Identity Theft & BiometricsVeridium Author | April 5, 2016
One of the major hurdles for businesses when it comes to investing in and deploying biometrics solutions is misinformation. There are a wide variety of myths surrounding biometric authentication systems that have to be properly “busted” in order to clear up this innovated security infrastructure and ensure that a strong foundation of understanding exists.
By doing so, companies can eliminate misunderstandings and create clear, actionable strategies for rolling out biometric security for physical and/or digital access.
Does Biometrics Enable Identity Theft?
One of the main concerns that business and consumer users have regarding biometrics is that they believe the use of biometrics will allow hackers to easily steal their identities. This is a particularly pervasive myth that can be difficult to understand because it is potentially true, depending on how an organization implements biometrics and the backend solution they use.
These factors will affect how a hacker gains access to the system and what information they are able to gain access too. Implementing the right biometric authentication infrastructure will ensure that even if an attacker gets inside the system, they won’t be able to steal any personal information, like a biometric template. However, this requires the use of key technology strategies, like massive distributed data models.
There are other factors that will influence the decision making in this area as well, in particular how an enterprise wants to approach security, what the privacy concerns per user are, and what types of biometrics will be used for access.
How Do You Define Identity?
However, perhaps the most important thing to consider in the comparison of biometric theft to identity theft is “how do you define identity?”
How an organization, and the user, defines identity is a critical piece of the puzzle on protecting user privacy. Should hackers acquire your biometric template, what does that actually allow them to do? They can create a spoof of that particular biometric, but that only allows them to reuse that biometric in places that you’ve already enrolled it. This in itself is a major limiting factor. Furthermore, without access to a significant amount of further information, this capacity is actually rather limited to only the account the hackers acquired the biometric template from in the first place.
According to researchers at Ben Gurion University, there are four different categories of identity theft: Financial, Criminal, Business/Commercial, and Identity Cloning. The one that people should be the most concerned about – identity cloning – is the least feasible using a stolen biometric template, as this information alone provides little, if any, access to your day-to-day life and interactions.
Biometric Theft is Costly
Spoofing a biometric can be a costly process as well, depending on which biometric modality is being copied. Once you approach more “secure” biometrics, the cost of spoofing skyrockets. Voice patterns may be able to be spoofed simply by recording you speaking the proper phrase or word. Facial recognition could potentially be fooled by a high-quality or 3D printout of your face. But even the technology required to capture these modalities in the first place is expensive. Once you move to fingerprint or iris recognition, the costs are amplified significantly.
For example, two researchers recently showed that you can spoof a fingerprint using an inkjet printer and conductive ink in 15 minutes. However, even this process costs $500, and a significant portion of that cost is the conductive ink used, which would need to be repurchased for every print copied. Furthermore, this approach only copied the prints at 300dpi, which is significantly lower image quality than many enterprise-grade fingerprint scanners require for authentication.
To take security a step further with iris recognition, current technology is incapable of recreating iris textures and patterns for spoofing.
Template Accuracy Plays a Major Role
Another critical piece of spoofing that could outright foil hackers from using a stolen template to steal the user’s identity is the original quality of the template. Simply put, if the template isn’t of high enough quality in the first place, the hackers will never be able to recreate a useable model from it to use for authentication.
The Future of Biometrics and Privacy
While privacy will always be a concern for users with any security solution, the evolution, and improvement, of biometrics authentication will continue to put users’ minds at ease and provide answers to the major fears and worries when it comes to protecting biometric templates.
According to Seyoum Zegiorgis, an expert in information security, biometrics can play an important role in preventing unauthorized access to sensitive information and systems when implemented properly. While the concerns over user privacy are very real, the right tools and solutions can minimize or completely eliminate risk for the user and ensure the business deploying biometrics can take full advantage of a security solution that truly verifies who is accessing its systems.