printer friendly version

BiometriX Round Table 2021

Ten years ago, Hi-Tech Security Solutions hosted its last BiometriX conference, focusing on biometrics and its application in South Africa. At the time, fingerprint biometrics were all the rage and adoption rates were skyrocketing, making the country a global leader in the rollout of fingerprint biometrics.

Today, 2021 is a different world and technical advances and the coronavirus have changed everything. The Hi-Tech Security Solutions team thought it would be a good opportunity to host another conference on the topic of biometrics (especially touchless biometric options), but Covid regulations made that idea a non-starter. Instead, we decided to host a round table discussion at the Indaba Hotel in Fourways where we asked a variety of people in the industry to talk about how biometrics has changed over the years and what they were experiencing in the market.

IDEMIA sponsored the event, but unfortunately the company’s regional director of sales, Nicolas Garcia, had to miss the discussion as he was out of the country. Hi-Tech Security Solutions asked him to comment independently and his comments are included in the article following.

The attendees represented a broad range of companies, from manufacturers to system integrators and even a company that offers access and identity services via the cloud. We started the discussion by asking each attendee to give some insights into how the industry has changed from their perspective over the past few years.

Walter Rautenbach, neaMetrics

Walter Rautenbach.

Walter Rautenbach is MD of neaMetrics, the Suprema distributor in 21 African countries as well as a software development house focused on identity solutions in the enterprise and government space. neaMetrics is involved in a number of projects, such as the Namibian driver’s licence and the local police clearance system, as well as work with many companies requiring digital identity operations.

From his perspective, Rautenbach says the market has matured over the years along with the various biometric technologies. While Suprema has been offering facial recognition for many years, Rautenbach says it was more of a convenience feature in the pre-Covid days, but now touchless biometrics within access control is seen as a necessity in many organisations.

When the whole touchless idea first started, many companies did not have the funds to replace their access points with facial recognition points, so many of them opted to revert to card-based systems. However, neaMetrics is seeing more new installations going the facial recognition route, driven by the pandemic, but also by the much-improved accuracy and reliability of the technology compared to 10 years ago. At the same time, the idea of using a mobile device for access control is also starting to attract interest.

From a Suprema perspective, all these options are readily available, but the rollout depends on customer requirements and the integration capabilities of SIs and partners to bring secure identity authentication into their solutions.

Martin Meltz, Ideco

Martin Meltz.

Martin Meltz is the channel lead at Ideco, a company focused on identity, representing various vendor technologies in creating solutions and operating through a channel model. Meltz has a long history in the IT world, but has been in the security and biometrics world for about four years. Even in that short time, he has noticed that organisations have become more aware of the value of identity in protecting themselves and their staff, using biometrics for everything from basic access control to more complex time and attendance (T&A) and business optimisation programmes.

He says the market today is being driven by many external factors, the most obvious being Covid, but also issues such as government regulations and restrictions. When lockdown hit the first time, there was an immediate panic and the belief that ‘touch’ biometrics would spread the virus. Many went back to card-based access and some even reverted to leaving their doors open to allow free access. Those who opened their doors quickly realised the risks and those who opted for cards are now questioning the decision as they realise the risks inherent in card-based access (of course, depending on the specific environment). As more people understand the risks, options are being weighed more calmly.

As a result, fingerprint biometrics is making a comeback, both contact and contactless, as the risks are better understood and Meltz believes they will be the standard for some time to come. Many were weighing facial recognition, but here is still a bit of uncertainty about the technology. He says some companies realise the benefits of facial recognition biometrics and are asking for multimodal solutions, including fingerprint and facial that will allow them to migrate to facial recognition in future.

Meltz also makes the point, one echoed by the other attendees, that a lot of time and money was spent on ‘ticking the box’ when Covid hit. This resulted in buying technology that wasn’t really suited to the task, an example being temperature and mask checking systems. Some examples include people installing systems that were supposedly able to check the temperature of a visitor through a car window.

Linda Glieman, Nextec

Linda Glieman.

Linda Glieman is the business unit manager, workforce management for Nextec Security and Building Solutions, a system integrator that covers electronic security, IT infrastructure and more. The company focuses on biometrics in the access control and workforce management space. Nextec also saw many companies panic and revert to using cards and generally relaxing their access control processes. However, when it comes to T&A, companies are not able to relax their processes as workers still need to clock-in.

With the panic over, many companies are re-evaluating their T&A; and workforce management options in terms of biometrics and especially touchless solutions, with many enquiries about facial recognition now coming in. As part of the re-evaluation, Nextec had to be very agile in the development space as customers asked if their existing software and management systems could be integrated with the variety of new products and solutions on the market – such as touchless biometric systems and temperature sensing, even those who were just ‘ticking the box’.

The key is that companies are looking to take the next step and even though facial systems, for example, have been around for a long time, they are now being considered as a serious alternative. This has put pressure on SIs to focus on development and integration, but Glieman expects ‘mobility’, or the use of mobile devices for traditional access, T&A; and even workforce management to be a growth market in future.

Shaun Gates, G4S

Shaun Gates.

Shaun Gates is the national sales manager for G4S Secure Solutions. He has also had many years in the T&A; management space and has been involved in solutions created with a number of brands for the company’s client base. Gates notes that solutions used to be very T&A; driven, but nowadays the move is towards compliance issues – initially the Covid ‘tick box’ approach which required integration with a variety of solutions, which also produced a variety of results.

Today the panic has subsided and many clients are comfortable going back to their biometrics (fingerprints) systems as we realise that although people may touch the biometric readers, they also touch the turnstiles and door handles and buttons in the lift etc. The approach is more considered now and although facial biometrics or other more modern touchless technologies are attractive, one can’t simply rip out hundreds of biometric units and replace them. They are in the longer-term picture, however, resulting in many hybrid solutions incorporating new and old technologies becoming the norm.

While fingerprints are back in use, Gates also sees mobility growing in terms of interest from customers.

Johan van Heerde, Skycom

Johan van Heerde.

Johan van Heerde is the general manager at Skycom. He says the result of Covid was that Skycom had a lot more integration work to do as customers from all over wanted to integrate readers, of almost any type, into their access and other management platforms. The two main areas were firstly security integrated with health and safety, but also compliance, which became critical after March 2020.

This created some headaches and Skycom tried to take the approach of educating its customers as to what they should be looking at. The problem with integrating almost any biometric readers with other systems is that not all readers are created equal and the ‘cheap-and-nasty’ products, although they look good on the budget, require more support and call outs, which benefits no-one.

When the initial panic about touching biometrics appeared, the first option was to use cards again, but this saw chaos in some environments where anyone could ‘borrow’ a card and come on site, which naturally has security and payroll consequences, but also health and safety consequences on dangerous sites like mines. Skycom focused on helping clients to overcome this and saw an increase in interest in facial products, which it was able to assist with its existing integrations into Suprema and IDEMIA systems.

The result was many hybrid installations where systems were upgraded to cater for pandemic rules.

Matthew Chalmers, iPulse Systems

Matthew Chalmers.

Matthew Chalmers is a key account manager at iPulse Systems. While the pandemic and the uncertainty over touching biometric readers was bad news for the industry as a whole, it also led to innovations which added value to customers. One example is a new UVC light product which iPulse uses on its fingerprint readers after each use, which kills any potential viruses on the scanner. (Ideco has a similar solution, www.securitysa.com/12207r). He also authored an article (www.securitysa.com/14316r) showing that research shows that Covid is not as easily transmitted by touch.

In the long run he sees a bright future for fingerprint biometrics as it is a proven standard and still used in a variety of identity mechanisms, from national identities to banks. Facial is of interest, but it will take some time before it becomes mainstream. Additional touchless technologies – such as palm readers will find a place in logical access, authorising transactions and logging into your computer for example.

He also says the future is about adding value. A well-known example would be using biometrics for access control and then integrating that into T&A; and going further with workforce management and other types of solutions and integrations where biometric identity will form the basis for physical and logical access and operations.

Gary Chalmers. iPulse Systems

Matthew Chalmers.

Gary Chalmers, CEO of iPulse Systems demonstrates how the industry is changing by describing how iPulse has changed over the years. A decade or more ago, iPulse was a hardware manufacturer, selling readers via the channel, but quickly realised that playing the price game was not something he wanted to do for the long term. The company then began migrating to the cloud, creating a fully integrated, cloud-based (or services -based) identity management solution based on biometrics.

Chalmers says this change is happening everywhere. In the ‘old days’ of the industry, you were dealing with someone managing security or facilities and the job was to open and close doors. And of course, price was the primary issue. The change he has seen is that the industry has migrated from a security industry to an IT industry. iPulse has migrated its entire infrastructure to the cloud and everything is run by technology.

The company is at a point where it provides its hardware for free (and managing them remotely or swapping them out if a remote fix is not possible), charging customers a monthly fee for the service/s it provides, based on centralised control over distributed IoT devices.

Paying for a service

In the general discussion, the attendees all agreed that in the access and even in the surveillance industry, the number of customers moving away from the old model of buying a specific camera brand or stressing about the technical specifications they require is diminishing (except in specific cases). This is being replaced by a focus on services, as noted above, where the client wants a specific service that produces a specific result. The technology or integration is becoming less of an issue because the services model is all about the results and how it all works together is the service provider’s problem.

As more companies adopt this approach, the service providers will be tasked with service delivery, not maintaining a fingerprint reader or any other technology. Using T&A; as an example, the HR or financial department wants accurate statistics so that it knows it is paying people who actually were on site for the time specified. Whether the technology costs R10 or R10 000 is irrelevant as they are paying per month for those statistics to be automatically imported into their payroll.

If the service provider decides to install cheap technology, that’s fine as long as it supports the client’s requirements. If it is often faulty, there will be regular trips to the client site and expensive support bills for the service provider (because the client is paying for the full service). There is also the potential of penalty clauses in the SLA.

Moreover, if one company can’t handle the task, the service can be shifted to another company relatively easily – of course, depending on the contract and whether the client has allowed themselves to be locked into long-term contracts with inadequate SLAs.

There are still those focused on negotiating deals based on price per device, but the trend to buying integrated solutions (to use an old cliché), is fast taking over. As Chalmers puts it, we are in the era of micro-services where devices and software communicate and the data they collect and process forms an integral part of the service as a whole. One does not buy an email server to run onsite anymore, but you buy an email address and the service (servers and more) are handled by the provider somewhere else.

The move to services has been somewhat slower in South Africa, but it is gaining momentum and the industry, from customers to SIs to manufacturers need to be on board.

The old integration chestnut

Naturally, while the customer can demand a service irrespective of what is happening technology-wise in the background, Rautenbach notes that the integration capabilities of products is more important than ever, as is the ability of companies to make those integrations work seamlessly for clients. The availability of SDKs and APIs is therefore a critical aspect for vendors if they want their systems to be part of the services market.

If you make it hard to integrate your facial reader into someone’s T&A; solution, for example, they have other options. However, making integration as simple as possible (and reliable) is seen as a value-add

for SIs and other service providers who want to ensure their solutions run smoothly and don’t require inordinate attention for upgrades or bug fixes.

Van Heerde echoes this, noting that it is more than integration into devices. Even a simple T&A; system will need to integrate with SAP or some other financial platform and you don’t want each project to be a technical or programming nightmare.

Enrolment via selfie

While technology has advanced impressively over the years, the process and credibility of enrolment is vital to the entire process and all the services one may use biometrics for. There are companies that allow one to open a bank account by enrolling remotely via a selfie on your mobile phone, but is this credible enough?

Gates agrees that the credibility of the enrolment process is critical. There have been cases of collusion even at this level where someone enrols one finger for themselves and another for someone else to allow the system to report that two people are at work when only one is there in reality.

The more serious the environment or purpose of the biometrics (of whatever modality), the more important the enrolment process is. You can’t, for example, fax a copy of your fingerprint to Home Affairs in order to get an ID book – we hope.

That’s not to say selfie or other remote enrolment processes are unreliable, but one has to take care and ensure the process is developed with reliability and credibility in mind. Biometric-based T&A; became popular because it removed the potential for buddy-clocking and other payroll fraud, if your biometric enrolment is not reliable, those crimes can again occur in a different manner.

The same applies to managing the information collected, an obvious statement in the age of PoPIA, but the integrity of the authenticity and security of data throughout the operational processes of a company must be ensured for the value and ROI of the services to have meaning.

Services like Secure Citizen (www.securecitizen.co.za) is focused on assisting in this area using multiple biometrics modes specifically to ensure the credibility of the enrolment process. In addition, constant evaluation is also important. The reality here is that government is unable to effectively manage this and so we are seeing many ‘micro-services’ pooling information to assist in developing what many call a ‘digital identity’.

When verifying a person’s face, the government may only have an old picture or a poor-quality image, but social media has many images and people are generally quite specific in accurately identifying themselves on these platforms. And if they lie, they are almost always not consistent, making it easy to spot a problem. Moreover, you may not update your address with Home Affairs each time you move, but courier companies will always have your latest address because you want to be sure you get what you buy online.

Combining, or integrating these bits of information along with biometric enrolment data creates a very accurate picture of a person, the Digital Citizen, which can be used in a variety of ways to prove identity, prevent fraud and other processes, but this needs to be done taking privacy laws into consideration or with the informed consent of the individual.

Covering a long conversation such as the round table in an article is always difficult, and this discussion covered a variety of topics, some of which can’t be printed. Hi-Tech Security Solutions would like to thank the participants for their time and input. We also thank IDEMIA for sponsoring the event.

The consensus is that biometrics is an industry on the cusp of tremendous innovation, but this innovation is not confined to the biometric modalities themselves, but the broader processes and services that biometric identities can serve, as well as more that will become part of the services world in the future.

Share this article:

Further reading: