2 Myth & 2 Truth About Bio-authentication
Bio-metrics using our physical characteristics to verify our identity. What has been advertised on the market is that it improves security level and make user experience much more simple.
While at the same time, we also hear the opposite voice, from time to time, about the failure of the technology and the risk of using it. In this article, I aim to summarize the research findings to understand the actual benefit and risk of bio-metrics and what what are the key hurdles for implementing biometrics in end-consumer products.
TechTarget defined Biometric payment as a point of sale (POS) technology that uses biometric authentication to identify the users and authorize the deduction of funds from a bank account. Fingerprint payment, based on finger-scanning, is the most common biometric payment method.
As the authentication involved physical characteristics (e.g. fingerprint; voice; pupil etc), there certainly need a “point” on which the “Sale” is confirmed. Nevertheless, the POS concept here is very different from how it is used currently on cash registers at the checkout.
DNA Matching: DNA profiling determines the number of VNTR repeats at a number of distinctive loci, and use it to create an individual's DNA profile. The main steps to create a DNA profile are: isolate the DNA (from a sample such as blood, saliva, hair, semen, or tissue), cut the DNA up into shorter fragments containing known VNTR areas, sort the DNA fragments by size, and compare the DNA fragments in different samples.
Iris Recognition: iris is a thin circular structure in the eye responsible for controlling the diameter and size of the pupil and thus the amount of light reaching the retina. Iris recognition uses pattern recognition technology based on high-resolution images of the irides of an individual’s eyes. It uses camera technology and subtle IR illustration to create detailed image of the iris. (Source: Explainthatstuff)
Retina Recognition: Retina is a thin tissue composed of neural cells that is located in the posterior portion of the eye. Because of the complex structure of the capillaries that supply the retina with blood, each person’s retina is unique. (Source: Wikipedia)
Face Identification: Biometric facial recognition systems measures and analyzes the overall structure, shape and proportions of the face: distance between the eyes, nose, mouth, and jaw edges; upper outlines of the eye sockets, the sides of the mouth, the location of the nose and eyes, the area surrounding the cheekbones.
Fingerprint Recognition: a fingerprint is made of a number of ridges and valleys on the surface of a finger; the uniqueness of a fingerprint can be determined by the pattern. The main technologies used to capture the fingerprint image with sufficient detail are optical, silicon, and ultrasound.
Signature Recognition: signature recognition systems measures and analyzes the physical activity of signing, such as the stroke order, the pressure applied and the speed. Some systems may also compare visual images of signatures, but the core of a signature biometric system is behavioral, i.e. how it is signed rather than visual, i.e. the image of the signature.
Speech Recognition: it is referred here specially on technologies that recognize if the person is the authenticated person instead of what the person is talking about. When we speak of a certain word, effectively, we are pronouncing a series of “phones” similar to LEGO blocks that put together to make castles, cars etc. They are what we actually speak.
4 different approaches are used to understand speech：
- Simple pattern matching: each spoke word is recognized in its entirely
- Pattern and feature analysis: each word is broken into bits and recognized from key features, e.g. vowels
- Language modeling and statistical analysis: the knowledge of grammar and the probability of certain words or sounds following on from one another is used to speed up recognition and improve accuracy
- Artificial neural network: brain-like computer model that can be reliably recognize pattern
There are two myth around bio-authentication:
Myth: Bio-authentication is Absolutely More Secure
|Change of Identical Records|
|DNA Matching||<1 in 100,000,000,000|
|Iris Recognition||1 in 1,000,000 to 2,000,000|
|Retina Recognition||1 in 1,000,000 to 2,000,000|
|Face Recognition||1 in 2|
|Fingerprint Recgnition||1 in 800,000 to 1,000,000,000|
|Signature Recognition||1 in 50|
|Voice Recognition||1 in 50|
|Common Password||1 in 10,000|
If you have noticed the current use of fingerprint, you will see that most of the time, it is serving as the second factor, you still need to enter the password. It is not able which one is “The One” but more about how we can utilize different authentication methods to their advantage for the purpose they are designed for.
Myth: Bio-authentication Method are all Pretty Much the Same
|DNA Matching||Many Sources: Blood; Nail; Hair; Saliva etc |
Accurate: Unique mapping of an individual
|Not Real-time |
Intrusive, a physical sample is needed
Expensive to be conducted
|Criminal trials, especially rape|
|Iris Recognition||Very stable technology |
Accurate: No fake acceptance so far
Once filed, the info can be used for lifetime
|Discomfort to use |
|Identity cards and passports, border control and other Government programmes, prison security, database access and computer login, hospital security, schools, aviation security, controlling access to restricted areas, buildings and homes.|
|Retina Recognition||Very stable technology |
Accurate: No fake acceptance so far
Once filed, the info can be used for lifetime
|Discomfort to use |
Enrollment is longer than iris recognition
Fear from the public that it may lead to disease
|Identify communicable diseases including AIDS, chicken pox and malaria and to scan for hereditary diseases including various types of cancers|
|Face Recognition||Non intrusive |
Can be done from remote
|Face can be easily altered||Access to restricted areas and buildings, banks, embassies, military sites, airports, law enforcement|
|Fingerprint Recognition||Easy to use |
Inexpensive to implement
Mature technology where large Database is available
|People with few minutia points can't use |
Obtain high-quality fingerprint can be hard
Considered an invasion of privacy to be watched
|Cell phones, USB flash drives, notebook computers and other applications where price, size, cost and low power are key requirements. Fingerprint biometric systems are also used for law enforcement, background searches to screen job applicants, healthcare and welfare|
|Signature Recognition||The behavior of signing is difficult to copy |
Accepted by the general population
|People don't sign consistently||Access to documents, contract / agreement execution, acknowledgement of goods or services received, banking services|
|Voice Recognition||Utilize existing telephones |
|High-false non-matching rates |
Not applicable to everybody
|Telephone-based application; Voice verification is used for government, healthcare, call centers, electronic commerce, financial services, customer authentication for service calls, and for house arrest and probation-related authentication|
|Common Password||Inexpensive |
Can be changed once compromised
|Easy to guess||Online payment; account log-in etc|
Bio-authentication methods all have different use cases determined by their advantages and disadvantages. Iris recognition applies perfectly in school, prison and other facilities that have a stable, predictable population and need for relatively highly accurate but non intrusive way to authenticate the individuals. While to make our mobile experience better, fingerprint authentication is the best option.
Myth: Iris Scanners can Harm My Body
Iris readers do not use lasers, but they do use near-infrared light. The amount of this light is no more than would be received by walking outside on a sunny day. There have been numerous reports on the safety of iris systems, and the fact that they are used by risk adverse government departments should attests to their safety.
On the other hand, 2 things remain true:
Truth: Biometrics will Bring Innovation to Payment as a More Convenient & Secure Authentication Method
According to a study done by Visa in 2016, when looking at the range of different payment situations at home or on the high street, over two-thirds (68%) want to use biometrics as a method of payment authentication. As the fraud technologies gets more advanced, news about large-scale account take-over becomes no novice on the news; consumers are told me set secure password, and change them regularly, but these requirements are not at all user friendly nor fair, they are what financial institutions force on us without asking if we like, what we as users actually should have been paid for because we are doing a favor, on top of paying our fees to them, to also make their life easier.
In this environment, biometric authentication as a more secure and user friendly option will certainly be welcomed from all parties involved in the payment value chain.
Truth; Machine Learning Will Continue to Play a Critical Role in Biometrics Authentication
For most of the time, biometric authentication is about recognition, the shape of your face, the verb you often use, the unique gene you have. The ability to understand more data and to build more agile model for operation determines the ability of any Biometrics authentication system. Machine learning helps to speed up model testing and provide real time feedback which eventually improve the system
3 Interesting Bio-authentication Products
MasterCard launched Selfie Pay
MasterCard launched its Selfie Pay Bio-authentication App in Europe.The biometric authentication app is being rolled out in Europe in the following markets: Austria, Belgium, the Czech Republic, Denmark, Finland, Germany, Hungary, the Netherlands, Norway, Spain, Sweden and the UK. The Selfie App will allow consumers to complete payment without a PIN or password, just with a photo.
Apple TouchID for Apply Pay
As of now, Apple TouchID is no where near a new technology. But back in 2013 when it launch iPhone 5s featuring the TouhID technology, it generated huge word-of-mouth and quickly became the industry standard.
Baidu Payment Voice Authentication
Baidu Payment demonstrated a video authentication payment prototype in the 2016 Global Mobile Internet Conference that use voice recognition technology to complete payment. The false match rate is under 1%.
Bio-metrics is one of the hottest area in the payment industry, nevertheless, if you have been involved in the implementation or development of a fraud management system, you will know there is on thing in common: fraud is going to be there, you can use the pupil or the selfie, it does not matter, any human developed system (including those that claim to have artificial intelligence) for such are built on models and data, and there is always a way to game to system. Nevertheless,