|Biometrics is most useful as an additional |
level of authentication — determining that
you are who you say you are
“I believe this is changing,” says Rueben Orr, CPP, vice president and co-owner of Denver-based Security Install Solutions and vice chairman of the ASIS International Physical Security Council. “People are using fingerprint technology to log into their computers and phone. They understand that this is a good way to protect the personal information stored in those devices.”
“We’re also seeing new technologies. Some that we’ve seen include wearable technologies with some form of biometrics to identify who you are and using a phone to access a controlled door,” continues Orr.
Traditional biometric technology
Traditional biometric choices include fingerprint, hand print, iris recognition, retina recognition and voice recognition.
The most frequently used biometric technology remains the fingerprint, observes Orr. Fingerprint readers are more affordable today, as are the software applications used to manage fingerprint systems.
Retina recognition, which requires shining a light to the back of the eye, is still considered too invasive. Iris recognition, which looks at the pattern of the iris, is gaining popularity.
“New biometric technologies are gaining traction, too,” says Orr. “Today, we are measuring heart rates, which are unique to individuals.”
Security levels of authentication
Biometrics is most useful as an additional level of authentication — determining that you are who you say you are. “We authenticate a person’s identity on three levels,” Orr says. “The first level is based on what you have — an access control card. Next there is what you know — a personal identification number or PIN. The third level is who you are, which is where biometrics come into play.”
“Three factor authentication including biometrics is used to control access to high security doors like a server room or data centre.”
Orr also cautions that two- and three-factor authentication can cause logjams if used improperly. “One government building in Washington, D.C., is the headquarters for a federal agency with 10,000 employees,” he says. “Most work at remote workplaces, but about 5,000 employees come into the building through turnstiles every day.”
Biometrics is most useful as an additional level of authentication — determining that you are who you say you are
“If it takes three seconds to authenticate each of those employees, it will take a long time to get people into the building every morning.”
“Such busy buildings are creating exclusionary zones within the building where extra levels of authentication are used. Exclusionary zones include data centres, computer rooms, laboratories and other rooms that house sensitive materials and data. All federal agencies have these kinds of requirements today.”
Credit card biometric systems
Another developing area for biometric security technology is commerce, continues Orr. In light of the widespread news about identity theft and the online theft of customer information from retailers, Orr believes that credit card companies will eventually require biometric authentication to use a credit card.
According to the Identity Theft Resource Center (ITRC), U.S. data breaches reached a record high of 783 in 2014, a 27.5 percent increase over 2013.
To stem the tide of fraud, credit card companies are already developing biometric solutions. MasterCard and Zwipe, a technology developer based in Norway, are working on two credit card biometric systems, one for fingerprints and another for heartbeats.
Affordability and convenience
“I think that the financial industry will develop a biometric-based combination of digital certificates and wearable devices that will help to manage commerce securely,” says Orr. “As those solutions come to market, they will make it affordable to adapt them for use in physical security in ways that eliminate inconveniences.”