Skip to main content

2 Myth & 2 Truth About Bio-authentication

Bio-metrics using our physical characteristics to verify our identity. What has been advertised on the market is that it improves security level and make user experience much more simple. 

While at the same time, we also hear the opposite voice, from time to time, about the failure of the technology and the risk of using it. In this article, I aim to summarize the research findings to understand the actual benefit and risk of bio-metrics and what what are the key hurdles for implementing biometrics in end-consumer products.

TechTarget defined Biometric payment as a point of sale (POS) technology that uses biometric authentication to identify the users and authorize the deduction of funds from a bank account. Fingerprint payment, based on finger-scanning, is the most common biometric payment method. 

As the authentication involved physical characteristics (e.g. fingerprint; voice; pupil etc), there certainly need a “point” on which the “Sale” is confirmed. Nevertheless, the POS concept here is very different from how it is used currently on cash registers at the checkout.

DNA MatchingDNA profiling determines the number of VNTR repeats at a number of distinctive loci, and use it to create an individual's DNA profile. The main steps to create a DNA profile are: isolate the DNA (from a sample such as blood, saliva, hair, semen, or tissue), cut the DNA up into shorter fragments containing known VNTR areas, sort the DNA fragments by size, and compare the DNA fragments in different samples.

Iris Recognition: iris is a thin circular structure in the eye responsible for controlling the diameter and size of the pupil and thus the amount of light reaching the retina. Iris recognition uses pattern recognition technology based on high-resolution images of the irides of an individual’s eyes. It uses camera technology and subtle IR illustration to create detailed image of the iris. (Source: Explainthatstuff)

Retina Recognition: Retina is a thin tissue composed of neural cells that is located in the posterior portion of the eye. Because of the complex structure of the capillaries that supply the retina with blood, each person’s retina is unique. (Source: Wikipedia)

Face IdentificationBiometric facial recognition systems measures and analyzes the overall structure, shape and proportions of the face: distance between the eyes, nose, mouth, and jaw edges; upper outlines of the eye sockets, the sides of the mouth, the location of the nose and eyes, the area surrounding the cheekbones.

Fingerprint Recognition: a fingerprint is made of a number of ridges and valleys on the surface of a finger; the uniqueness of a fingerprint can be determined by the pattern. The main technologies used to capture the fingerprint image with sufficient detail are optical, silicon, and ultrasound.

Signature Recognitionsignature recognition systems measures and analyzes the physical activity of signing, such as the stroke order, the pressure applied and the speed. Some systems may also compare visual images of signatures, but the core of a signature biometric system is behavioral, i.e. how it is signed rather than visual, i.e. the image of the signature.

Speech Recognition: it is referred here specially on technologies that recognize if the person is the authenticated person instead of what the person is talking about. When we speak of a certain word, effectively, we are pronouncing a series of “phones” similar to LEGO blocks that put together to make castles, cars etc. They are what we actually speak. 

4 different approaches are used to understand speech:
  • Simple pattern matching: each spoke word is recognized in its entirely
  • Pattern and feature analysis: each word is broken into bits and recognized from key features, e.g. vowels
  • Language modeling and statistical analysis: the knowledge of grammar and the probability of certain words or sounds following on from one another is used to speed up  recognition and improve accuracy
  • Artificial neural network: brain-like computer model that can be reliably recognize pattern  

There are two myth around bio-authentication:

Myth: Bio-authentication is Absolutely More Secure

  Change of Identical Records
DNA Matching <1 in 100,000,000,000
Iris Recognition 1 in 1,000,000 to 2,000,000
Retina Recognition 1 in 1,000,000 to 2,000,000
Face Recognition 1 in 2
Fingerprint Recgnition 1 in 800,000 to 1,000,000,000
Signature Recognition 1 in 50
Voice Recognition 1 in 50
Common Password 1 in 10,000

If you have noticed the current use of fingerprint, you will see that most of the time, it is serving as the second factor, you still need to enter the password. It is not able which one is “The One” but more about how we can utilize different authentication methods to their advantage for the purpose they are designed for. 

Myth: Bio-authentication Method are all Pretty Much the Same

  Advantage Disadvantage Use Cases
DNA Matching Many Sources: Blood; Nail; Hair; Saliva etc
Accurate: Unique mapping of an individual
Not Real-time
Intrusive, a physical sample is needed
Expensive to be conducted
Criminal trials, especially rape
Iris Recognition Very stable technology
Accurate: No fake acceptance so far
Non intrusive
Once filed, the info can be used for lifetime
Discomfort to use
Low scalability
Identity cards and passports, border control and other Government programmes, prison security, database access and computer login, hospital security, schools, aviation security, controlling access to restricted areas, buildings and homes.
Retina Recognition Very stable technology
Accurate: No fake acceptance so far
Non intrusive
Once filed, the info can be used for lifetime
Discomfort to use
Enrollment is longer than iris recognition
Fear from the public that it may lead to disease
Low scalability
Identify communicable diseases including AIDS, chicken pox and malaria and to scan for hereditary diseases including various types of cancers
Face Recognition Non intrusive
Can be done from remote
Face can be easily altered Access to restricted areas and buildings, banks, embassies, military sites, airports, law enforcement
Fingerprint Recognition Easy to use
Inexpensive to implement
Mature technology where large Database is available
People with few minutia points can't use
Obtain high-quality fingerprint can be hard
Considered an invasion of privacy to be watched 
Cell phones, USB flash drives, notebook computers and other applications where price, size, cost and low power are key requirements. Fingerprint biometric systems are also used for law enforcement, background searches to screen job applicants, healthcare and welfare
Signature Recognition The behavior of signing is difficult to copy
Accepted by the general population
Mature technology
People don't sign consistently Access to documents, contract / agreement execution, acknowledgement of goods or services received, banking services
Voice Recognition Utilize existing telephones
High-false non-matching rates
Not applicable to everybody
Telephone-based application; Voice verification is used for government, healthcare, call centers, electronic commerce, financial services, customer authentication for service calls, and for house arrest and probation-related authentication
Common Password Inexpensive
Can be changed once compromised
Easy to guess Online payment; account log-in etc

Bio-authentication methods all have different use cases determined by their advantages and disadvantages. Iris recognition applies perfectly in school, prison and other facilities that have a stable, predictable population and need for relatively highly accurate but non intrusive way to authenticate the individuals. While to make our mobile experience better, fingerprint authentication is the best option.

Myth: Iris Scanners can Harm My Body

Iris readers do not use lasers, but they do use near-infrared light. The amount of this light is no more than would be received by walking outside on a sunny day. There have been numerous reports on the safety of iris systems, and the fact that they are used by risk adverse government departments should attests to their safety.

On the other hand, 2 things remain true: 

Truth: Biometrics will Bring Innovation to Payment as a More Convenient & Secure Authentication Method 

According to a study done by Visa in 2016, when looking at the range of different payment situations at home or on the high street, over two-thirds (68%) want to use biometrics as a method of payment authentication. As the fraud technologies gets more advanced, news about large-scale account take-over becomes no novice on the news; consumers are told me set secure password, and change them regularly, but these requirements are not at all user friendly nor fair, they are what financial institutions force on us without asking if we like, what we as users actually should have been paid for because we are doing a favor, on top of paying our fees to them, to also make their life easier. 

In this environment, biometric authentication as a more secure and user friendly option will certainly be welcomed from all parties involved in the payment value chain.

Truth; Machine Learning Will Continue to Play a Critical Role in Biometrics Authentication

For most of the time, biometric authentication is about recognition, the shape of your face, the verb you often use, the unique gene you have. The ability to understand more data and to build more agile model for operation determines the ability of any Biometrics authentication system. Machine learning helps to speed up model testing and provide real time feedback which eventually improve the system

3 Interesting Bio-authentication Products

MasterCard launched Selfie Pay

MasterCard launched its Selfie Pay Bio-authentication App in Europe.The biometric authentication app is being rolled out in Europe in the following markets: Austria, Belgium, the Czech Republic, Denmark, Finland, Germany, Hungary, the Netherlands, Norway, Spain, Sweden and the UK. The Selfie App will allow consumers to complete payment without a PIN or password, just with a photo.

Apple TouchID for Apply Pay

As of now, Apple TouchID is no where near a new technology. But back in 2013 when it launch iPhone 5s featuring the TouhID technology, it generated huge word-of-mouth and quickly became the industry standard. 

Baidu Payment Voice Authentication

Baidu Payment demonstrated a video authentication payment prototype in the 2016 Global Mobile Internet Conference that use voice recognition technology to complete payment. The false match rate is under 1%.

Bio-metrics is one of the hottest area in the payment industry, nevertheless, if you have been involved in the implementation or development of a fraud management system, you will know there is on thing in common: fraud is going to be there, you can use the pupil or the selfie, it does not matter, any human developed system (including those that claim to have artificial intelligence) for such are built on models and data, and there is always a way to game to system. Nevertheless, 

Popular posts from this blog

4 Techniques to Make Your UX Review Meetings Successful

As a product manager, I often need to sit down with the executive management team to get their feedback on the new designs. It can be a frustrating process and many times I found that I cannot get things down in the time I am allowed to have.
Nevertheless, not having the sign-off from management is terrible for the team, we face high risk of having to re-work (yes, we always need to re-work, but it feels better if it is an improvement), schedule get delayed etc.
Over my 200+ review meetings, i've came to understand the reasons and learnt skills on how to stir the meeting towards an efficient completion, and I want to share them with you.
There are 4 key reasons of an unsuccessful product review meeting: 
1. Audience Lack the Background Knowledge: especially when introducing a new function, executives don’t know what they are looking at, or how the end users will be using such function, you may have sent the presentation before and again in the meeting invite, it doesn’t matter;

2. T…

How to Do Market Research and Competitor Benchmarking

Congratulation, you have validated your business idea from the people around you and it looks good in their eyes. You want to go ahead and start working on the idea.
No matter if you are a veteran in the industry and have good connections to help you start; or your idea came from your personal experience while you have little experience on the market.The first thing you will end up doing is market research.
Remember, you are doing the research to: Make sure the idea in a correct way;Identify what your end users are comparing toUnderstand what challenges you will face;See how you can make money;
You are not doing the research to: Copy what the other companies are doing Exhaust all potential competitors in the market
What I always to, is a 5+1 market analysis. In the beginning, I would start with a 5-day analysis with the following schedule:
Day 1: Find a list of companies that are targeting the same end users you want to approach 
For most of us, finding the list of companies that are target…

Indie Game: What Developers Should Do and PLayers Should Play

What does indie game stands for? What is the market and market growth for indie games?
Indie games are video games that are created without the support of a publisher (E.g. EA games; Microsoft etc). Indie game developers am to bring innovation to the market, they focus on digital channels (APP stores; online marketplace) to distribute the games.
Perhaps James Swirsky And Lisanne Pajot's movie "Indie Game" best visualize the community working on indie games. This is a group of entrepreneurs seeking to realize their ideal, keep refining the work they have done and hope to find others who believe the same.
I researched on the well recognized forums, bloggers, and platform operators (E.f. Steam) to construct a comprehensive list of 100+ popular indie games to try to see what criteria are important for a good indie game. 

My logic is: indie game mostly face serious gamers (people who spend a significant hours of their week playing games), there are certain special requirements fr…