What We Learned at the Goode Intelligence Biometric Summit

Acuant attended the Goode Intelligence Biometric Summit in NYC last week, where industry experts and providers met to discuss the state of identity, challenges and trends in biometrics. Our own Steve Maloney, EVP of Business Development and Strategy spoke on a panel hosted by International Biometrics + Identity Association (IBIA) Executive Director Tovah LaDier to address how biometrics are being leveraged to support digital onboarding while complying with Know Your Customer (KYC and eKYC)  and Anti Money Laundering (AML) regulations.  Here is a recap of what we learned.

Biometrics is hot right now

Biometrics continues to be one of the hottest tech areas with increasing investment activity bringing more providers to a growing market. Financial services, payments, transportation and governments continue to be at the vanguard of adoption, but other vertical sectors are increasingly turning to biometrics to support a range of use cases including healthcare. The majority of uses of biometric authentication are performed on-site, but mobile device usage is a fast growing area as well.

The line between convenient and creepy is based on the use case

The topic of the keynote speech by Alan Goode of (CEO & Chief Analyst at Goode Intelligence), was Biometrics, Creepy or Convenient? This is an important question that directly affects user adoption and government regulation- it is also an ethical and trust debate.

Alan walked though several examples of biometric use cases that exist today, or did exist, to survey the crowd’s reaction as to whether this was in fact convenient or creepy. Examples included your smartphone recording where you parked your car without you instructing it to do so, airport kiosks in China scanning and identifying your face to then display your flight details in a public area, retail stores using behavioral biometrics to determine unusual consumer behavior from a camera to catch and prevent shoplifting, and using cameras for facial recognition to catch jay walkers in order to message and fine them. Reactions were mixed and likely a bit biased to convenient given the audience.

Results from a larger survey shared included:

• Gas station plays ads at the pump based on your age/gender/ethnicity that a camera determines – 44% found creepy
• Weaponized automated drones using facial recognition to identify targets – 70% found creepy
• Banks detecting your behavior to see how you interact with and use your keyboard to prevent fraud – 30% found creepy

All acknowledged that there are grey areas to consider which include cultural and regional differences, regulations such as GDPR, and consumer opinion – not to mention the ethical and moral questions.

Biometrics will transform digital identity authentication

It was agreed traditional passwords alone are dying a slow and painful death. They simply do not provide enough security in today’s digital world and for our increasingly digital identities. The group was also in agreement that consumers are lazy, therefore convenience is key.

Key market drivers were identified as:

• The increasing number of services that require logins with different devices
• The demand for protection of digital identity
• The demand to replace current solutions requiring pin codes
• Smart cards being close to commercial launch – especially in EU & Asia with the US following closely and likely to follow contactless biometric payment cards

In an age where it is all about the IoT, there was also a focus on the evolution of UI (device & biometrics)- the latest being conversation or voice (Hi Alexa). We talk to tv’s, cars and now Nike even has voice enabled shoes. There was a notion that in fact, the best UX is no UX, the idea being removing it will reduce friction and not rely on consumers who will inevitably get it wrong. However, there was general consensus that usability outweighed friction and that some friction is inevitable.

There was also debate about what the standard guidelines are to be followed, but here in the United States NIST was the front runner and recent advances by FIDO applauded. And while all agreed that the least amount of friction always wins, frictionless may be the wrong mindset. While solutions must be useable, they must also be secure in order to fight the criminals who are sophisticated. Not the check a box and meet compliance solutions, but really deterring the high-powered criminals we need to thwart. The majority (90%) of security solutions today are fine to catch the low-end criminals, but not the dangerous ones. Essentially, solutions needed to catch the fraudsters must make the attacks more trouble than they are worth and at Acuant, we believe it’s about creating multiple signals to defeat bad actors.

Conclusions

No matter your moral opinion on the matter, the masses have spoken. Biometrics are being widely adopted and are here to stay. They have a proven convenience factor that will continue to push the borders on privacy and creepiness. Here is where we will expect to see more legislation. The majority agreed this will be largely centered on the use case and the level of risk or security needed in each, for example, we are much more likely to be okay with our biometrics being recorded for travel when terrorist threats abound, rather than in a store while shopping to spot unusual behavior.

What’s more, we cannot and are not in a position to rely on one method of authentication. As we at Acuant believe – identity is the new currency, and as such it must be defended. When it comes to biometrics this includes Presentation Attacks, also known as “spoofing,” to defeat biometric systems which expose the vulnerability of AI only recognition systems. All  biometrics are vulnerable, and institutions must recognize that solutions have flaws. All agreed that we need to put more factors together for better solutions including security and privacy (protecting PII/data), versatility, ease of use and maintenance (continuous updates).

Acuant starts with establishing the trust anchor of an authenticated ID, then allows for layering on additional methods of verification based on your use case. Learn more about choosing a solution that is right for you by reading our white paper: