Use of biometric technologies such as fingerprint- and iris-recognition has got the thumbs-up from UK consumers in a survey of attitudes towards biometrics as a means of fighting ID fraud and their perceptions about issues such as data privacy and the technology’s reliability.
The research of 1,000 households has shown that two out of three consumers believe their banks should be using biometric technology to combat identity theft ahead of security tokens or smart cards.
The survey demonstrated a surprisingly high level of support for biometrics, said Ed Schaffner, director at Unisys Corp, the vendor behind the independent survey. Consumers are only going to use technology they are comfortable with and understand, he said. People do remain skeptical, in the main because they don’t understand the amount of security that is put around these schemes to maintain data privacy.
The company has worked on MyKad, Malaysia’s state-of-the-art ID card, and Hanis (the home affairs national identification system), a fingerprint database in South Africa and various other ID card schemes that have been rolled out in Belgium, Spain, and Malaysia. But Schaffner accepts that the success of a biometrics deployment will depend on the geography and the application, not to mention the technology choice.
In the UK, supermarket customers at three Co-op stores in the Oxford area are currently piloting a system that lets them pay for their shopping using a fingerprint. The Pay and Touch scheme from the eponymous San Francisco-based vendor, lets shoppers have a finger scan linked to their bank details with payment switched directly from personal to retailer accounts.
Such fingerprint biometrics systems are not popular in Australia, however, but Schaffner said the region is happy to deploy a biometrics system based on face recognition to undertake immigration and customs checks. The SmartGate program takes a live image of person’s face and using facial recognition algorithms will match the image with a digitized image stored in the traveler’s ePassport.
Other techniques such as iris recognition is considered to be very accurate once the system gets a good enrolment from an individual, but this can be difficult as the algorithm needs most all of the iris to be visible. During 2006 in the US a nationwide Registered Traveler program will be conducted across several interested airports to expedite security screening using a combination of iris recognition and fingerprinting. It is intended that either biometric could be used for positive identity verification at the airport.
As to the prevailing concerns over privacy of biometric data, Schaffner said various best-practice approaches will store the data on some kind of smart card which the customer is always in possession of. We usually do recommend use of a smart card or a secure token.
But despite token security being presented as an online authentication standard by vendor and industry bodies alike, some 92% of respondents to the Unisys study were unfamiliar with the term and unaware of its use as a security measure.