· 5 min read

Biometrics and Consumer Trust

Alan Hodgson
Alan Hodgson · Consultant in Security Printing Technologies
Biometrics and Consumer Trust

The issue of biometric authentication of identity is a topic that has a rightful place in this newsletter. There are many aspects to this debate and last month the topics of fingerprint readers and ‘Security vs Convenience’ were explored.

The aim of this article is to look back at how we got here and raise some questions as to where this may lead in terms of consumer trust in smartphone-based identity applications.

How did we get here?

One of the early challenges with smartphones was the need to verify that the user is entitled to access the device. Smartphone implementations initially required the input of a PIN code (Personal Identification Number) to unlock the device as a way to deter theft or unauthorised access to services. However, the capabilities now built into smartphones allow identity verification without such manual entry of PIN codes by the acquisition of biometric data on the user.

Although PIN codes may be considered as unsophisticated, this basic method still provides several advantages. It requires no hardware other than some form of keypad (physical or touchscreen) that would already be integrated into many mobile devices, smartphones being a prime example. More subtly, it confers on the user the right to be forgotten – the user can opt to change a PIN, an important difference to biometrics.

However, the sociotechnical environment has created a whole range of online applications that have the requirement for personal authentication, such as e-commerce and entertainment. As a result, a consumer faced with the prospect of managing a multitude of PIN combinations and entering them many times in an average day seeks innovative solutions that balance security with user convenience.

The industry has responded with various modes of biometric authentication that facilitate the linking of device and authorized user and making PIN entry largely redundant.

The FIDO alliance was created to reduce the world’s, reliance on passwords for personal authentication and replace it with an alternative to facilitate secure and fast login experiences for websites and apps. Biometric authentication is a route to this and in 2022 FIDO members Apple, Google and Microsoft agreed to move down this route and eliminate password- based authentication. The consensus position in this sector is to move towards biometrics, further emphasising the importance of biometric authentication on the smartphone platform.

Many current and proposed applications for mobile smart devices require the verification of the identity of the user. This requirement can be considered at various levels; from the request to access the hardware of a device, the use of pre-paid services through to e-commerce and electronic identity. A continuum of methods of verification has evolved to this end, and this evolution looks set to continue as the industry ponders the technologies that could replace the smartphone.

At a device level, biometric authentication can be used to deter theft or unauthorised access to the mobile device or services. Rather than use PIN numbers or passwords, this method uses a biometric characteristic of a user to authorize a transaction or access to services. Biometrics currently in use for this purpose include fingerprints, iris patterns and facial features, but this list may yet expand.

In essence, biometric authentication relies on the acquisition of some unique biological characteristic of a user and compares this to previously verified data. If the system detects a match, the user is deemed to have authorization to access services. Such systems can be made to be much more user friendly than PIN based authentication, but it is my belief that consumers may well return to consider the ‘price’ of all of this.

Those professionally involved in identity will recognise the difference between biometrics for recognition (1:N searches) and authentication (1:1 searches) but this difference may not be as apparent to many consumers. As exemplified by the debate around the acceptance of facial recognition in public places, there are still consumer concerns to be addressed. This debate could be distilled down to one of balance between trust and convenience.

The balance of trust and convenience

There are a number of ways to distil down this balance in terms of consumer acceptability. It could be considered as one of utility vs privacy (IDN May 2022) or as explored last month, security vs convenience. Here I propose that we explore the concept of trust, a topic that has repeatedly surfaced in the transition from physical to digital documents.

In the transition from PIN codes to biometrics, consumers were in general motivated by the gains in convenience that this brought and the belief that the balance between data security and convenience had not changed markedly.

However, the popular press regularly features stories around large-scale data theft, cyber-security issues and spoofing of biometric authentication that could erode trust in this.

With the use of mobile devices becoming ever wider, I believe consumers will need reassurance on some key questions.

As the smartphone (and later the Wearable Smart Device) hosts access to your life vault of personal data, medical information and your identity, how can they trust that this will be kept safe?

What structures are in place to ensure this and how to make a fair comparison between different offerings?

The transition to mobile identity raises some very important issues for citizens, specifically regarding security and privacy. However, as smartphone models are now fitted with biometric authentication as standard, the issue of protecting personal data and how the biometric is being used will continue to be a trust issue. In the era of physical documents this trust was vested with government agencies, but in the digital world it has moved on to companies in the fintech and tech giant sectors.

The core issue for financial institutions and governments is both the actual incidence of data loss or fraud and the consequential reputational damage. From the perspective of the user, it may well be one of trust; which can be impacted by both real and reported issues. Taken together, these issues suggest that the balance between consumer trust and convenience is something our industry would be well advised to continually consider.

The issue of trust has been a topic at past Digital Document Security (now ODDS) conferences – see IDN April 2021. I look forward to its re-emergence in Prague in April 2023.

opticaldigitalsecurity.com

Subscriber content

Read the full article

Full access to ID & Secure Document News articles, newsletters and archives.

Sign Up to ID & Secure Document News Weekly

Receive regular updates on the latest news and articles posted on our website.

Verity

Verity

AI search assistant

Ask me anything from the ID & Secure Document News archives.

free questions remaining