- Security TWENTY
- Women in Security Awards
Ahead of the annual biometrics conference in London, we take stock of the biometrics market. Picture by Mark Rowe of graffiti art in London.
The subjects of talks at the Biometrics 2014 conference alongside the exhibition show security and non-security uses alike for biometrics. On day one, Tuesday, October 21, speakers include Brendan Crean, Programme Director, Home Office Biometrics Programme, at the Home Office. Day two, the Wednesday, will hear about UK and overseas experiences in identity schemes, border control (eGates) and payments over the internet. Chris Woodroofe, Head of Security and Business Continuity at Gatwick will offer an airport view; and Raoul Cooper, Technical Architect, Airport Futures and Operations Delivery at British Airways, an airline view.
One discussion will consider if biometrics are of particular use to the developing world as a biometric – whether a fingerprint or hand, or iris or retina scanned, or voice or face – is owned by more or less everyone, whereas far from everyone has a bank account or the prospect of access to one, let alone a bank card or PIN. In short biometrics – including on a phone – could be a way to get around shortcomings in banking uptake, and bring economic development. See for example the Mastercard identity card being rolled out in Nigeria, whereby at enrolment fingerprints, face and iris are captured: https://www.professionalsecurity.co.uk/products/id-cards/eid-card-for-nigeria/.
In China, the online payment company Alipay and telecoms product firm Huawei jointly launched a biometric security service for payments by mobile phone. Users of a new Huawei smartphone with a fingerprint reader will be able to make mobile payments without passwords using Alipay’s Wallet app. A biometric built into Huawei’s feature smartphone, the Ascend Mate 7, will be integrated with the Alipay Wallet mobile payment app. The biometric, including encryption and authentication managed by Huawei, will allow mobile users to confirm payments for goods and services with their smartphones, by swiping a digit instead of entering a code.
Chairing the conference at the Queen Elizabeth II Conference Centre in central London is Isabelle Moeller, Chief Executive of the Biometrics Institute. For the three-day Biometrics 2014 conference programme, visit – http://www.biometrics2014.com/resources/downloads/BIOM2014_Programme.pdf.
The institute believes that biometrics offers far greater security than passwords and can’t be stolen because they are physical features of a person. That said, as Moeller said recently, and as reflected in the speakers from civil liberties groups at the conference in October, biometric technologies must be deployed with security and privacy “front of mind”.
If brought in well, biometrics offer far greater security, privacy protection and user convenience than single-factor password protection or two factor non-biometric systems, according to the institute.
Moeller said: “Strong security relies on many factors of which a biometric can and does play an important part. Each security component has its vulnerabilities but together they build a much stronger link with your true identity.
“Security relies not only on one factor but on combining them, that’s why a) you need the second factor (which you can change) and b) you ensure you have liveness detection — to stop people making a fake. There are other techniques that could be explored by users for addressing the issue raised.”
She said there was no “one size fits all right way but what is clear is biometrics are and can complement a range of other technologies to provide highly secure and user-friendly solutions to help people, companies and governments conduct their legitimate business safely and easily”.
However, this had to be built on legislation, privacy-protecting best practice and, most importantly, trust of users and transparency, she said.
Voice case study
Nuance Communications, Inc. recently announced that Banco Santander Mexico has deployed the company’s VocalPassword voice biometrics product to replace PINs, passwords, and security questions in their automated phone system.
Nuance’s voice biometric is being used to confirm the identity of the bank’s customers – using just the sound of their voice. This is the first such customer-facing voice biometrics application in Mexico.
Customers who call in to the bank’s by phone can speak to be authenticated. Until recently, Banco Santander Mexico’s customers needed to remember passwords and PINs and often had to recall answers to security challenge questions, to gain access to their accounts. Now, customers speak the phrase “At Banco Santander, my voice is my password” to be authenticated by their unique voiceprint when they call into Santander’s interactive voice response (IVR) phone system. Since the introduction of Nuance VocalPassword at Banco Santander Mexico, more than 1.7m customers have enrolled. Work to enroll a larger base of Santander’s customers continue.
José Ignacio Zorrilla, Executive Director for Multichannel, Banco Santander México, said: “As the first bank in Mexico to deploy a voice biometrics solution in this way, we are able to offer our customers the exceptional experience that they deserve. The ability for customers to use their voice to gain access to their accounts is an easy and natural process, allowing the first point of contact with our bank to be enjoyable and hassle-free.”
It’s generally appreciated that some people are dissatisfied with current authentication methods, which typically require remembering multiple PINs, passwords, and security questions.
Robert Weideman, executive vice president and general manager for the Enterprise Division of Nuance, said: “With voice biometrics, banks have a real opportunity to change their customer experience for the better, while at the same time improving security. Our voice biometrics technology offers a dependable solution for companies like Santander to improve the overall experience for the consumer by allowing them to use their voice as a passphrase with the added benefit of proven security.”