printer friendly version

Five common misconceptions about biometric access control

In 2022, the digital identity solutions market was valued at US$28 billion. By 2027, this is expected to rise to more than US$70 billion¹. Biometrics are everywhere now; 80% of smartphones have biometric authentication enabled. This technology is used in banks, law enforcement, airports, healthcare, and daily interactions, but how much do you know about it?

For a topic that is so frequently a source of debate in the access control field, it is surprising how many myths about biometrics persist. CDVI looks at some of the most common misconceptions.

1. Biometric information can be stolen

Biometric technology uses measurable human characteristics to determine and authenticate identity. It uses physiological factors to distinguish between people. The characteristics that are commonly used for biometrics include:

• Fingerprint patterns

• Facial features

• Voice sounds

• Iris patterns

• DNA make-up

• Hand markings

One of the most significant plus points for biometrics is its inherent higher level of security. An access control system that uses cards, tags, or keypad codes is subject to added risks. Cards can be stolen, tags can be lost, and keypad codes can be forgotten or misplaced. Despite the above very prevalent misconception, your biometrics cannot be stolen.

Someone cannot physically steal your fingerprints, voice, or iris patterns. These factors can be cloned, but not stolen. Any decent biometric security system will have features to identify and repel spoofed or cloned credentials.

For example, ievo fingerprint readers are certified ISOPAD Level 1 compliant. This means that they successfully identify and deny access to fake fingerprints. In addition, ievo readers have liveness detection built in. This technology identifies whether the finger presented to the reader is real skin with live blood flow before granting or denying access.

Biometric information can be copied. It cannot be stolen.

2. Facial recognition is an infringement on my privacy

There are two types of facial recognition systems: one-to-one and public. This distinction is essential for breaking down this widespread misconception.

Public facial recognition systems are those used in places such as casinos and airports. They are generally used for surveillance purposes. Large numbers of faces are scanned and analysed constantly to identify and flag any known individuals. Many people believe public facial recognition systems infringe on their right to privacy.

This is where the myth kicks in. While public facial recognition remains controversial, one-to-one facial recognition is an entirely different matter. These are the kinds of systems used for access control purposes. One-to-one facial recognition does not scan crowds of unknown people and pick out individuals. They do not have access to any other database besides their own internal system. Therefore, the only faces it recognises are people who manually registered their faces onto the system.

Registering your face on a one-to-one facial recognition access control system does not infringe on your privacy. The database of faces cannot be sold or stolen, and no other unconnected device will be able to recognise your face as a result. If you are still uncomfortable registering your face, many facial recognition systems, such as the ievo iface, offer traditional card-swiping technology.

3. My data is at risk in biometric systems

Many people believe that biometric security systems are risky. If your fingerprint image was stolen or hacked, you cannot just replace it like

you can a swipe card or keypad code. It is an understandable fear. But fortunately, it is not one you need to worry about.

Every security system is different, so we cannot speak for all of them, but we can tell you that your data is safe with ievo biometric solutions.

Presenting your finger to an ievo reader ensures a highly detailed photo of your fingerprint. The reader analyses the image and identifies up to 100 tiny details called minutiae. The pattern of those minutiae is used to create a digital template representing your fingerprint. The original image is permanently deleted and cannot be retrieved in any way.

The template that ievo readers create is proprietary. We also use a high-security algorithm to enrol, extract, and match data. That means that even if someone could get hold of the template (which is unlikely), it is useless to them. The template cannot be reverse-engineered to generate an image of your fingerprint. It cannot be used in any other fingerprint recognition systems, either.

Why is it unlikely that someone can steal a fingerprint template? Because there is no data whatsoever stored on the ievo reader. It would be completely useless, even if someone ripped the reader off the wall and ran away with it. All fingerprint templates and other data are stored on the ievo Interface Board. This is a separate module installed away from the reader on the secure side of the door. Even if someone butchered a door and a wall and somehow managed to find the Interface Board, the data on it is still useless to them, thanks to our algorithm protection.

Your biometric data is not at risk if it is in the right hands. ievo solutions protect it robustly.

4. Biometric technology is unreliable

There are two primary measures of the reliability of biometric technology. False Acceptance Rate (FAR) and False Rejection Rate (FRR) indicate how often a system recognises someone it should not, or fails to recognise someone it should. For a long time, the reliability of biometric technology has called its reputation into question.

This is no longer the case. While early biometric recognition systems struggled, technology has come a long way quickly. Sensors are significantly better today than they were 20 years ago. Data can be captured and analysed in much more detail, much more rapidly.

Today, most biometric system manufacturers have to make a conscious choice to prioritise either high security or user convenience. This really depends on where the biometric authenticator is located and what it is for. For example, false acceptances are extremely dangerous in a military facility and cannot be tolerated. In this environment, it matters less if authorised people have to try a few times before being granted access, as user convenience is not as essential as security.

However, if your mobile phone’s fingerprint reader also prioritises security, having to scan multiple times to unlock it would be frustrating. So, it is probably more likely that your phone would allow a higher FAR to make the user experience as smooth as possible.

It is impossible to guarantee 0% FAR and 0% FRR. Many biometrics manufacturers now advertise 0.0001% or lower error rates and biometrics is a lot more secure than passwords; 80% of data breaches still occur due to weaknesses with traditional passwords². People write them down, tell them to someone else, auto-fill them, and forget them.

Twenty-one percent of Americans admit to resetting passwords more than once a week.

Biometrics is far more reliable than you think.

5. Biometric solutions are too expensive

For many, biometrics still feels like a futuristic, high-tech, Mission Impossible solution, and they assume that that means expensive.

It is all about perspective. The technology and components in biometric access control solutions are indeed newer and generally pricier than traditional card readers. However, looking at the medium- and long-term view, you might save money.

Firstly, there is no ongoing cost of a biometric solution. It is installed, it is used, and that is that. For card readers, that is very much not the case. People do many things with swipe cards: they lose them, forget them, damage them, or have them stolen. With card readers, while the upfront cost might be lower, you are committing to constant ongoing costs to replace or replenish stocks of cards or tags, not to mention the cost to the environment of constantly producing more (usually plastic) cards.

Secondly, there is the future-proofing factor. Investing in forward-thinking technology means it will work better for longer. Biometrics offers higher security and higher technology that increase the practical lifetime of a newly installed system. Opting for a cheaper card-based system, based on older technologies means are already playing catch-up. That might mean you have to rip and replace a system again in the not-so-distant future – with all the added costs that brings.

Things are changing

Understandably, people have reservations about biometrics. They are worried about security, data protection, reliability, and cost. Often, those worries are based on outdated information and technology experiences. Today, biometric solutions are viable, robust, and, dare we say it, cost-effective access control solutions.

For more information contact www.cdvi.co.uk

^[1] https://www.statista.com/topics/4989/biometric-technologies/

^[2] https://cybersecurity.asee.co/blog/password-statistics-that-will-change-your-attitude

Share this article:

Further reading: