Skip to main content

2 Myth & 2 Truth About Bio-authentication


Bio-metrics using our physical characteristics to verify our identity. What has been advertised on the market is that it improves security level and make user experience much more simple. 

While at the same time, we also hear the opposite voice, from time to time, about the failure of the technology and the risk of using it. In this article, I aim to summarize the research findings to understand the actual benefit and risk of bio-metrics and what what are the key hurdles for implementing biometrics in end-consumer products.

TechTarget defined Biometric payment as a point of sale (POS) technology that uses biometric authentication to identify the users and authorize the deduction of funds from a bank account. Fingerprint payment, based on finger-scanning, is the most common biometric payment method. 

As the authentication involved physical characteristics (e.g. fingerprint; voice; pupil etc), there certainly need a “point” on which the “Sale” is confirmed. Nevertheless, the POS concept here is very different from how it is used currently on cash registers at the checkout.

DNA MatchingDNA profiling determines the number of VNTR repeats at a number of distinctive loci, and use it to create an individual's DNA profile. The main steps to create a DNA profile are: isolate the DNA (from a sample such as blood, saliva, hair, semen, or tissue), cut the DNA up into shorter fragments containing known VNTR areas, sort the DNA fragments by size, and compare the DNA fragments in different samples.

Iris Recognition: iris is a thin circular structure in the eye responsible for controlling the diameter and size of the pupil and thus the amount of light reaching the retina. Iris recognition uses pattern recognition technology based on high-resolution images of the irides of an individual’s eyes. It uses camera technology and subtle IR illustration to create detailed image of the iris. (Source: Explainthatstuff)



Retina Recognition: Retina is a thin tissue composed of neural cells that is located in the posterior portion of the eye. Because of the complex structure of the capillaries that supply the retina with blood, each person’s retina is unique. (Source: Wikipedia)



Face IdentificationBiometric facial recognition systems measures and analyzes the overall structure, shape and proportions of the face: distance between the eyes, nose, mouth, and jaw edges; upper outlines of the eye sockets, the sides of the mouth, the location of the nose and eyes, the area surrounding the cheekbones.



Fingerprint Recognition: a fingerprint is made of a number of ridges and valleys on the surface of a finger; the uniqueness of a fingerprint can be determined by the pattern. The main technologies used to capture the fingerprint image with sufficient detail are optical, silicon, and ultrasound.



Signature Recognitionsignature recognition systems measures and analyzes the physical activity of signing, such as the stroke order, the pressure applied and the speed. Some systems may also compare visual images of signatures, but the core of a signature biometric system is behavioral, i.e. how it is signed rather than visual, i.e. the image of the signature.


Speech Recognition: it is referred here specially on technologies that recognize if the person is the authenticated person instead of what the person is talking about. When we speak of a certain word, effectively, we are pronouncing a series of “phones” similar to LEGO blocks that put together to make castles, cars etc. They are what we actually speak. 

4 different approaches are used to understand speech:
  • Simple pattern matching: each spoke word is recognized in its entirely
  • Pattern and feature analysis: each word is broken into bits and recognized from key features, e.g. vowels
  • Language modeling and statistical analysis: the knowledge of grammar and the probability of certain words or sounds following on from one another is used to speed up  recognition and improve accuracy
  • Artificial neural network: brain-like computer model that can be reliably recognize pattern  


There are two myth around bio-authentication:

Myth: Bio-authentication is Absolutely More Secure

  Change of Identical Records
DNA Matching <1 in 100,000,000,000
Iris Recognition 1 in 1,000,000 to 2,000,000
Retina Recognition 1 in 1,000,000 to 2,000,000
Face Recognition 1 in 2
Fingerprint Recgnition 1 in 800,000 to 1,000,000,000
Signature Recognition 1 in 50
Voice Recognition 1 in 50
Common Password 1 in 10,000


If you have noticed the current use of fingerprint, you will see that most of the time, it is serving as the second factor, you still need to enter the password. It is not able which one is “The One” but more about how we can utilize different authentication methods to their advantage for the purpose they are designed for. 

Myth: Bio-authentication Method are all Pretty Much the Same

  Advantage Disadvantage Use Cases
DNA Matching Many Sources: Blood; Nail; Hair; Saliva etc
Accurate: Unique mapping of an individual
Not Real-time
Intrusive, a physical sample is needed
Expensive to be conducted
Criminal trials, especially rape
Iris Recognition Very stable technology
Accurate: No fake acceptance so far
Non intrusive
Once filed, the info can be used for lifetime
Discomfort to use
Low scalability
Identity cards and passports, border control and other Government programmes, prison security, database access and computer login, hospital security, schools, aviation security, controlling access to restricted areas, buildings and homes.
Retina Recognition Very stable technology
Accurate: No fake acceptance so far
Non intrusive
Once filed, the info can be used for lifetime
Discomfort to use
Enrollment is longer than iris recognition
Fear from the public that it may lead to disease
Low scalability
Identify communicable diseases including AIDS, chicken pox and malaria and to scan for hereditary diseases including various types of cancers
Face Recognition Non intrusive
Can be done from remote
Face can be easily altered Access to restricted areas and buildings, banks, embassies, military sites, airports, law enforcement
Fingerprint Recognition Easy to use
Non-instrusive
Inexpensive to implement
Mature technology where large Database is available
People with few minutia points can't use
Obtain high-quality fingerprint can be hard
Considered an invasion of privacy to be watched 
Cell phones, USB flash drives, notebook computers and other applications where price, size, cost and low power are key requirements. Fingerprint biometric systems are also used for law enforcement, background searches to screen job applicants, healthcare and welfare
Signature Recognition The behavior of signing is difficult to copy
Accepted by the general population
Mature technology
People don't sign consistently Access to documents, contract / agreement execution, acknowledgement of goods or services received, banking services
Voice Recognition Utilize existing telephones
Non-instrusive
High-false non-matching rates
Not applicable to everybody
Telephone-based application; Voice verification is used for government, healthcare, call centers, electronic commerce, financial services, customer authentication for service calls, and for house arrest and probation-related authentication
Common Password Inexpensive
Can be changed once compromised
Easy to guess Online payment; account log-in etc

Bio-authentication methods all have different use cases determined by their advantages and disadvantages. Iris recognition applies perfectly in school, prison and other facilities that have a stable, predictable population and need for relatively highly accurate but non intrusive way to authenticate the individuals. While to make our mobile experience better, fingerprint authentication is the best option.

Myth: Iris Scanners can Harm My Body

Iris readers do not use lasers, but they do use near-infrared light. The amount of this light is no more than would be received by walking outside on a sunny day. There have been numerous reports on the safety of iris systems, and the fact that they are used by risk adverse government departments should attests to their safety.

On the other hand, 2 things remain true: 

Truth: Biometrics will Bring Innovation to Payment as a More Convenient & Secure Authentication Method 

According to a study done by Visa in 2016, when looking at the range of different payment situations at home or on the high street, over two-thirds (68%) want to use biometrics as a method of payment authentication. As the fraud technologies gets more advanced, news about large-scale account take-over becomes no novice on the news; consumers are told me set secure password, and change them regularly, but these requirements are not at all user friendly nor fair, they are what financial institutions force on us without asking if we like, what we as users actually should have been paid for because we are doing a favor, on top of paying our fees to them, to also make their life easier. 

In this environment, biometric authentication as a more secure and user friendly option will certainly be welcomed from all parties involved in the payment value chain.

Truth; Machine Learning Will Continue to Play a Critical Role in Biometrics Authentication

For most of the time, biometric authentication is about recognition, the shape of your face, the verb you often use, the unique gene you have. The ability to understand more data and to build more agile model for operation determines the ability of any Biometrics authentication system. Machine learning helps to speed up model testing and provide real time feedback which eventually improve the system

3 Interesting Bio-authentication Products

MasterCard launched Selfie Pay

MasterCard launched its Selfie Pay Bio-authentication App in Europe.The biometric authentication app is being rolled out in Europe in the following markets: Austria, Belgium, the Czech Republic, Denmark, Finland, Germany, Hungary, the Netherlands, Norway, Spain, Sweden and the UK. The Selfie App will allow consumers to complete payment without a PIN or password, just with a photo.

Apple TouchID for Apply Pay

As of now, Apple TouchID is no where near a new technology. But back in 2013 when it launch iPhone 5s featuring the TouhID technology, it generated huge word-of-mouth and quickly became the industry standard. 

Baidu Payment Voice Authentication

Baidu Payment demonstrated a video authentication payment prototype in the 2016 Global Mobile Internet Conference that use voice recognition technology to complete payment. The false match rate is under 1%.




Bio-metrics is one of the hottest area in the payment industry, nevertheless, if you have been involved in the implementation or development of a fraud management system, you will know there is on thing in common: fraud is going to be there, you can use the pupil or the selfie, it does not matter, any human developed system (including those that claim to have artificial intelligence) for such are built on models and data, and there is always a way to game to system. Nevertheless, 

Comments

Popular posts from this blog

Will AI Believe in God?

I came across an interesting article recently on Gizmono ( Link ) titled “when superintelligent AI arrives, will religions try to convert it”,  The key question seems to be simple at the first glance. The commonality among all different interviewees suggest that there is some kind of criteria the Strong AI has to pass to be qualify as human to be relevant to the religion.  The complication comes in that different party seems to have different criteria, to summarize: If Strong AI has a soul? If Strong AI has a soul an spirit? And for the very fact that it is about AI and religion, let’s refer to Bible for the definition of spirit.  What is the definition of Soul:   the   spiritual   part   of   humans   regarded   in   its   moral  aspect ,   or   as   believed   to   survive   death   and   be subject  to   happiness   or   misery   in   a   life   to   come.  “In Noah’s day . . . a few people, that is, eight souls, were carried safely through the water.” (1 Pe

8 Takeaways on Productive Usability Tests

Please, test it.  The fact you believe in your idea, or that your investor do as well, it means a lot about creating a wonderful team and culture. It does not mean your customer will buy into that.  There is a long way between what the market opportunity (as the market analysis and the founder’s vision is) and what the actual product is. Of the thousands of products in different countries that seems to solve the same problem (you may call them competitors if you want), which one will win the customers’ favor now and in the future? Usability test helps to provides insight on that. Or in other words. usability test tells you, at the current state of mind, your customer will most likely find your product to be value if you do … in the following way … and … in the following way ... As you can see, these findings can be translated to what you can include in your MVP, why a certain design or feature did not meet the expectation (or will ever meet) and what you may decide