Biometrics that are wireless, battery-operated and/or can utilise existing infrastructure will be most favoured in the ongoing adoption of biometric technology
Proving ROI, setting proper customer expectations and training is imperative to
the success of biometric implementation

End user customers increasingly expect their security systems to provide measurable benefits beyond protection of people, facilities and assets. The biometrics sector is undergoing a similar shift in mindset: The benefits of using biometrics to drive business operations and other corporate functions are becoming part of the return on investment (ROI) “equation.” 

Cost savings & efficiencies influence biometric adoption

Many customers now recognise that a biometric system saves money in the long run, says Arie Melamed Yekel, CMO, FST Biometrics. The company’s In Motion Identification (IMID) technology uses a combination of facial and body behaviour analytics. Yekel says the system can demonstrate cost savings in two ways. First, the system avoids the need to issue or replace cards and keys – potentially a very large expense that is simply not a factor with biometrics systems. Another cost saving is related to time: Both users and administrators continually save time by removing barriers to entry. The associated savings include, among others, the time spent waiting in line to enter a building, time looking for a key or card, time lost when a user can’t enter a building because they don’t have their key or card, and staff time required to issue a new key or card.

“Once the biometric system is in place, there are inherent savings of cost and time compared to standard card systems,” says Yekel. “Furthermore, quality biometric solutions such as IMID are far more secure than other identification systems.”

Every user of a card-based system needs a dedicated ID card, he says, and the cost of the cards, and of replacing lost/damaged cards, can become a great expense for organisations. For example, a system that supports 1,000 users can expect to spend $3,000 to $5,000 annually replacing lost cards.

Improving efficiency via automation and accurate identification

Automating manual processes is another cost saving. In many cases, we found that our customer decided to replace the human guard with IMID Access solution” says Yekel, “as the outcome of placing IMID Access will be even more accurate and more secure than using a human guard, and it saves them tens of thousands of dollars annually.”

An example is the Granite Club, Canada’s 10,000-member premier family, recreation and athletic club. The club wanted a solution that would ensure only Granite Club members, staff and authorised visitors would be able to access its athletic and children’s centres as well as the dining and meeting facilities. With a health and hygiene focus, the Granite Club also wanted a touch-free solution that would not require users to swipe a card, carry a fob or punch in a code. The Granite Club selected FST Biometrics because it is a non-invasive, secure access solution that does not impede the movements of members and staff, or detract from the Granite Club’s atmosphere. IMID Access is used in various access points throughout the Granite Club, allowing members and staff to freely access restricted areas of the facility. IMID was also deployed in the children’s centre, supplying a highly secure level of protection.

Many customers now recognise that a biometric system save money in the long run
Once a biometric system is in place, there are inherent savings of cost and time
compared to standard card systems

Lower costs of biometric technology make ROI much easier

Prior to the last 10 to 15 years, biometrics primarily existed only in the public sector, where government has both an obvious need and budget for advanced biometric security, says Larry Reed, CEO, ZKAccess, another biometrics company. “Fast-forward 10 to 15 years and the cost of biometric security has been reduced dramatically,” he adds, “and it’s within the budgets of even individual consumers.”

Indeed, the proliferation of fingerprint sensors retrofitted into today’s smart phones is all around us. Apart from smart phones, as with any product, the market adoption rate for biometrics is normally consistent with the ROI associated with that new product, says Reed. The most commonly acknowledged ROI for biometrics is when used for lowering payroll expenses, since payroll is often 10 percent or more of any company’s overall operating budget. Biometric time clocks are used to prevent “buddy punching” (hourly-wage employees fraudulently punching in for each other and getting paid for unearned work hours).

Another obvious ROI is avoiding fines from the U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA), says Reed. Among other things, OSHA safeguards employees from being injured from the accidental/unauthorised startup of dangerous mechanical equipment (i.e., trash compactors, cardboard balers, forklift trucks, etc.). Without first authenticating to a biometric reader, electricity remains cut off from the machine. “Where you can prove an ROI, you’ll find a customer willing to pay for biometrics,” says Reed.

Proving ROI to encourage biometrics adoption

Prior to any technology change/refresh, a customer must first be convinced the change will either result in increased revenues or reductions in operating expenses. Reed says ROI can be more easily proven if/when any of the following scenarios are acknowledged by the customer: 1) Buddy punching payroll losses; 2) OSHA fines for non-protected dangerous equipment; 3) Recent break-in or misuse of employee access ID badges; or 4) downtime (accidental lockouts) experienced when employees misplace ID badges and must be reprocessed to gain access to their workplace.

Fast-forward 10 to 15 years and the cost of biometric security has been reduced dramatically and it will be within the budgets of even individual consumers

“For biometrics veterans, we’re well aware of the inherent security flaws and unnecessary expense of managing a card-based access control system,” says Reed. However, without the customer feeling the “pain” of a security breach, financial loss or inconvenience acknowledged by the customer, it will be more difficult to convince that customer to invest in biometric technology.

“Once you’re proven an ROI, the next step is ensuring that time and labour (and total cost of ownership) for the biometric install is minimised,” says Reed. Biometrics that are wireless, battery-operated and/or can utilise existing infrastructure will be most favoured.

Lastly, setting proper customer expectations and training is imperative to the success of biometric implementation, says Reed. Without the cooperation and commitment of both the decision-maker and all of their employees to learn and properly operate the biometric solution, the project is doomed to fail, he notes. 

Download PDF version

Author profile

Larry Anderson Editor, SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SourceSecurity.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SourceSecurity.com's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

How can security manufacturers improve after-sale service?
How can security manufacturers improve after-sale service?

What happens after the sale is complete, after the contracts are all signed and sealed? That’s when an abundance of variables can kick in – variables that can mean the difference between a successful security system or a case of buyer’s remorse. The features and value of equipment involved in a security system are well known before the sale closes, as hopefully are the integrator’s and end-user’s expectations about after-sale service. But what is the reality of after-sale service, and how can manufacturer’s make it better? We asked this week’s Expert Panel Roundtable: How can security system manufacturers improve their after-sale service for integrators and end users?

Five best practices for protecting video surveillance systems against cyber threats
Five best practices for protecting video surveillance systems against cyber threats

There’s no denying that cyber-crime is one of the biggest threats facing any organisation with the devastating results they can cause painfully explicit. Highly publicised cases stretching from the US government to digital giant Facebook has made tackling cyber security a necessity for all major organisations. The consequences of breaches have just become more severe, with new GDPR rules meaning any security breach, and resultant data loss, could cost your organisation a fine of up to four per cent of global revenue or up to 20 million euros. Cyber-crime potentially affects every connected network device. In the biggest cyber-crime to date, hackers stole $1 billion from banks around the world, by gaining access to security systems. It’s more important than ever for organisations to be vigilant when it comes to their cyber security strategy. To help avoid becoming the next victim, I’ve put together a five-point cyber plan to protect your video surveillance system. 1. Elimination of default passwords A small change to a memorable, complex password could have huge consequences for your business It is estimated that over 73,000 security cameras are available to view online right now due to default passwords. ‘Password’ and ‘123456’ are among the top five most popular passwords with a staggering 9,000,000 login details matching this description. Guessable passwords create an unsecure security system which can result in an easy way for hackers to gain access to your organisation’s data, making you vulnerable to a breach. A small change to a memorable, complex password could have huge consequences for your business. Removing default passwords from products and software forces individuals to think of their own to keep their data safe. If a password system is not provided by your organisation we recommend that your password uses two or more types of characters (letters, numbers, symbols) and it is changed periodically. 2. Encrypted firmware Encrypting firmware is an important part of any organisations overall security system. Firmware can leave an open door, allowing hackers to access your data. All firmware should be encrypted to reduce the possibilities of it being downloaded from the manufacturers website and deconstructed. If the firmware posted is not encrypted, there is a risk of it being analysed by persons with malicious intent, vulnerabilities being detected, and attacks being made. With i-PRO cameras and recorders, all firmware is securely encrypted to mitigate analysis There have been cases where a device is attacked by firmware vulnerabilities even if there are no problems with the user's settings, rendering it inoperable, and DDoS attacks being made on other servers via the device. With i-PRO cameras and recorders, all firmware is securely encrypted to mitigate analysis. There is also a possibility of being attracted to spoofing sites by targeted attack email and firmware being updated with a version that includes a virus, so firmware must always be downloaded from the vendor's page. It may also be advantageous to combine this with an imbedded Linux operating system which removes all unused features of the device, it can help to reduce the chances of malicious entities searching for backdoor entities and inserting codes. 3. Removing vulnerabilities within the operating systems Vulnerability is the name given for a functional behaviour of a product or online service that violates an implicit or explicit security policy. Vulnerabilities can occur for a number of reasons for example, due to an omission in logic, coding errors or a process failure. Network attacks exploit vulnerabilities in software coding that maybe unknown to you and the equipment provider. The vulnerability can be exploited by hackers before the vendor becomes aware. You should seek to minimise these issues by looking for a secure operating system which is regularly updated. Panasonic has developed Secure Communications, a platform and package to protect against video tampering, altering, spoofing and snooping As a provider of security solutions, Panasonic is taking a number of steps to ensure its consumers remain safe and secure. We have developed Secure Communications, a platform and package to protect against video tampering, altering, spoofing and snooping. We have combined with a leading provider of highly reliable certificates and technology for detecting and analysing cyber-attacks with its own in-house embedded cryptography technology, to provide a highly secure and robust protection layer for its embedded surveillance products. 4. Avoiding remote login using Telnet or FTP Telnet and FTP are a very outdated source of software which as a result means they lack built-in security measures Telnet and FTP are a very outdated source of software which as a result means they lack built-in security measures. File transfer protocol or transfer through cloud-based services means the files and passwords are not encrypted and can therefore be easily intercepted by hackers. An encrypted software removes the risk of files being sent to the wrong person or forwarded on without your knowledge. Telnet predates FTP and as a result is even less secure. Hyper Transfer Protocol Secure is a protocol to make secure communications by HTTP, and it makes HTTP communications on secure connections provided by SSL/TLS protocols. The major benefits of using this system is that HTTPS and VPN encrypt the communications path, so data after communications is decrypted and recorded. If recorded data is leaked, it will be in a state where it can be viewed. With data encryption, however, it remains secure and can even be recoded to storage. Thus, even if the hard drive or SD card is stolen or data on the cloud is leaked, data cannot be viewed. 5. Use of digital certificates Private and public keys are generated at manufacture in the factory and certificates installed at the factoryDigital certificates are intended to safely store the public key and the owner information of the private key it is paired with. It provides assurance that the accredited data from a third party is true and that the data is not falsified. It is beneficial for all data to be encrypted with digital certificates. Digital certificates are far safer when issued by a third party rather than creating a self-signed version unless you are 100 percent sure of the receiver identity. From April 2016, some models of Panasonic series iPro cameras come with preinstalled certificates to reduce the risk of interception and the hassle of having to create one. With i-PRO cameras with Secure function, private and public keys are generated at manufacture in the factory and certificates installed at the factory. As there is no way to obtain the private key from the camera externally, there is no risk of the private key being leaked. Also, certificates are signed by a trusted third party, and the private key used for signing is managed strictly by the authority. In addition, encryption has been cleverly implemented to reduce the usual overhead on the IP stream from 20% to 2%.

GSX to address employees' right to store firearms in vehicles
GSX to address employees' right to store firearms in vehicles

One factor aggravating concerns about workplace violence in corporate America is the easy availability of firearms. In many states, citizens, including employees, have the right to carry firearms onto a company’s property even though firearms are prohibited in the workplace. In effect, an employee prone to violence may have a firearm as near as their vehicle in the company parking lot. Currently, 23 states in the U.S. have so-called “parking lot storage” laws, which enable employees to store firearms in their vehicle’s trunk or glove box despite any corporate ban on weaponry. The laws have evolved as an expression of the Second Amendment “Right to Bear Arms” in the last decade or so. There is some variance in the laws from state to state, but they generally allow a citizen to carry a gun to and from work and keep it stored out of sight in their vehicle. Global Security Expo (GSX) is the new branding for ASIS International’s annual conference and trade show Employee Second Amendment rights “The laws contend that employees should not have to give up their Second Amendment rights between home and the workplace and should be able to have a gun with them for protection from their front door at home to the front door of the workplace,” says Eddie Sorrells, Chief Operating Office/General Council of DSI Security Services. Sorrells will speak about the current state of the laws, how they came about, the nuances of state-to-state differences, and the possible impact on overall corporate security in a session titled “Employees Who Carry: Preventing Workplace Violence” at the upcoming GSX conference in Las Vegas, 23rd - 27th September. Global Security Expo (GSX) is the new branding for ASIS International’s annual conference and trade show, attended by more than 22,000 security professionals from 100-plus countries. Sorrells’ session will be Sept. 24 from 10:30 to 11:45 a.m. Restrictions on gun visibility Employees may think the “right to carry” extends to the workplace, but the right only extends to the parking lot. The company still has the right to ban guns inside the premises. However, it is unlawful in some states for companies to search vehicles in parking lots, and companies who do so are violating the law, says Sorrells. Among the various state laws, some exempt public education institutions and other public venues. Depending on how the laws are written, there may be other exemptions, too. In Florida, for example, the law exempts any organisations that have explosives on site. With weapons on a company's property, a high-risk termination could potentially become violent Most laws require weapons to be stored securely out of sight. However, in Alabama, for example, it is legal to store validly permitted guns in full view during hunting season, Sorrells says. A resident of Alabama himself, Sorrells has been in the contract security business for 27 years, working mostly in multi-state operations. He has worked for 500 or so corporate security organisations throughout the country and is a practicing attorney who has studied issues of workplace violence and active shooters. “There is a political element to these laws, which were created with the goal of protecting Second Amendment rights,” says Sorrells, who says he sees arguments on both sides of the issue. However, political opinions aside, “if you’re a business owner, you have to contend with dozens of weapons on a company’s property,” he adds. “That could be an issue if a high-risk termination could potentially become violent. You have to assume there is a weapon in that person’s vehicle.” Sorrells' session will dive into the case law and illuminate some of the legal issues and how courts have addressed them GSX education program After the session, Sorrells hopes attendees will take away a good working knowledge of the state of the laws, how to comply with the laws, and issues such as posting of signs. The session will dive into the case law and illuminate some of the legal issues and how courts have addressed them. The timely session is an example of the valuable information attendees can gain by attending GSX. Sorrells has been attending the yearly ASIS International Conference and Exhibits for more than 20 years, at least since the mid-1990s. As the pre-eminent security organisation around the world, ASIS International provides unrivalled educational and networking opportunities at the yearly conference, he says. “There is a vast amount of networking and educational offerings on a wide variety of topics, including technology, legal issues, risk management, workplace violence, consulting, and anything under the sun,” says Sorrells. The newly branded GSX education program is led by subject matter experts from ASIS International, InfraGard (a public-private partnership between U.S. businesses and the Federal Bureau of Investigation), and ISSA (Information Systems Security Association). Sessions will deliver valuable, actionable takeaways to help attendees shape their security strategies. There will also be an exhibition of 550-plus suppliers and manufacturers highlighting the latest security solutions.