Biometrics Help Find Your True Identity

|

When you signed up at that new Web site last week, did you useone of your passwords with six characters, or is that a site thatrequires at least eight? Was it the one where you must combineletters and numbers, or was it just a numeric password?

|

I bet you're as frustrated as I am with passwords. And all ofthis is intended to verify our identity. Who are we kidding?

|

I just received an advertisement in the mail that heralds a newelectronic pad that allows you to sign your name with a stylus andtransmit your signature. They say that the pen has finallyevolved.

|

This is a perfect example of taking a (legacy) practice that weare all comfortable with and upgrading it ad nauseam, rather thancoming up with something that works better. Passport photos foridentification fall into that camp as well. Your identity isauthenticated by showing a likeness of yourself on a piece ofpaper–one that hardly looks like you anymore, to boot.

|

Or, how about the sales clerk who holds onto your credit card(rather than just scan and return it) so he can match yoursignature to the one on the back of the card. Oh sure. For somereason, we have not been able to get beyond the scribbles andimages.

|

Single sign-on portals that give you access to aggregatedservices or portals that remember all of your passwords have comeinto vogue recently. Although useful, some people are squeamishabout putting all their eggs in one basket, so to speak. Besides,these are not real solutions at all, but merely a work-around toperpetuate passwords like we do scribbles and images.

|

There are ways to confirm your identity that might be lessarduous than keeping track of all those passwords–and I dont meanon “Post-it” notes encircling your monitor. We're not quite there,but some things are on the horizon.

|

Humans have a gold mine of distinctive traits that can be usedto identify them. Behavioral traits are one way to go, althoughvoice, handwriting and other such characteristics can change due toage and other circumstances. However, physical characteristics likefingerprints, along with facial, retina and iris features are morereliable over time. An iris's color, texture and patterns, forexample, are unique, coming together to create their own version offingerprints.

|

Biometrics–the technologies that seek to identify people bytheir unique characteristics–can verify someone's identity withinone or two seconds (and you rarely forget your fingerprints, asthey're always there at your fingertips). Identification alsorequires your physical presence, unlike passwords that can behanded out to friends or stolen.

|

Biometrics also can save companies time by lessening the amountof password administration they must do for new employees andworkers who forget their secret codes.

|

However, while certain characteristics might be unique, thetechnologies that leverage them dont always prove to be 100 percentaccurate. In addition to voice and handwriting traits changing overtime, many users have a difficult time learning how to use some ofthese technologies.

|

Still, biometrics is a burgeoning industry, with $524 million inrevenues in 2001, according to the International Biometric Group, aNew York-based research and consulting firm. Of that, nearly $100million was spent on finger-scan technology, while less than $20million was spent on voice, signature and iris scanningtechnologies.

|

Two-thirds of total spending is for law enforcement and otherpublic-sector identification efforts. IBG projects 2003 revenues of$1.049 billion. It gained much attention after last year'sterrorist attacks, when some airports began experimenting withbiometrics technology that matched the faces of passengers againsta database of known terrorists.

|

In the financial services industry, facial and fingerprintrecognition technology is being used at some ATMs, giving customersa way to get rid of the password's cousin–the PIN number. Facialscans also are used at check-cashing kiosks. A Seattle supermarketlets customers pay for groceries by scanning their fingerprint andentering an ID code.

|

Health insurers and providers might find more value inbiometrics. Under the Health Insurance Portability Act, they andothers are required to protect the privacy of medical records. Byusing, say, fingerprint scans at computer terminals in hospitals,it might be easier and faster for nurses and doctors to accesspatient information. If those health professionals are moving amonghospitals, biometrics also could prove more convenient thanremembering multiple passwords.

|

Americans like their privacy, which could explain why biometricsis not more widespread in the United States. It took Sept. 11 tojumpstart its use at airports, and now there's talk about scanningthe fingerprints of some non-citizens when they enter U.S. borders.Signed in October 2001, the Patriot Act requires the development oftechnology standards to confirm identity for U.S. visaapplicants.

|

Meanwhile, other countries are using the technology to identifycitizens eligible for public benefits. For instance, South Africauses fingerprint scans to identify about three million recipientsof state pensions. Similar scans are used in the Philippines fordistributing social security benefits. In addition, the Dutch arescanning irises and faces of immigrants to cut down on passportfraud. And the United Kingdom Passport Service is considering theissuance of biometric identification cards encoded with iris scansor fingerprints by 2006.

|

There are downsides to biometrics, in addition to the costs.Some technologies simply cannot correctly identify certain people.A system might be unable to identify a particular user, which fallsunder something called the “failure to enroll” rate.

|

An interesting part of biometrics is “liveness,” which ensuresthat the person being authenticated is really present. While one ofthe benefits of biometrics is the fact that you actually must besomewhere to have your face or fingerprints scanned, some users areconcerned that computers could not tell the difference between thereal thing and a “replay” of a previous iris scan, forinstance.

|

Vendors are preventing this problem by building in ways fortheir systems to verify that there's a live human being on theother end. They look for the natural movements in the eyes, forexample, during scanning.

|

All these developing technologies involve standards. With a newstandard governing the use of biometric information approved in2001, the technology is moving quickly and the standard is alreadybeing revised. What else is new?

|

The Accredited Standards Committee (ASC) X9, the nationalstandards-setting body for the financial services industry, issued“X9.84 Biometric Information Management and Security.” ASC bringstogether bankers, securities professionals, manufacturers,regulators, associations, consultants and others in the financialservices industry to address technical problems.

|

X9 defines the requirements for managing and securing biometricinformation used in the identification of customers and theverification of employees. X9 also outlines techniques formaintaining the integrity and privacy of the information.

|

ACORD works with OASIS (the Organization for the Advancement ofStructured Information Systems), which recently formed the XMLCommon Biometric Format (XCBF) Technical Committee to provide anXML standard for biometrics. Its job is to define a set of XML forthe Common Biometric Exchange File Format (CBEFF).

|

Draft versions of XCBF will be submitted through next May, withthe final versions of all deliverables due in November 2003. It canbe used with cellular phones, smart cards and other technologies,providing a way for them to interact with Web-basedinformation.

|

E-signature laws are intentionally vague to allow a signature tobe defined in new ways. The insurance industry will benefitdirectly in terms of policyholder services as well as improved riskmanagement and fewer fraud claims.

|

The standards for biometrics mean that we're getting closer tothe day when we can let go of the scribbles, images and passwordsthat give us our (false) sense of security today, and use thosesticky pads for something more than decorating our monitors.

|

Gregory A. Maciag is president and chief executive officerof ACORD, the non-profit insurance standards association based inPearl River, N.Y., with offices in Belgium and the UnitedKingdom.


Reproduced from National Underwriter Property &Casualty/Risk & Benefits Management Edition, September 16,2002. Copyright 2002 by The National Underwriter Company in theserial publication. All rights reserved.Copyright in this articleas an independent work may be held by the author.


 

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

  • All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
  • Educational webcasts, resources from industry leaders, and informative newsletters.
  • Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.