Double Click
Security Scanning
Looking to protect your business?
Biometrics enhances security through identification.
FROM:
SEP-OCT 2006 ISSUE | BY
ROBERT GAGNON
The need to properly identify the people with whom you're doing business has become increasingly important for the protection of corporate data, the compliance with privacy regulations, and the safeguarding of virtual transactions.
Identity theft has proliferated, costing financial institutions and corporations worldwide millions of dollars every year. According to Phonebusters, a national
anti-fraud call centre jointly operated by the Ontario Provincial Police and the Royal Canadian Mounted Police, there were more than 10,000 victims of identity theft in Canada in 2005 with total losses exceeding
$8 billion.
In an effort to protect their information assets, businesses and government agencies are turning to biometrics to control access to their websites, networks, and offices. Biometrics, according to the International Biometrics Society, refers to the "emerging field of technology devoted to identification of individuals using biological traits, such as those based on retinal or iris scanning, fingerprints, or face recognition."
A Smart Card Alliance Identity Council white paper entitled
The Top 10 Hot Identity Topics stated: "What is special about biometrics is that it is currently the only technology that can indisputably bind a person to an authentication or verification event."
Technology research firm Frost and Sullivan predicts the market for biometrics devices will grow to
165 million units in 2009 from
9 million sold in 2005, an
1,800 per cent growth in five years. Being able to identify and control who has access to business networks and facilities is clearly a priority for organizations around the world.
Before Biometrics
Before biometrics, identification and access authorization methods fell into two main categories: tokens, which included driver's licences, credit and debit cards, and smart cards, as well as passwords. Tokens and passwords, however, can easily be forged, stolen, or used by someone else, which is why applications and sites requiring a higher degree of security have turned to biometrics.
According to the Biometrics Consortium, "biometrics links the event to a particular individual (a password or token may be used by someone other than the authorized user), is convenient (nothing to carry or remember), accurate (it provides positive identification), can provide an audit trail and is becoming socially acceptable and cost effective."
User Concerns
Any new technology must meet certain business goals to be successfully implemented. Most importantly, users must feel comfortable using biometrics. Some of the concerns to date have included:
-
Ease of use:
Biometrics must be fast and easy to use; procedures requiring
30 seconds to confirm authentication in
high-traffic areas are inappropriate.
-
Hygiene:
Any device that hundreds of people touch may create health concerns. Some of the products on the market have addressed this issue by using
anti-microbial silver, which kills close to
100 per cent of bacteria on contact.
-
Invasiveness:
Devices that shoot a light into a user's eyes may encounter resistance and should be limited to very high security areas.
-
Privacy:
Cataloguing the characteristics of someone's body may not be an acceptable use of private information and access to this data must be highly restricted. Smart cards with biometrics features present an alternative to storing data on a network.
It is important that officers responsible for security within an organization effectively communicate the rationale for implementing biometrics as part of a security strategy. Listening to feedback is critical to avoid implementation problems. A comprehensive communication plan can help to facilitate buy in from the beginning.
Biometrics by Type
The main biometrics identification methods are fingerprint scanning, hand geometry scanning, facial recognition, iris or retinal scanning, voice recognition, signature recognition, and vascular scanning. The table below provides additional information on each method.
Trends
As technology evolves and prices drop, many organizations are considering adding biometrics to their security strategy. According to Terry Wheeler, president of biometrics device manufacturer Identica Corp., "while the industry's main customer remains the U.S. government, we are making inroads in other market verticals such as education, healthcare, and law enforcement."
Biometrics have been used to restrict access to university research facilities, drug cabinets and operating rooms in hospitals, police evidence rooms, and databases housing personal information, for example.
Ten years ago, fingerprint readers were the main (and often only) devices being used. As processing speed and power becomes readily available and cost effective, fingerprint readers are improving and other more reliable types of readers and scanners are being adopted in the marketplace. "The latest type on the market is the vascular scan," says Wheeler, "and it is showing a great deal of promise in overcoming some of the issues seen in the others."
[
TOP ]
Robert Gagnon, CGA, is vice-president and general manager, eastern Canada, for the Frisco Bay Industries division of Stanley Security Solutions Canada, in Montreal. He has served on Canada Customs and Revenue Agency's technical advisory group on electronic commerce.
"Double Click" is co-ordinated by
John W. Yu, M.Sc., CDP, FCGA. Yu has been in the IT industry since 1970 in a broad range of roles in technology and in management. He is
vice-president, Information Technology, at
CGA-Canada.