Five common misconceptions about biometric access control

SMART Access & Identity 2024 Access Control & Identity Management

In 2022, the digital identity solutions market was valued at US$28 billion. By 2027, this is expected to rise to more than US$70 billion1. Biometrics are everywhere now; 80% of smartphones have biometric authentication enabled. This technology is used in banks, law enforcement, airports, healthcare, and daily interactions, but how much do you know about it?

For a topic that is so frequently a source of debate in the access control field, it is surprising how many myths about biometrics persist. CDVI looks at some of the most common misconceptions.

1. Biometric information can be stolen

Biometric technology uses measurable human characteristics to determine and authenticate identity. It uses physiological factors to distinguish between people. The characteristics that are commonly used for biometrics include:

• Fingerprint patterns

• Facial features

• Voice sounds

• Iris patterns

• DNA make-up

• Hand markings

One of the most significant plus points for biometrics is its inherent higher level of security. An access control system that uses cards, tags, or keypad codes is subject to added risks. Cards can be stolen, tags can be lost, and keypad codes can be forgotten or misplaced. Despite the above very prevalent misconception, your biometrics cannot be stolen.

Someone cannot physically steal your fingerprints, voice, or iris patterns. These factors can be cloned, but not stolen. Any decent biometric security system will have features to identify and repel spoofed or cloned credentials.

For example, ievo fingerprint readers are certified ISOPAD Level 1 compliant. This means that they successfully identify and deny access to fake fingerprints. In addition, ievo readers have liveness detection built in. This technology identifies whether the finger presented to the reader is real skin with live blood flow before granting or denying access.

Biometric information can be copied. It cannot be stolen.

2. Facial recognition is an infringement on my privacy

There are two types of facial recognition systems: one-to-one and public. This distinction is essential for breaking down this widespread misconception.

Public facial recognition systems are those used in places such as casinos and airports. They are generally used for surveillance purposes. Large numbers of faces are scanned and analysed constantly to identify and flag any known individuals. Many people believe public facial recognition systems infringe on their right to privacy.

This is where the myth kicks in. While public facial recognition remains controversial, one-to-one facial recognition is an entirely different matter. These are the kinds of systems used for access control purposes. One-to-one facial recognition does not scan crowds of unknown people and pick out individuals. They do not have access to any other database besides their own internal system. Therefore, the only faces it recognises are people who manually registered their faces onto the system.

Registering your face on a one-to-one facial recognition access control system does not infringe on your privacy. The database of faces cannot be sold or stolen, and no other unconnected device will be able to recognise your face as a result. If you are still uncomfortable registering your face, many facial recognition systems, such as the ievo iface, offer traditional card-swiping technology.

3. My data is at risk in biometric systems

Many people believe that biometric security systems are risky. If your fingerprint image was stolen or hacked, you cannot just replace it like

you can a swipe card or keypad code. It is an understandable fear. But fortunately, it is not one you need to worry about.

Every security system is different, so we cannot speak for all of them, but we can tell you that your data is safe with ievo biometric solutions.

Presenting your finger to an ievo reader ensures a highly detailed photo of your fingerprint. The reader analyses the image and identifies up to 100 tiny details called minutiae. The pattern of those minutiae is used to create a digital template representing your fingerprint. The original image is permanently deleted and cannot be retrieved in any way.

The template that ievo readers create is proprietary. We also use a high-security algorithm to enrol, extract, and match data. That means that even if someone could get hold of the template (which is unlikely), it is useless to them. The template cannot be reverse-engineered to generate an image of your fingerprint. It cannot be used in any other fingerprint recognition systems, either.

Why is it unlikely that someone can steal a fingerprint template? Because there is no data whatsoever stored on the ievo reader. It would be completely useless, even if someone ripped the reader off the wall and ran away with it. All fingerprint templates and other data are stored on the ievo Interface Board. This is a separate module installed away from the reader on the secure side of the door. Even if someone butchered a door and a wall and somehow managed to find the Interface Board, the data on it is still useless to them, thanks to our algorithm protection.

Your biometric data is not at risk if it is in the right hands. ievo solutions protect it robustly.

4. Biometric technology is unreliable

There are two primary measures of the reliability of biometric technology. False Acceptance Rate (FAR) and False Rejection Rate (FRR) indicate how often a system recognises someone it should not, or fails to recognise someone it should. For a long time, the reliability of biometric technology has called its reputation into question.

This is no longer the case. While early biometric recognition systems struggled, technology has come a long way quickly. Sensors are significantly better today than they were 20 years ago. Data can be captured and analysed in much more detail, much more rapidly.

Today, most biometric system manufacturers have to make a conscious choice to prioritise either high security or user convenience. This really depends on where the biometric authenticator is located and what it is for. For example, false acceptances are extremely dangerous in a military facility and cannot be tolerated. In this environment, it matters less if authorised people have to try a few times before being granted access, as user convenience is not as essential as security.

However, if your mobile phone’s fingerprint reader also prioritises security, having to scan multiple times to unlock it would be frustrating. So, it is probably more likely that your phone would allow a higher FAR to make the user experience as smooth as possible.

It is impossible to guarantee 0% FAR and 0% FRR. Many biometrics manufacturers now advertise 0.0001% or lower error rates and biometrics is a lot more secure than passwords; 80% of data breaches still occur due to weaknesses with traditional passwords2. People write them down, tell them to someone else, auto-fill them, and forget them.

Twenty-one percent of Americans admit to resetting passwords more than once a week.

Biometrics is far more reliable than you think.


5. Biometric solutions are too expensive

For many, biometrics still feels like a futuristic, high-tech, Mission Impossible solution, and they assume that that means expensive.

It is all about perspective. The technology and components in biometric access control solutions are indeed newer and generally pricier than traditional card readers. However, looking at the medium- and long-term view, you might save money.

Firstly, there is no ongoing cost of a biometric solution. It is installed, it is used, and that is that. For card readers, that is very much not the case. People do many things with swipe cards: they lose them, forget them, damage them, or have them stolen. With card readers, while the upfront cost might be lower, you are committing to constant ongoing costs to replace or replenish stocks of cards or tags, not to mention the cost to the environment of constantly producing more (usually plastic) cards.

Secondly, there is the future-proofing factor. Investing in forward-thinking technology means it will work better for longer. Biometrics offers higher security and higher technology that increase the practical lifetime of a newly installed system. Opting for a cheaper card-based system, based on older technologies means are already playing catch-up. That might mean you have to rip and replace a system again in the not-so-distant future – with all the added costs that brings.

Things are changing

Understandably, people have reservations about biometrics. They are worried about security, data protection, reliability, and cost. Often, those worries are based on outdated information and technology experiences. Today, biometric solutions are viable, robust, and, dare we say it, cost-effective access control solutions.

For more information contact www.cdvi.co.uk

[1] https://www.statista.com/topics/4989/biometric-technologies/

[2] https://cybersecurity.asee.co/blog/password-statistics-that-will-change-your-attitude




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

A platform for access and identity at Securex 2025
Securex South Africa Access Control & Identity Management Facilities & Building Management
South African companies involved in supplying access control technology, security services, and data management are well-positioned to tap into the expanding access control market at Securex 2025.

Read more...
Background checks: risk levels and compliance
iFacts Access Control & Identity Management Security Services & Risk Management
Conducting background checks is a vital step in the hiring process for employers or when engaging service providers; however, it is crucial to understand the legal framework and regulations governing these checks.

Read more...
Insurance provider uses Net2 For access management
Paxton Access Control & Identity Management Integrated Solutions Healthcare (Industry)
BestMed selected Paxton Net2 for its access control requirements because of its simplicity of installation and ease of navigation for end users, as well as the 5-year warranty.

Read more...
Identity is a cyber issue
Access Control & Identity Management Information Security
Identity and access management telemetry has emerged as the most common source of early threat detection, responsible for seven of the top 10 indicators of compromise leading to security investigations.

Read more...
Embracing contactless access solutions
HID Global Access Control & Identity Management
There has long been a discussion of the perils and virtues of authentication factors. Is it more secure to use something we have (a key card), something we know (a password), or something we are (biometrics)?

Read more...
Smart access for a safer community
neaMetrics Suprema Access Control & Identity Management Residential Estate (Industry) Products & Solutions Commercial (Industry)
Suprema has released its BioEntry W3 facial authentication access control device with multiple authentication options, including RFID cards as well as mobile credentials, designed for durability and resilience.

Read more...
The power of knowing your client
Ideco Biometrics Access Control & Identity Management Integrated Solutions
One of the most effective ways to combat the threat of fraud, identity theft, and financial crime threats is through a robust Know Your Client (KYC) process, which safeguards both businesses and clients.

Read more...
Smarter ways to secure your space
Elvey Security Technologies Access Control & Identity Management Products & Solutions
Ensuring the safety of people and assets has become more crucial than ever, and access control systems provide essential tools to regulate and monitor who can enter specific areas or access sensitive resources.

Read more...
Facial recognition in national security
Access Control & Identity Management Government and Parastatal (Industry)
As global security challenges evolve, facial recognition technology provides a vital edge by turning our unique identities into powerful assets for national defence and changing a sea of anonymity into a line of defence.

Read more...
Federated identity orchestration
Technews Publishing SMART Security Solutions Editor's Choice Access Control & Identity Management Security Services & Risk Management AI & Data Analytics
Understanding exactly who resides at the end of a digital device is key, and simple identity number verification by the Department of Home Affairs is no longer a viable solution on its own.

Read more...