As experts in device security, this month we wanted to explore the buzzword everyone’s been talking about – Biometric Security.
So let’s start with the basics – biometric authentication.
Biometric authentication is a type of security that uses physical or biological features in order to verify an individual trying to access a device. The most common example of this is touch ID on your smart phone – this operates by measuring your fingerprint and if it matches the fingerprint of the approved user, access is granted. Fingerprint scanners are currently the most commonly utilised biometric authentication technology. Other common forms of biometric authentication can be:
- Facial recognition. This type of authentication is similar to fingerprint scanners in that it is also popularly used in smart phones and relies on a necessary number of matched measurements in order to grant access.
- Voice identification. Vocal characteristics can also be measured in order to grant access to devices. The technology measures the formation of precise sound qualities, meaning that any attempt to imitate a voice in order to hack a device will likely not work. Despite this, there are still some security concerns with this method as there is nothing to stop an individual using a standardised voice that can be imitated, or a hacker using a recording of an authorised voice.
- Eye scanners. Eye biometrics can include iris recognition or retina scanners. Iris scanners measure the unique colours around the pupil, whilst retina scanners require the individual to look into a bright light to match the blood vessel pattern created. Unfortunately, contact lenses or glasses can often cause inaccuracies with this method.
Biometric Security in practise
The last few years have seen a particular development in biometric security within the banking and finance industry. Whilst contactless payments have undoubtedly fore-fronted the recent advances within payment technology, it is undeniable that security concerns are still rife. For example, the possibility of stolen or lost credit cards poses the threat of card fraud, whilst intercepted transactions could potentially allow a hacker to gain access to cardholder information.
It is perhaps primarily due to these common security concerns surrounding contactless payments that fingerprint biometric cards have recently begun to rise in popularity. With banking giants such as NatWest trialling its first fingerprint card in 2019, biometric payment methods are set to make a surge in the financial industry, transforming their services and security.
Today, there are approximately 21 banks worldwide that are trialling contactless biometric payment cards. These cards look the same as any other bank card, but have a small biometric fingerprint scanner built in, this essentially means that when the user goes to make a card transaction, the fingerprint gets scanned rather than the user entering a pin. If the fingerprint is recognised as a match, then the payment is authorised. Ultimately, the fingerprint scanner is replacing the PIN and signature authentication typically used with credit cards; this provides greater security, whilst also maintaining the convenience associated with contactless transactions.
Benefits of Biometric Security
The adoption of biometric authentication within the finance industry appears to be natural progression, ending spending caps and the need to remember physical PIN codes. In addition to biometric cards, there are various biometric security practises that offer a great deal of promise for the future of cyber-security in any industry, as it ultimately provides an extremely secure way to grant access to a device or protect sensitive documents.
However, as with all security measures, nothing is ever completely failsafe and as cyber-experts, we want to explore what these risks might be…
Risks of Biometric Security
It has been occasionally reported that scanners for biometric data are not always accurate, resulting in the possibility that a legitimate user could fail the authentication and get locked out of the device or refused at the point of sale.
There is also the fear surrounding fingerprint cloning after hackers in the X-Lab security research team demonstrated they were able to beat any fingerprint scanner using equipment costing £108 and an app that analysed a photograph of your fingerprint – More on this story can be found here. The additional concern with this is that if your biometric data did get compromised, there is no option to reset, unlike a hacked password.
Privacy advocates have expressed concerns that biometric security would create an opportunity to collect personal data without consent and even allow identity theft if databases of personal information became compromised.
The answer: Two-Factor Authentication
The answer of course, is a two-factor or multi-factor authentication strategy. The powerful combination of passwords and physical features for verification creates a layered level of protection to secure your devices and make them less vulnerable to data breaches. We would recommend Microsoft’s Multi-Factor Authenticator to secure any app and protect your identities.
The implementation of widespread biometric security across all industries has the potential to combine high-level security with user convenience. Using the banking sector as an example, it is the ideal opportunity to avoid spending limits and fears of card fraud whilst preserving the accessibility and hygiene of contactless transactions. This is significant and much-needed progress for the digital transformation of the finance sector, and as experts in cyber-security, we can’t wait for the future of contactless.
Ultimately, biometric technology offers an undeniably secure solution to cyber-security, as relying on static passwords is a risky and outdated strategy. Despite highlighting certain risks, biometric security increases your protection as it is much harder to steal your physical characteristics than it is a password or access card. Combining this with another form of authentication creates a robust layer of security for any device. Executive Vice President at Mastercard, Bob Reany, stated, “Feeling confident that your information is protected is paramount. Biometrics are more secure, more trusted and better suited to a world that requires more frequent authentication.”