Companies must look out for the opportunities from biometrics
Organisations need to begin building strategies to capitalise on the opportunities offered by national identity schemes.
They need to start by acquiring a sound understanding of the opportunities that biometric technology can offer their organisations. It is already used by forward-looking companies from Disney to Pictet & Cie, the Swiss private bank.
In the UK, the Crosby Review - with contributions from companies such as British Airways, Barclays Bank and O 2 - points out that identity schemes offer economic and social advantages.
The UK's National Identity Scheme, which is coming closer to realisation, should become an accepted part of doing business with customers, partners and employees, particularly in a world of remote transactions.
However, the review also points out the scheme is dependent on the resilience verification processes - not least because more people will use a scheme if they see it as robust.
There are many approaches to establishing identity - passwords, PINs, and tokens of varying degrees of sophistication are in use; in the form of plain cards, photocards, cards with barcodes, cards with magnetic strips and micro-chips.
However, they all have shortcomings. Tokens can be misplaced or misappropriated; passwords and PINs observed and easily reproduced for fraudulent use.
Further, as these approaches proliferate, they become impractical, as their users struggle to remember numerous passwords and PINs, and wallets bulge with multiple cards and tokens.
Biometric technologies, such as the digital representation of facial, fingerprint or iris images, offer the prospect of eliminating tokens altogether. Our biometrics allow each of us to assert our identities when required in simple, rapid, convenient and reliable ways.
The UK government has recognised this and biometric technology is at the heart of the UK's scheme. But it is not just the public sector that recognises the potential of this technology: as far back as 2003, analysis suggests that a third of biometric deployments were in the private sector.
Forward-looking private sector organisations already benefit from adopting biometric technologies:
Disney uses unique finger measurements to cut ticket fraud and resale;
the airline SAS uses fingerprint biometrics at some Swedish airports to ensure that passengers who check in luggage board the aircraft;
Manchester Airport uses iris scans to simplify security screening processes and regulate staff access to restricted areas;
the Swiss private bank Pictet & Cie uses biometrics to control access for staff and account holders. The systems have increased security without requiring tokens or passwords and also reduced HR costs by providing staff attendance and timesheet capabilities;
a German nuclear power plant operator, Kern-kraftwerk Gundremmingen, uses facial recognition to identify staff and control access to restricted areas;
a number of other banking organisations use a variety of biometrics to control access to accounts.
However, biometrics are not a panacea. Their use can be costly, they are perceived as intrusive by some, and are not without implementation challenges.
The Chaos Computer Club has shown that biometrics can be copied, duplicated and used fraudulently. It recently published what it claims to be the fingerprint of a German government minister in a format that it says will fool many popular biometric reading devices.
There are several approaches to identity assurance and companies need to make a strategic decision about what is appropriate for their business, balancing the inevitable trade-offs between security, customer experience and operational efficiency.
Organisations that choose to adopt biometric technologies need to prepare carefully and have appropriate alternative processes in place, particularly to handle biometric rejections.
Individuals rejected by the biometric technology may be genuine customers or they may be fraudsters. How an organisation handles such situations will have a significant bearing upon its customers' experience and its own reputation.
Notwithstanding the im-plementation challenges, biometrics offers a protection against fraud that is not seen in token, password and PIN technologies.
This resilience will continue to strengthen in the future as improved "liveness detection" (to ensure a live body is presenting genuine biometrics) and other spoof-resistant technologies in biometric recording and reading equipment are developed and adopted.
Other emerging technologies that will have an impact on ID assurance over the next five to 10 years include significant improvements in the ergonomic design of biometric readers and recording equipment, better integration of multiple biometrics (multi-modal technologies), contact-less recorders, and improvements in the matching performance for other biometrics beyond face, finger and iris.
In particular, there are likely to be improvements in the performance of biometrics that can be recorded on the move, or at a distance, including iris and face recognition.
Research continues apace around the globe on gait, voice, vein pattern, hand geometry, ear geometry, odour, voice, retina and even "brainwave" patterns.
Organisations need to adopt an approach and a technology appropriate to their circumstances and implement it soon if they are not to be disadvantaged.
The UK National Identity Scheme should not be overlooked. It is coming, and as the UK's "universal" identity assurance solution, it will become ubiquitous in the next five to 10 years. Don't get left playing catch-up.
Alyson Reeves is a member of PA Consulting's management team and an identity management specialist