With no physical borders constraining the digital world, any business can trade globally, and this creates enormous opportunities, but it also presents new threats and challenges. The digital frontiers we encounter online are things like trust, speed, accuracy and customer experience – these can all throw up barriers to business, but they can all be overcome with the right technology and data.
Businesses operating online must take care to ensure that the customers they encounter are genuine and they know who they are dealing with. From banking and financial services to healthcare and government services, as consumers and citizens, our biometrics are increasingly a passport to help prove who we are as we move around the digital world.
Biometric authentication is a secure personal identification process that uses our unique physical or behavioural characteristics to prove we are who we claim to be. It’s now commonly used in a variety of applications, including, device security, financial transactions, immigration controls and patient identification in healthcare.
The terms biometric authentication and biometric verification are synonymous and are often used interchangeably. Both involve the comparison of characteristics against a template or record, for example, a selfie or photo for facial recognition. Verification is often used specifically to describe identity proofing against an official identity document.
Biometric authentication systems can use a variety of different types of biometric data. Advances in capture and processing, coupled with the personal mobile devices we carry with us have increased the variety of methods of biometric authentication we encounter and increased the speed and convenience of these methods for businesses looking to build customer relationships based on trust.
These are some of the most common methods of biometric authentication:
Familiar to most smartphone users, fingerprint scanning is the most common type of biometric authentication. As a form of identification, fingerprints can be traced back as far as ancient Egypt. Today, fingerprint scanners can capture a high-resolution image, most commonly your thumbprint, that is hard to fake.
Facial recognition uses a camera to scan your face and compare it with an image to verify identity. Algorithms analyse, measure and map facial features and the space between them to create a faceprint. This faceprint is not a picture but a long, unique string of numbers, like an ID card number but much longer.
The distinctive colours and complex patterns in a person’s eye are unique and discernible from some distance. Iris scanning deploys camera technology and subtle infrared illumination to get up close, capturing detail-rich images of the coloured part of your eye combined with mathematical pattern-recognition techniques.
The complex pattern of the capillaries that connect in your retina at the back of your eye is as unique as a fingerprint. Considered a more intrusive process and less common than iris recognition, retinal scanning projects a low-energy infrared beam into the eye to map this pattern, converting it into a line of machine-readable code.
Voice recognition uses a microphone to capture your voice biometrics or the unique way you speak, like, your accent and the frequency and flow of your voice. Specialized software can distinguish and authenticate these voice biometrics when matched with a stored voice sample to verify your identity.
Voice recognition is often used alongside other forms of biometric security. Multimodal biometric authentication combines methods to create a more secure login experience.
These biometric methods of identification can also be combined with data-centric identity verification, layering on trusted third-party identity data sets to confirm your name, date of birth, and address, and establish trust in the long-term existence and credibility of your digital identity.
Biometric authentication works by using our unique physical or behavioural characteristics to assist in identifying us. There are three main steps to the process.
Detection
The first step in biometric authentication involves the detection and collection of biometric data. To begin the process, you might present your thumb to a fingerprint reader, your eye to a retina scanner, or take a selfie with your smartphone camera to detect your faceprint.
Detected data is then ‘normalised’, scaled or rotated to adjust for or correct distortions that may have occurred during collection, and aligned to a standard data reference set.
Normalised biometric data is then analysed to extract, measure and map the features or unique patterns that will be used for comparison. These could be your facial landmarks, iris texture patterns or the ridges, valleys and minutiae points of your fingerprint.
These features are transformed into a compact, digital standardised template, such as a faceprint, that can be used for comparison and matching.
In the final step of the authentication process, the biometric template created during analysis is compared to and programmatically matched to an authoritative source. In face recognition, your faceprint is compared to an image extracted from your identity document. If these two sources match, authentication is complete.
Biometric authentication alone does not deliver a definitive identity proofing process or promise to be 100% fraud-proof. But it’s a good start.
Trust in a customer identity presented to your business can be built and bolstered the more identity verification technologies and data sources are layered, one on top of the other. Liveness checks, identity data verification and transaction fraud detection can all be part of a secure, multi-layered approach to trust.
Liveness detection ensures that the person submitting biometric data is real and genuinely present at the time the data is detected and captured. In face recognition, this prevents the use of any impersonation tool such as photographic printouts, deep fake videos and silicone masks when submitting facial images.
The more evidence that an identity is genuine that can be obtained, the more confident your business can be in doing business with that customer.
Like all sensitive personal identity information (PII), biometric data needs to be protected, and if stored must be encrypted and only transferred via a secure encrypted channel.
Here at GBG, our own identity-proofing solution uses face recognition technology. This biometric authentication process doesn’t store the faceprint created in the analysis stage but removes it once the proofing process is complete.
Speed and convenience matter as much as security for successful brands looking to build customer relationships based on trust.
A great onboarding experience and a safe onboarding experience matter for business and customers, so a balance must be struck between your customer due diligence and your customer’s expectations of a secure and smooth journey.
Our FaceMatch technology provides real-time biometric authentication of potential customers presenting themselves to your business. Identifying against a set of 68 facial landmarks, FaceMatch adds an extra layer of biometric protection by making active and passive liveness checks, establishing the genuine presence of your prospective customer without disrupting her or his onboarding experience.
Altogether, our document and biometric solutions deliver a low-touch onboarding experience for businesses and customers. With access to global library of over 8000 identity documents, delivered via robust SDKs and zero text entry required for customers, the whole process can be completed in as little as 30 seconds, providing a strong digital defence against identity fraud.
Biometric authentication is highly effective, but not infallible. For example, fingerprint scanners can be tricked by using a fingerprint impression, facial recognition systems can be fooled by silicone masks and iris scanners can have trouble detecting certain eye colours or may not work well if you wear glasses or contacts.
Biometric authentication technology is not biased, but as with all AI and ML solutions, biometric algorithms benefit from and respond to training with varied and inclusive data sets. The latest datasets have reduced demographic bias, making biometric processes more globally inclusive and effective than first-generation solutions.
Biometric authentication technology has long been built into mobile devices and has become more widely available and affordable over time. Most smartphones have fingerprint scanners built into the home button and voice recognition is regularly used as an input to various smartphone apps.
Yes, this is good practice. An identity is made up of several different elements. By layering data checks, such as name, date of birth, and address, with documents, devices and biometrics, your business can build a better picture of your customer's identity and you can provide a better onboarding experience.
Biometric authentication is a more expensive solution than a simple password or PIN-protected system. As identity-proofing technology powered by biometric authentication has advanced, however, it has achieved a price point comparable with alternative identity verification solutions.
Hear from us when we launch new research, guides and reports.