometric system to provide safe storage and encrypted access, rather than using traditional databases.
The road ahead
Biometric authentication is being used innovatively in various authentication processes across different industries. It is also being used in mobile phones for authentication for mobile wallets, mobile banking apps, credit card payments and logging into secure websites or applications. Other applications of the technology include fortifying home, family and vehicular security; and tracking healthcare benefits and treatment.
In the near future, we can expect a lot many more innovations such as and when employees enter the office building using biometric authentication, the secondary function would be to immediately initiate her systems to boot-up so that when she reaches her desk, her system is ready to work just by logging in with a finger print scan or facial recognition. Ticket counters for travel could be a thing of the past, as payments could be made from the bank account of the traveller, identified and linked by their biometric scans.
Amit Jaju is executive director, fraud investigation and dispute services, EY India