Outsmart fakes

1 October 2014 Access Control & Identity Management

Many biometric readers claim to offer the ability to defend against fake fingerprints and to ensure only live prints, i.e. those attached to a human body are accepted, but not all deliver the goods. Here are five pointers on the concept of avoiding fingerprint spoofing in order to gain the best value for money from your biometric system.

1. Enrolment: True fake finger detection starts at the enrolment process. When recording or enrolling users’ fingerprint templates on the system, it is vital that the person tasked with managing the process is ethical, trustworthy and sufficiently certified or trained. An enrolment officer who allows users to enrol a rubber fingerprint is as dangerous as a network administrator who allows virus-ridden adult websites through the corporate firewall.

2. Optional fake finger detection: Not all biometric solutions offer lens based fake finger detection as standard. This is often a feature which needs to be specified at the proof-of-concept stage in a project to ensure that this optional functionality is included from the outset.

3. Finger and vein print combination: Fake finger detection doesn’t get much better than a device which offers vein and fingerprint biometrics in a hybrid reader as standard. A vein network can be read using unique reference points, which are virtually impossible to duplicate.

4. Fake ‘fake’ finger detection: Be cautious of vendors who offer rubber fingerprints as standard marketing gimmicks to enrol on biometric readers. Not only is this approach detrimental to the integrity and security of the identity industry, it is also a desperate measure to promote products which do not comply with international latent print best practice. Often the so-called ‘fake finger’ or ‘liveness’ detection on these products can be easily bypassed by holding a live finger on the edge of the sensor screen area to satisfy the capacitive circuitry and presenting a fake finger on the rest of the sensor screen.

5. International best practice: Vendors who dismiss the FBI standard as an irrelevant North American certification that does not apply to Europe or Africa are not only ill informed, but are also unscrupulous and unethical. The FBI standard is an internationally recognised minimum requirement for systems that are used in law enforcement and civilian identification.

If your biometric solution is FBI certified, it means that the electronic fingerprint record is an accurate representation of the actual latent fingerprint. Would you allow someone to record your name as Donald Duck on a database? If not then why allow them to inaccurately record your fingerprint on a biometric database. Worse still, if your bank uses fingerprint readers which do not comply with FBI standards, they may be opening themselves to widespread identity fraud and risk.

Also be extremely cautious of vendors who claim that their products are FBI certified when in reality only one or two of their product lines is certified and are not commercially available, while the reader model which they are offering you is not FBI certified.

Following these five rules will ensure that your choice of biometric reader makes it all the more difficult for those with nefarious intent to bypass the biometric processes you have in place to secure assets.

For more information contact Ideco Biometric Security Solutions, 086 104 3326, contact@ideco.co.za , www.ideco.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Disconnect between confidence in identity security and operational reality
Access Control & Identity Management News & Events
New FIDO Alliance and HID study reveals gap between identity security confidence and reality; 94% of enterprises claim they can revoke employee access within 24 hours, yet 35% experienced delays or failures in the past two years.

Read more...
Paxton Solo training available to security installers
Paxton Access Control & Identity Management News & Events
Following the launch of Solo, Paxton’s brand-new access control system, the security manufacturer is rolling out dedicated Solo training sessions across South Africa to support security installers working with the system.

Read more...
Controlling access for people and vehicles
IDEMIA STid Security Technews Publishing Editor's Choice Access Control & Identity Management Asset Management Industrial (Industry) Mining (Industry)
When it comes to access control, the security requirements of mines and the industrial sector are similar, requiring a layered approach that combines physical barriers, digital authentication, and continuous monitoring to protect personnel, assets, and operational continuity.

Read more...
Paxton launches new phone-based security system: Solo
Paxton News & Events Access Control & Identity Management
Paxton has officially unveiled Solo, a phone-based, cloud-hosted access control system. As part of the launch, installers can claim a free Solo starter kit from Paxton, allowing them to trial the system and see how it can work for their business.

Read more...
Taking control of IAM in the AI era
Access Control & Identity Management AI & Data Analytics
AI and Shadow AI are proliferating, creating a series of new risks for organisations. To gain control over who and what has access to corporate data, organisations need unified control over their entire environment.

Read more...
Impro announces Primo update
News & Events Access Control & Identity Management Integrated Solutions
Impro Technologies recently held a launch event in which it introduced a series of new products, from new readers through to its updated Primo access management software.

Read more...
If you cannot prove identity, you cannot claim security
Access Control & Identity Management Information Security
Cybersecurity planning for 2026 is a structural change in how attacks are executed and how trust is exploited, demanding that companies stop layering tools on top of infrastructure and instead prioritise intelligence and identity.

Read more...
Paxton set to launch game-changing new system
Paxton Access Control & Identity Management News & Events
Access control is evolving fast. Installers and end users are looking for systems that are simple to install, easy to manage remotely, and flexible enough to scale. In response, Paxton is exploring how emerging technologies can reshape access control.

Read more...
NEC XON secures mobile provider’s hybrid identities
NEC XON Access Control & Identity Management Information Security Commercial (Industry)
For a leading South African telecommunications operator, identity protection has become a strategic priority as identity-centric attacks proliferate across the industry. The company faced mounting pressure to secure both human and non-human identities across complex hybrid environments.

Read more...
Cloud security in visitor management and access control
SA Technologies Access Control & Identity Management Infrastructure Residential Estate (Industry) Commercial (Industry)
Cloud has become the default platform for modern security operations, from visitor management portals and remote access control to incident logging, reporting, analytics, and integrations. But “in the cloud” does not mean “someone else is securing it for us”.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.