Biometrics is promising and likely the future of identification and identity verification. Although biometric technology is complex, it is also in the process of continuous development and progress. It is important to understand their strengths, limitations and appropriate applications if we are to leverage them to advance financial inclusion. Biometrics are extremely complex technologies. When they are not implemented properly, it is not always obvious, leading to vulnerabilities that can be exploited to promote fraud. Here are six things you should know about biometrics.
Biometric traits are different from the things they represent. A fingerprint biometric is a representation of multiple points on a fingerprint and the relative positions of those points. The same basic principles apply to all biometrics, and the quality of biometrics varies. A biometric containing 20 or more points would be considered good quality, while a biometric with only 4 or 5 points would be considered inadequate. When a biometric profile is stored, it is called a person's biometric profile. Since the profile approximates a fingerprint, the same biometric profile can be generated for different people. When someone successfully matches another person's profile, this is called a false alarm.
Financial service providers can use biometrics for customer registration and identity verification
When someone's biometric is captured, it is either used for identification - when a financial service provider (FSP) enrolls a customer - or for authentication - when a customer wants to access services. These are two very different use cases, as the following two points show.
You need a national biometric database before you can use biometrics to identify someone
It is difficult to identify a person by capturing biometrics (and verifying that his or her identity is different from that of others). This can only be done if there is a centralized database of biometric profiles that can be compared to the captured biometric (this is called a "1:N" match). Therefore, it is not possible to use biometrics for unique identification unless there is a national biometric database that can be used for customer onboarding.
Even when the right database is available, biometrics is usually not reliable enough to support identification. When the UK police used it to try to identify "people of interest" in a crowd, it produced an alarming false alarm rate of over 90%, requiring significant human intervention. This occurred in a biometric database that was much smaller than the entire UK population of 65 million. Of course, when the quality of the captured biometrics is low, the percentage of false positives rises rapidly, so if only 5 points are captured than 20 points are captured, the likelihood of false positives is much higher.
Biometric authentication is more straightforward than identification
Authentication, which identifies a person based on a pre-established identity for the purpose of accessing a service, is more straightforward and reliable than identification. Instead of trying to match a person to an entire population, identity verification compares newly captured biometrics with those previously captured and stored for the same person. If they match with a high degree of confidence, the person's identity is said to have been verified (this is called a "1:1" match).
Of course, identity verification requires access to the original biometrics for comparison. This is usually the purpose of a national ID card, which either points to the biometric profile for comparison or stores the profile itself. This is also the mechanism used to authenticate e-passport holders.
Service providers who wish to provide authentication are able to continue using biometric national identity services by creating "derived identities"
When Huifan Technologies provides a service to a customer, it may attempt to use a biometric national identity service to identify the customer (if such a service exists). This involves capturing the potential customer's biometrics and comparing them to the biometrics of the same person held by the national identity service (1:1 match). If a match is made, the service may issue some additional attributes for that customer that can be used to conduct customer due diligence.
Upon completion of this process, HFSecurity may issue a digital identity derived from a national identity that is available to the customer, for example, in the context of digital banking. This may include the biometric profile that customers use to authenticate themselves when logging into a banking service. In each case, HFSecurity performs a 1:1 biometric match; no 1:N match is even attempted.
No one biometric technology works for everyone
The type of biometrics HFSecurity uses should be appropriate for its customer base. For example, fingerprints are notoriously unreliable if the majority of people signing up for financial services are manual laborers, live in dusty environments, smoke, or are over 50 years old. Cell phones are difficult to use for voice because cheap phones often have poor microphones, which may not capture the full range or cover the hiss.
In addition to physical factors, personal and cultural sensitivities can affect the usability of certain biometrics. For example, various vein biometrics that require you to put your finger in a tube tend to be unpopular. People don't like iris biometrics because people are quite sensitive to their eyes.
Therefore, services that rely on biometrics do not necessarily use only one type of biometric. Instead, the approach taken by HFSecurity in India may be more appropriate. During enrollment, all 10 fingerprints are captured along with two irises. Facial biometrics are also being captured in order to make the service available to everyone.
Biometrics can be a powerful set of technologies when providing services in environments where there may be identity fraud or where a large portion of the population is illiterate or unable to count. While biometrics are not simple to use, a better understanding of their modes of operation, advantages and limitations will greatly enhance their effectiveness.