Biometrics

The potential of biometrics to solve a multitude of problems has never been greater. Biometric solutions have secured borders, facilities, and inventory; they have increased operational safety and efficiency and have enhanced customer satisfaction. Importantly, biometrics has done so in many cases without adding complexity for the end user.

Successful biometrics applications have generated a great deal of well-deserved attention – and yet, many biometrics applications continue to disappoint. All too frequently, biometric applications perform poorly in the real world application environment. Additionally, many biometric solutions have been ineffective, difficult to deploy, and simply too expensive to operate.

Some of the most sophisticated users of biometrics today were early adopters of biometric technologies. These are the folks who learned how to deploy a successful biometric solution from their early failures.

There are three basic questions to ask in the planning stages – long before deployment begins – that will help to ensure a successful deployment. The first question is simply, “Is biometrics the correct solution to my problem?”

Challenging assumptions

Many biometric applications have underperformed or failed in part because the biometric was not an appropriate solution. Given that biometrics is one of several ways to solve the same problem, application design must always begin with challenging the underlying objectives.

Where, when and why does one consider using a biometric rather than another form of strong authentication? There are many reasons why biometrics may be chosen. Primary among them is the need to positively identify the authorized user. Although other forms of identification may be considered secure, they do not provide the same level of non-repudiation as a biometric will.

Another consideration is ease-of-use. Most security solutions are, by their nature, designed to block rather than facilitate transactions. As such, many security technologies and solutions can quickly become overly complex, highly intrusive, very expensive and difficult to use.

Smart cards, tokens, encryption, one-time passwords, encryption and other forms of strong authentication are often burdensome to the end user and are difficult to administer and deploy, often requiring significant infrastructure investments and support systems. Further, because of the added complexity, these non-biometric strong authentication technologies actually increase enterprise risks.

On the other hand, biometrics is still the best method available of providing non-repudiated personal identification or authentication. When properly deployed, biometrics solutions offer a greater ability to enhance security without adding complexity for the end user.

A recent biometric deployment at multiple Chicago railroad yards demonstrates this point. The identity of truck drivers entering and leaving the yards needed to be securely verified each time. A solution based on cards, tokens or other forms of identity documents alone would make this process error-prone and time-consuming. The winning solution from Nascent included a multispectral fingerprint reader integrated into an automated gate system verification portal. Because this solution was properly designed, it was fast, secure and highly cost effective.

There were many possible solutions considered, but in the end a biometric was the only one that could reliably provide robust identity verification – while simultaneously reducing lines, tightening security, reducing errors, and automatically creating transaction records to provide the service provider a trusted audit trail.

Sometimes it is the case that an application is not driven by a pure security requirement but rather by a need to simply bind a person’s finger to a card, ticket or credential. Biometrics have been very successfully deployed in the entertainment industry where a person’s identity need not be known but where there is a requirement to ensure that the person using the ticket is the same individual who first placed it into service.

The bottom line is that it is very easy to make security solutions difficult but very difficult to make them simple and still be effective. The promise for biometrics from the very beginning has been in their ability to address this basic paradox. The goal after all is to raise the bar on security without adding complexity and while minimizing administration and support costs.

The business case for biometrics

Once the decision to deploy a biometric solution has been made, attention is turned to the second question, “How will I measure the success of my deployment?” This question becomes a second exercise in evaluating your project, this time attaching metrics to its outcomes. How will you know if you solved your problem? And how will you determine if the solution was cost-effective?

A typical return-on-investment (ROI) analysis often compares the cost of several biometric devices without regard for the total deployment and support costs. However, sensor cost is a shortsighted metric that has little relationship to the larger success of the application. Perhaps the new system breaks down often, or is hard to use, or isn’t scalable, or, in the worst case, didn’t even solve the original problem. While many of these scenarios are related to the choice of biometric technology, very few of them are accounted for in the cost of the sensor.

Broadening the ROI analysis

Thus, a complete ROI analysis must dig deep to evaluate all impacts of sensor choice on the organization’s finances. A sensor will increase costs if it generates frequent service calls or if it has a short operating life cycle. A sensor that is difficult to use adds training costs.

Perhaps the biggest impact on operation cost is an exception handling process, necessary when a significant number of users can’t use the system or when environmental conditions preclude sensor operation. This requirement is particularly likely in large-scale deployments where environmental factors and human factors place stringent demands on the technology. Not all fingers are created equal and not all sensor technologies are capable of capturing a usable image under a wide range of conditions.

For example, if an application’s fallout or rejection rate at enrollment is ten percent, one in every ten users will need to be granted some other form of authentication. This exception handling process not only increases total cost but often also introduces additional enterprise security risks. Someone desiring to gain unauthorized access need only ensure that they get bumped to the exception handling process. The strength of any solution is as strong as the weakest link.

A good ROI analysis will also include those required outcomes that may not have a direct financial impact. The success of the application may depend, wholly or in part, on outcomes such as improved customer satisfaction, met government mandates, or enhanced safety. Metrics can be applied to these outcomes and should be considered part of the ROI analysis.

Real world considerations

A complete ROI analysis must take into consideration the impact that real world conditions have on sensor performance and therefore on system costs. Every application is unique, and real world impacts will be different every time. Thus we come to the final question we must ask ourselves before deploying a biometric system: “Are the real world characteristics of my application taken into account?”

The success of a deployment depends on how well-suited a biometric sensor is to the particular challenges of the application. Is the user population small, homogenous and habituated, or will there be millions of unique users with a wide range of finger conditions? Is the application in a climate-controlled environment or is it outdoors? In the case of touch sensors, is the user population of a profession that impacts the quality of their skin, such as construction or nursing?

A successful theme park ticketing application had some very special real world characteristics that needed to be taken into consideration. First and foremost, the application was outdoors and would be subject to all weather conditions, including bright sunlight and rain. Secondly, the user population was large, highly diverse and, for the most part, had never seen a biometric sensor before. The impact of these conditions on the success of the application was considered very early in the system design process.

An evaluation study or pilot is the best way to make sure that your system design accounts for the real world conditions of your particular application. Many biometric sensors do not work well in many conditions. It is essential to discover your intended application’s impact on performance before the design is finalized and the system is deployed.

Successful biometric solutions

The mark of every successful biometric solution is a thorough planning process and the careful selection of technology and solution vendor. The great promise of biometrics can only be achieved if it can effectively serve all users, anyplace and anytime. If the technology is only able to work for some users some of the time, it becomes an expensive barrier to success. Successful applications are deployed when a biometric truly is the best solution to a problem, when an ROI analysis includes the impact of technology choices on all application costs, and when the effect of the real world on performance is fully understood.

Login box