Skip to main content

2 Myth & 2 Truth About Bio-authentication

Bio-metrics using our physical characteristics to verify our identity. What has been advertised on the market is that it improves security level and make user experience much more simple. 

While at the same time, we also hear the opposite voice, from time to time, about the failure of the technology and the risk of using it. In this article, I aim to summarize the research findings to understand the actual benefit and risk of bio-metrics and what what are the key hurdles for implementing biometrics in end-consumer products.

TechTarget defined Biometric payment as a point of sale (POS) technology that uses biometric authentication to identify the users and authorize the deduction of funds from a bank account. Fingerprint payment, based on finger-scanning, is the most common biometric payment method. 

As the authentication involved physical characteristics (e.g. fingerprint; voice; pupil etc), there certainly need a “point” on which the “Sale” is confirmed. Nevertheless, the POS concept here is very different from how it is used currently on cash registers at the checkout.

DNA MatchingDNA profiling determines the number of VNTR repeats at a number of distinctive loci, and use it to create an individual's DNA profile. The main steps to create a DNA profile are: isolate the DNA (from a sample such as blood, saliva, hair, semen, or tissue), cut the DNA up into shorter fragments containing known VNTR areas, sort the DNA fragments by size, and compare the DNA fragments in different samples.

Iris Recognition: iris is a thin circular structure in the eye responsible for controlling the diameter and size of the pupil and thus the amount of light reaching the retina. Iris recognition uses pattern recognition technology based on high-resolution images of the irides of an individual’s eyes. It uses camera technology and subtle IR illustration to create detailed image of the iris. (Source: Explainthatstuff)

Retina Recognition: Retina is a thin tissue composed of neural cells that is located in the posterior portion of the eye. Because of the complex structure of the capillaries that supply the retina with blood, each person’s retina is unique. (Source: Wikipedia)

Face IdentificationBiometric facial recognition systems measures and analyzes the overall structure, shape and proportions of the face: distance between the eyes, nose, mouth, and jaw edges; upper outlines of the eye sockets, the sides of the mouth, the location of the nose and eyes, the area surrounding the cheekbones.

Fingerprint Recognition: a fingerprint is made of a number of ridges and valleys on the surface of a finger; the uniqueness of a fingerprint can be determined by the pattern. The main technologies used to capture the fingerprint image with sufficient detail are optical, silicon, and ultrasound.

Signature Recognitionsignature recognition systems measures and analyzes the physical activity of signing, such as the stroke order, the pressure applied and the speed. Some systems may also compare visual images of signatures, but the core of a signature biometric system is behavioral, i.e. how it is signed rather than visual, i.e. the image of the signature.

Speech Recognition: it is referred here specially on technologies that recognize if the person is the authenticated person instead of what the person is talking about. When we speak of a certain word, effectively, we are pronouncing a series of “phones” similar to LEGO blocks that put together to make castles, cars etc. They are what we actually speak. 

4 different approaches are used to understand speech:
  • Simple pattern matching: each spoke word is recognized in its entirely
  • Pattern and feature analysis: each word is broken into bits and recognized from key features, e.g. vowels
  • Language modeling and statistical analysis: the knowledge of grammar and the probability of certain words or sounds following on from one another is used to speed up  recognition and improve accuracy
  • Artificial neural network: brain-like computer model that can be reliably recognize pattern  

There are two myth around bio-authentication:

Myth: Bio-authentication is Absolutely More Secure

  Change of Identical Records
DNA Matching <1 in 100,000,000,000
Iris Recognition 1 in 1,000,000 to 2,000,000
Retina Recognition 1 in 1,000,000 to 2,000,000
Face Recognition 1 in 2
Fingerprint Recgnition 1 in 800,000 to 1,000,000,000
Signature Recognition 1 in 50
Voice Recognition 1 in 50
Common Password 1 in 10,000

If you have noticed the current use of fingerprint, you will see that most of the time, it is serving as the second factor, you still need to enter the password. It is not able which one is “The One” but more about how we can utilize different authentication methods to their advantage for the purpose they are designed for. 

Myth: Bio-authentication Method are all Pretty Much the Same

  Advantage Disadvantage Use Cases
DNA Matching Many Sources: Blood; Nail; Hair; Saliva etc
Accurate: Unique mapping of an individual
Not Real-time
Intrusive, a physical sample is needed
Expensive to be conducted
Criminal trials, especially rape
Iris Recognition Very stable technology
Accurate: No fake acceptance so far
Non intrusive
Once filed, the info can be used for lifetime
Discomfort to use
Low scalability
Identity cards and passports, border control and other Government programmes, prison security, database access and computer login, hospital security, schools, aviation security, controlling access to restricted areas, buildings and homes.
Retina Recognition Very stable technology
Accurate: No fake acceptance so far
Non intrusive
Once filed, the info can be used for lifetime
Discomfort to use
Enrollment is longer than iris recognition
Fear from the public that it may lead to disease
Low scalability
Identify communicable diseases including AIDS, chicken pox and malaria and to scan for hereditary diseases including various types of cancers
Face Recognition Non intrusive
Can be done from remote
Face can be easily altered Access to restricted areas and buildings, banks, embassies, military sites, airports, law enforcement
Fingerprint Recognition Easy to use
Inexpensive to implement
Mature technology where large Database is available
People with few minutia points can't use
Obtain high-quality fingerprint can be hard
Considered an invasion of privacy to be watched 
Cell phones, USB flash drives, notebook computers and other applications where price, size, cost and low power are key requirements. Fingerprint biometric systems are also used for law enforcement, background searches to screen job applicants, healthcare and welfare
Signature Recognition The behavior of signing is difficult to copy
Accepted by the general population
Mature technology
People don't sign consistently Access to documents, contract / agreement execution, acknowledgement of goods or services received, banking services
Voice Recognition Utilize existing telephones
High-false non-matching rates
Not applicable to everybody
Telephone-based application; Voice verification is used for government, healthcare, call centers, electronic commerce, financial services, customer authentication for service calls, and for house arrest and probation-related authentication
Common Password Inexpensive
Can be changed once compromised
Easy to guess Online payment; account log-in etc

Bio-authentication methods all have different use cases determined by their advantages and disadvantages. Iris recognition applies perfectly in school, prison and other facilities that have a stable, predictable population and need for relatively highly accurate but non intrusive way to authenticate the individuals. While to make our mobile experience better, fingerprint authentication is the best option.

Myth: Iris Scanners can Harm My Body

Iris readers do not use lasers, but they do use near-infrared light. The amount of this light is no more than would be received by walking outside on a sunny day. There have been numerous reports on the safety of iris systems, and the fact that they are used by risk adverse government departments should attests to their safety.

On the other hand, 2 things remain true: 

Truth: Biometrics will Bring Innovation to Payment as a More Convenient & Secure Authentication Method 

According to a study done by Visa in 2016, when looking at the range of different payment situations at home or on the high street, over two-thirds (68%) want to use biometrics as a method of payment authentication. As the fraud technologies gets more advanced, news about large-scale account take-over becomes no novice on the news; consumers are told me set secure password, and change them regularly, but these requirements are not at all user friendly nor fair, they are what financial institutions force on us without asking if we like, what we as users actually should have been paid for because we are doing a favor, on top of paying our fees to them, to also make their life easier. 

In this environment, biometric authentication as a more secure and user friendly option will certainly be welcomed from all parties involved in the payment value chain.

Truth; Machine Learning Will Continue to Play a Critical Role in Biometrics Authentication

For most of the time, biometric authentication is about recognition, the shape of your face, the verb you often use, the unique gene you have. The ability to understand more data and to build more agile model for operation determines the ability of any Biometrics authentication system. Machine learning helps to speed up model testing and provide real time feedback which eventually improve the system

3 Interesting Bio-authentication Products

MasterCard launched Selfie Pay

MasterCard launched its Selfie Pay Bio-authentication App in Europe.The biometric authentication app is being rolled out in Europe in the following markets: Austria, Belgium, the Czech Republic, Denmark, Finland, Germany, Hungary, the Netherlands, Norway, Spain, Sweden and the UK. The Selfie App will allow consumers to complete payment without a PIN or password, just with a photo.

Apple TouchID for Apply Pay

As of now, Apple TouchID is no where near a new technology. But back in 2013 when it launch iPhone 5s featuring the TouhID technology, it generated huge word-of-mouth and quickly became the industry standard. 

Baidu Payment Voice Authentication

Baidu Payment demonstrated a video authentication payment prototype in the 2016 Global Mobile Internet Conference that use voice recognition technology to complete payment. The false match rate is under 1%.

Bio-metrics is one of the hottest area in the payment industry, nevertheless, if you have been involved in the implementation or development of a fraud management system, you will know there is on thing in common: fraud is going to be there, you can use the pupil or the selfie, it does not matter, any human developed system (including those that claim to have artificial intelligence) for such are built on models and data, and there is always a way to game to system. Nevertheless, 

Popular posts from this blog

4 Techniques to Make Your UX Review Meetings Successful

As a product manager, I often need to sit down with the executive management team to get their feedback on the new designs. It can be a frustrating process and many times I found that I cannot get things down in the time I am allowed to have.
Nevertheless, not having the sign-off from management is terrible for the team, we face high risk of having to re-work (yes, we always need to re-work, but it feels better if it is an improvement), schedule get delayed etc.
Over my 200+ review meetings, i've came to understand the reasons and learnt skills on how to stir the meeting towards an efficient completion, and I want to share them with you.
There are 4 key reasons of an unsuccessful product review meeting: 
1. Audience Lack the Background Knowledge: especially when introducing a new function, executives don’t know what they are looking at, or how the end users will be using such function, you may have sent the presentation before and again in the meeting invite, it doesn’t matter;

2. T…

What Changes will Machines Bring to us - As Employees

Machine learning to the employment has been a topic in debate. Darrell West, in his paper titled "What happens if robots take the jobs? The impact of emerging technologies on employment and public policy” suggested a list of actions government should take to ensure people whose job has been replaced by machines can live a decent live. The general sentiment seems to suggest a turbulent era as work force transform.

Growing up in China during the time of State owned enterprise reform, I had real experience living through the time of large group of people being laid off because the jobs were suddenly gone. My parent’s generation had to learn new skills for a completely new industry at their 40s and 50s. Few of them made it and even became millionaire, many of them didn’t and the family suffered a lot. I followed the news of Detroit Car manufacturing industry lapse and it shows familiar traits. The fact is, jobs come and go all the time, employee as a group will constantly adapt while …

21 Tops on How to Write a Successful Blog

Hubspot and General Assembly came together to offer a 10 week planner for successful blog. The type of blog discussed in this plan are corporate blogs used to bring people to the site and explore what the company is doing, potentially generate a lead.

Identify Your Target Persona: talk to sales team and research contract dataStart Building Evergreen Content: start with evergreen contents that stay relevant though time; do keyword search to see what people are searchingChoose the Right Content Management Tool: a good tool is easy to use and allow users to track metrics such as conversion rate, page view, and where traffic come fromDesign Your Blog: consistent layout; Focus on Your Content Strategy: basically it is depending on what you wantSet Subscriber Path: there needs to be a workflow for emailing the subscriber, a subscription form and an unsubscribe form. Hubspot is towards the "don’t email your subscribers too often” group while I also heard UI Breakfast Jane Portman talked …