“Owning Your Identity” Through Biometric and Passwordless Innovations
By Bob Eckel
This article first appeared on Cyber Defense Magazine.
Consumers around the world have become increasingly comfortable engaging with businesses digitally. Between 2020 and 2021, driven in part by the pandemic, the proportion of U.S. consumers using digital financial services grew from 58 percent to 88 percent. Ecommerce has also grown significantly, especially when it comes to mobile commerce; Forbes reports that by the end of 2021 mobile will make up about 73 percent of all ecommerce sales, up sharply from 52 percent in 2016.
Unfortunately, there is also risk to these business transactions going online. Malicious actors have taken note of this growth, and identity fraud schemes have escalated in response. Identity fraud scams – which typically trick users into giving away their username and password to sensitive accounts, including banking, credit cards, or online shopping profiles, accounted for $43 billion lost in 2020.
Bu in spite of this threat, consumers are growing increasingly frustrated with passwords. It’s understandable, given they now expect webpages to load in one to two seconds or less (including on mobile) – you can imagine that taking extra time to recall and input passwords can be aggravating. Authentication processes requiring customers to get codes sent via SMS or email before accessing their accounts may also result in users exiting online transactions; in fact, research shows that up to 60 percent of consumers do this for exactly those reasons.
Customers want the best of both worlds – superior convenience combined with the best security out there. Businesses have no choice to deliver, lest they lose customer confidence and revenue. Is there a way to meet in the middle?
Benefits of Biometric Security
Biometric authentication is a form of security that verifies an individual’s identity via unique physical characteristics. Customers who own an iPhone™ that can be unlocked with their fingerprint or face are already very familiar with this kind of security. It is extremely effective because it relies on a person’s unique physical characteristics to secure their data as opposed to something a user has – like login credentials – that can be shared, stolen, or lost.
Biometrics can also be used as a multifactor authentication tool, adding a level of security without adding significant processing time. Put simply, multifactor authentication is a method in which a user is logged in after successfully presenting two or more pieces of evidence – like a password, then a fingerprint – to an authentication mechanism.
To revert to our iPhone example for a moment, customers looking to purchase from the App Store not only have to enter their passcode but must also use facial or fingerprint ID to verify their purchase. It’s an extra level of security without adding noticeable time to the process. This time-saving benefit doesn’t just apply to customers accessing digital services; it can also be used for effectively onboarding remote employees and ensuring that employees who need faster access to systems can get what they need quickly.
Countering Concerns Around Implementation
At a higher societal level, some issues have been raised around the use of biometrics, particularly facial recognition. Citing privacy concerns, one large social media company recently eliminated its facial recognition capabilities. Simultaneously, a major airline announced they were working to expand their facial recognition-enabled offerings in scale and scope so more customers can experience a hands-free journey in the future.
The difference in societal response to the implementation of facial recognition can be traced to a series of security and procedural concerns. The majority of these concerns stem from the consent and transparency issues that often surround facial recognition use. Biometrics in the form of facial recognition can have huge benefits, when implemented properly. What does this mean?
Organizations should ensure that all procedures are clear, consent-based, have easy opt-in and opt-out options, and are transparent about what information is being used or collected. This enables users to “own their identities” and helps them feel secure in how their data is being collected and/or used. Additionally, organizations should only deploy the biometric technologies that are sufficient and accurate for the given use case. Furthermore, it’s important that humans review a biometric system’s results when making important decisions.
Additionally, organizations should work to ensure biometric data storage solutions are secure, anonymized and encrypted. Also, they should facilitate internal and external oversight of biometric technology deployments and require system operators to complete training on proper use. Along with these efforts, organizations should consistently conduct operational performance assessments when deploying these technologies – and keep doing it even after the initial launch. Lastly, it’s important to upgrade biometric systems to ensure the most accurate, secure and privacy-protective technologies are being used.
With biometric solutions, everyone benefits; companies can offer greater security and minimize risks, and customers and employees enjoy a faster, frictionless experience while still owning their digital identity. There’s no doubt that biometrics is the present and future of authentication, but it needs to be done in a manner that is consistent with privacy. By following best security practices and ensuring there is always a human element in place to mitigate potential failures, organizations can ensure that they themselves, their customers and employees all reap the benefits from these solutions
About the Author
Robert A. Eckel has been Chief Executive Officer and President of Aware (NASDAQ: AWRE) since September 2019. Mr. Eckel also serves on the board of directors for the International Biometrics + Identity Association (IBIA), and as a strategic advisory board member of Evolv Technology. Over his distinguished career, he has held many positions of note within the biometric and identity space, including: Regional President and Chief Executive Officer of IDEMIA’s NORAM Identity & Security division from 2017 to 2018; President and Chief Executive Officer of MorphoTrust USA, LLC from 2011 to 2017; Executive Vice President and President of the Secure Credentialing Division of L-1 Identity Solutions Company from 2008-2011; and President of the Identity Systems division of Digimarc Corporation from 2005 to 2008. Mr. Eckel has received his master’s degree in Electrical Engineering from the University of California Los Angeles, and his bachelor’s degree in Electrical Engineering from the University of Connecticut