Why your business should adopt biometrics

Source: Luca iaconelli/unsplash.

As the use of biometrics becomes more common, companies have sought to take advantage of this powerful identity detection technology. But some skepticism remains. Can facial recognition be faked to bypass security checks?

As the journey to full digitization accelerates, it is reasonable for organizations to question the security of biometric programs, but they must also question their assumptions about its effectiveness as an identity verification tool. . And it is the responsibility of vendors and solution providers to ensure that biometric programs are as secure as possible.

Is it easy to fool biometrics?

The most obvious way to try to spoof a biometric device is to provide a facsimile of a real person. For example, using a photo or video of a person instead of their real face. This is a scenario that has been considered by manufacturers of biometric systems for some time.

The internationally recognized ISO 30701 standard was created to address this issue. The standard covers presentation attack detection (PAD) – that is, attacks presented to a sensor like videos, images or masks to fool biometric detection.

When a biometric system complies with the ISO 30701 standard, the algorithms used to detect whether the system is seeing a real person in a real situation must be able to reject the presentation of a video or photo. This can be further reinforced by asking the person to perform a specific activity such as moving their head or eyes in a particular way.

This can thwart more sophisticated attacks where threat actors inject video directly into the app, bypassing the camera altogether.

There has been a lot of discussion in the media about the threat posed by deep fakes, but from the perspective of presentation attacks, deep fakes are just another type of video. They are subject to the same algorithms and PAD protections as any other type of attack.

Organizational security is ultimately about managing risk. The question to ask when considering and deploying biometrics is whether the risk of a deep fake or other spoofing method is higher or lower than the risk of other authentication methods less secured.

There’s no point in authenticating if you don’t know who is authenticating

Since the onset of the pandemic, companies have increasingly relied on online tools to manage remote teams, from recruiting and onboarding staff to accessing privileged resources and information. The overriding question that needs to be asked is whether the person on the other end of the video call or instant message is who they say they are.

Even if you’re 100% sure he’s a real person, how do you know he’s not falsifying an identity?

This is why any biometric solution must be based on a robust identity verification foundation. Think of it as the 100 point verification we do when opening a bank account. When a new employee is onboarded, it is important that their identity is properly validated before they receive a biometric ID.

Biometrics greatly reduces the risk of compromised user accounts, as it is extremely difficult to compromise a verified biometric identity.

An authentic and reliable digital identity

We don’t often think about it, but when we meet someone and they identify, our default position is to believe they are who they say they are. Trust is at the heart of every business interaction. Systems that control access to everything from the office front door to corporate bank accounts rely on technology to determine that trust.

In most organizations, people have at least two, and often more, IDs that they use every day. These can take the form of passes to enter buildings or protected areas, and passwords to access different applications and systems. Each of these elements must be maintained and constitute a potential entry point for threat actors. Verizon’s annual data breach investigation report reveals that the majority of information security incidents begin with a single user’s identity being compromised, with the proportion of attacks initiated this way increasing each year.

Biometric credentials, backed by a robust identity verification process, provide businesses with a reliable and secure way to verify identities and provide access to physical and virtual environments.

Deep fakes may concern celebrities and others whose likeness may appear in unwanted situations. But for businesses looking to improve their security posture, biometrics reduce the risk of a compromised identity leading to unauthorized access to your premises or systems.

Blair Crawford is CEO and founder of Daltrey.

About Roberto Frank

Check Also

Facial analysis still biased, the press still confusing it with facial recognition

A University of Maryland assistant professor audited major facial recognition services of government technology claims …