Unlocking the End-user Perception -- Security Today

Unlocking the End-user Perception

By Heidi Hunter
Sep 05, 2024

An observation as a creator of identity verification solutions is that while industry leaders are often excited by the opportunity to leverage biometrics, there are often concerns raised about the end-user mindset during the conversation. Primarily, what are end-users’ expectations of biometric technology? What concerns might they have about its usage to authenticate and protect their access?

Security and identity management leaders have access to information that permits us to be discerning and technology-forward end-users. Understanding the perception of end-users who may be a bit more unfamiliar with the industry is key to unlocking the strategy and approach to the implementation of biometrics.

Targeting Insights
Aware recently conducted a study of U.S. participants with key questions targeting insights into their perceptions of biometrics. According to this survey, overall consumer receptiveness towards biometric authentication is high, with most respondents reporting they use it “often” or “always” in their daily lives. Furthermore, participants indicated they overwhelmingly believe that biometrics are set to become more prevalent in the next five years.

Biometric adoption by organizations presents an opportunity to enhance the end-user experience, increase security, and streamline operations. Still, three key concerns can create barriers to more widespread biometric technology adoption – the presence of bias in biometric technology, concerns over data breaches and adherence to privacy laws, and end-user abandonment when biometrics are deployed by organizations.

Here, we’ll discuss these questions at a deeper level, and we will also share, with insights from the study, how they can best be addressed by organizations looking to lead with biometric technology.

Bias in biometric technology can lead to unfair outcomes. The belief that facial biometrics are not accurate across races/ethnicities/genders and can lead to unfair treatment of minority groups.

Insights. There are various public organizations and private companies who have received scrutiny in the last decade for using a biometric facial technology that generated a percentage of false positives on people of color and different genders disproportionate to the Caucasian male demographic.

These circumstances often make national headlines and can create public distrust of biometric-based solutions. These solutions are deployed with positive intentions – automation, security, fraud prevention – but negative press and solutions with inconsistent demographic and gender performance drive organizational concern and distrust among end users.

Fortunately, there are many biometric authentication technologies that are far more accurate and able to overcome racial and gender bias, making biometrics good for business, and moreover, society. Today, NIST testing confirms the top biometric algorithms are over 99 percent accurate across a variety of demographics.

The result is facial biometric systems that are delivering “close to perfect” performance with miss rates averaging a mere 0.1 percent.  These types of biometrics are the most reliable and accurate forms of identity verification in the world when compared to traditional user verification.

It is also important to remember that facial recognition can be just as effective at providing exculpatory information as it does inculpatory information – meaning it can be used to clear innocent individuals as well as it can confirm a guilty party.

What needs to happen. While differences in algorithms’ performance have been studied in laboratory testing by public and private organizations globally, performance in real-world settings must be a focus for all biometric stakeholders. Overall, the industry needs to continue training algorithms on the most robust, diverse data samples across demographic groups and ensure test beds are incredibly diverse.

Furthermore, conducting these comprehensive, real-world evaluations provides a fuller picture of the effects (positive or negative) of biometric identification technologies on communities that have faced historical patterns of disadvantage.

In addition, the government needs to continue focusing on efforts to ensure civil rights are protected when it comes to biometrics. For example, in March 2024, the Office of Management and Budget (OMB) issued a memorandum on governance and risk management for federal AI use. As one example of how this manifested, the Transportation Security Administration mandated that airlines nationwide had to offer alternative forms of verification to biometrics, without requiring people to sacrifice their place in line.

Breaches of Biometric Data are a Significant Threat
Biometric data collection is perceived to pose serious data security and privacy threats, with the survey highlighting worries about data breaches and misuse of personal data topping the list of concerns about biometric authentication.

Insights. By far, consumers prefer that a biometric system stores data locally on their device. In many cases, this is already happening, and there are other ways to circumvent the challenges associated with storing biometric templates, including stateless APIs. With stateless APIs, data persists only as long as is needed to do the transaction, and then it’s immediately discarded after that.

Other examples of how biometric data can be protected include the “cancellable biometric” – where a distorted biometric image derived from the original is used for authentication. For example, instead of enrolling with your true finger (or other biometric), the fingerprint is intentionally distorted in a repeatable manner and this new print is used.

If, for some reason, your old fingerprint is "stolen," an essentially "new" fingerprint can be issued by simply changing the parameters of the distortion process. Finally, one of the most groundbreaking new techniques involves breaking biometric templates down into anonymized bits. This approach to breaking biometric templates up and storing data throughout a network in the form of anonymized bits makes it virtually impossible for a hacker to access complete biometric templates.

What needs to happen. There needs to be continued advances in protecting data so that even in the unlikely event that a hacker can access biometric data, it would be useless.

And, of course, best practices need to continue being followed, such as never storing biometric data alongside personally identifiable information (PII), so that even if data was accessed, it would be useless.

Moreover, according to the study, significantly more consumers report feeling uninformed versus informed about how their biometric data is being stored and used. Organizations offering biometric authentication therefore have an excellent opportunity to better inform consumers, building consumer confidence and acceptance even further.

Reluctance to Provide Biometrics Will Lead to Abandonment
There is a conviction that biometrics will lead to end users abandoning an enrollment or process, particularly when there’s a lack of alternative options to biometrics offered.

Insights. The study showed that proper implementation of biometrics – including transparent policies and appropriate opt-outs, for instance – contribute to organizational trust. Furthermore, most end-users indicated they are already sharing biometric data for ease of use in many areas of their lives today. Offering support for multi-modal biometric options also helps, giving consumers the option to authenticate via the modality they are most comfortable with (fingerprint, face, voice).

What needs to happen: Above all else, organizations offering biometric authentication need to promote transparency. The public must be provided with sufficient information to understand how and when they are interacting with biometric identification technologies; if not, this can lead to heightened suspicion and a lack of public trust.

Information should always be posted in an easily understandable format on organizations’ websites, and clear notice should be provided in all places where biometric data is being collected. Alternative methods of authentication should always be offered; furthermore, the availability of multi-modal biometric options provides much appreciated flexibility.

Organizations have a tremendous opportunity to capitalize on the benefits of offering biometric authentication, as it is the only form of identity verification that effectively balances and delivers superior security combined with an exceptional end-user experience when compared to traditional authentication methods.

The organizations that correctly leverage biometric products will be those that deploy only the top algorithms to prevent bias; use innovative techniques to secure biometric data; and are fully transparent about when and how biometrics are being used. By providing multiple biometric authentication options and always offering an alternative, non-biometrics-based means of authenticating, organizations can stay compliant and win end-user trust.

This article originally appeared in the September / October 2024 issue of Security Today.

Securitas Technology Launches Sustainability Initiative
09/19/2024
Allied Universal Security Professional Frederick Tucker Honored for Life-Saving Actions During Library Shooting
09/16/2024
PureTech Expands Integrated Solutions with Axis Communications
09/13/2024
ISC East Announce Keynote Speakers and Education Track for 2024 Conference
09/12/2024
ASSA ABLOY Acquires Level Lock
09/12/2024
Genetec Expands Security Center SaaS With Launch of Operations Center
09/11/2024
Research: 12 Percent of CISOs Faced Budget Reductions in 2024
09/10/2024
Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution
09/05/2024

Featured

It Always Rains in Florida

Over the years, and many trips to various cities, I have experienced some of the craziest memorable things. One thing I always count on when going to Orlando is a massive rainstorm after the tradeshow has concluded the first day. Count on it, it is going to rain Monday evening. Expect that it will be a gully washer. Read Now
- Industry Events
Live from GSX 2024 Preview

It’s hard to believe, but GSX 2024 is almost here. This year’s show runs from Monday, September 23 to Wednesday, September 25 at the Orange County Convention Center in Orlando, Fla. The Campus Security Today and Security Today staff will be on hand to provide live updates about the security industry’s latest innovations, trends, and products. Whether you’re attending the show or keeping tabs on it from afar, we’ve got you covered. Make sure to follow the Live from GSX page for photos, videos, interviews, product demonstrations, announcements, commentary, and more from the heart of the show floor! Read Now
- Industry Events
Elevate Your Business

In today’s dynamic business environment, companies specializing in physical security are constantly evolving to remain competitive. One strategic shift these businesses can make to give them the advantage is a full or partial transition to a recurring revenue model, popularly called a subscription service. This approach will bring numerous benefits that not only enhance business stability but also improve customer relationships and drive innovation. Recurring monthly revenue (RMR) or recurring annual revenue (RAR) are two recurring cadence choices that work simply and effectively. Read Now
- Dealers and Integrators
Playing a Crucial Role

Physical security technology plays a crucial role in detecting and preventing insider cybersecurity threats. While it might seem like a stretch to connect physical security with cyber threats, the two are closely intertwined. Here’s how physical security technology can be leveraged to address both external and internal threats. Read Now
- Dealers and Integrators

Webinars

Napco Access Pro, Eagle Eye Networks Inc, Occupational Health & Safety, Security Today

The Security and Safety Summit
Salient Systems, Hanwha Vision (formerly Hanwha Techwin), Omnilert, Eagle Eye Networks Inc, HID Global, i-PRO Americas Inc., Arcules, Napco Access Pro

Before And After The School Bell Rings: K-12 Life Safety is 24-7-365
Hanwha Vision (formerly Hanwha Techwin), Eagle Eye Networks Inc, Salient Systems, Alcetel-Lucent Enterprise, IPVideo Corporation

Smart Buildings: Focus on Networking and Video Surveillance

Whitepapers

American Funding Solutions

Securing Cash Flow: How Invoice Factoring Helps Security Companies Grow
Arcules

Physical security shift happens
HID Global

Securing K-12 Schools From the Inside Out

New Products

EasyGate SPT SPD

Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3
QCS7230 System-on-Chip (SoC)

The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3
A8V MIND

Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3