Kabir Sangha, UK & Ireland Sales Manager – Biometrics at CDVI, explains how the company plans to protect its customers sensitive data in the future.

By 2022, more than 80% of smartphones had biometric security features enabled on them.  

This technology is all around us and will only become more common.

Since 2019, the global biometric authentication and identification market is forecasted to grow at 14.6% annually.

By 2027, that will mean this sector is worth almost US $100 billion globally.   

However, studies are showing that customers’ trust in companies who store biometric data is declining rapidly.  

In the space of just two years, the proportion of people who are confident that their biometric data is secure has plummeted from 28% to just 5%.

Technology manufacturers now face an uphill struggle to bring consumers back on-side.   

Biometrics in access control  

Within the realm of physical access control, biometric technology has become a much more common feature of manufacturers’ catalogues over the past 20 years.  

In the beginning, biometric security was only seen in glamorous Hollywood blockbuster spy films.

Today, however, you’re more likely to find a fingerprint reader at your office building or leisure centre.  

From fingerprints to facial recognition, iris patterns and voice analysis, biometrics has gone from futuristic pseudo-magical technology to an accessible piece of equipment for a wide range of buildings.   

With so much advancement in the components and technologies available, why has trust in biometric data security dropped so dramatically? And what can the access control industry do to recover it?  

Where has the trust gone?  

The convenience of biometric authentication has never been doubted.  

The vast majority of smartphone owners now use fingerprint or facial recognition to unlock their mobile phone. Iproov data found that 70% of consumers use or want to use facial recognition to access mobile banking apps.  

Mainly, they cited the speed and convenience of biometrics as the primary reasons for this.

Therefore, we can infer that the willingness to use biometric technology is not what is lacking.  

The problem is arising and the trust eroding, when consumers consider what happens to their biometric information behind the scenes.  

As our lives have become more and more digitised, the general level of awareness of data security has increased.

High-profile data breaches like the 2015 Ashley Madison hacking incident have been widely reported in mainstream media.  

Then, the introduction of GDPR regulations in 2016 catapulted data privacy into the forefront of everyone’s mind.

People are much more wary of handing out their data, particularly sensitive data. And what could be more sensitive than biometric information?  

Communicating the security benefits of biometrics   

As an industry, it’s up to us to effectively communicate the inherent benefits of biometric security to our customer base.  

However, first, we must develop and bring to market products that make robust data security the number one priority.

If we don’t practise what we preach, then sceptical customers will remain sceptical.  

Then, the only way to rebuild trust will be to clearly and repeatedly demonstrate the security of the system.  

Biometric access control offers security advantages above and beyond traditional access control systems.

If customers don’t trust that their biometric data is safe with our products, then they are likely to opt for a traditional tried-and-tested access control method.  

While there have been significant improvements in the security and encryption of systems using swipe cards, key fobs and PIN codes, they are not infallible.

Traditional systems carry risks which biometric systems either eliminate or hugely reduce.  

A swipe card or key fob can be lost, stolen, or, in unencrypted systems, cloned.

A PIN code or password can be forgotten or disclosed.

Meanwhile, biometric data is part of you. You don’t need to remember to bring something, you don’t need to memorise anything and it is extremely difficult to steal or clone biometric credentials.  

In any case, a good biometric access control solution comes with built-in protections against attempts to spoof the system.  

Mitigating risks with biometric solutions  

A common counter from unsure users is that a swipe card, once stolen, can be erased from the system and replaced.

The same is not true of your fingerprint. Many people are understandably worried that once that data is gone, it’s compromised in perpetuity.  

And ultimately, they’re right.

That’s why it’s essential to nip it in the bud by ensuring that our products prevent data breaches to the greatest possible extent.

Then, it’s on us to demonstrate and explain to users how the technology is carefully mitigating risk.  

In highly secure biometric solutions, such as the ievo ultimate fingerprint reader, the captured image of the fingerprint is not stored anywhere.  

It’s processed through a proprietary algorithm and converted into a digital template. That template is securely stored on a PCB installed out of sight on the secure side of the door.  

So even if an intruder stole the fingerprint reader head, they would have no access to any data at all.

And even in the highly unlikely case that the storage PCB was stolen, the digital templates cannot be backwards engineered to reproduce the original image.  

This data storage is highly secure and fully compliant with GDPR regulations. We, as the manufacturer, cannot access user data in any way.  

We’ve considered every risk and taken every precaution to make data as inaccessible as possible for potential intruders.   

For organisations seeking to upgrade their physical security, biometric access control is an easy win. A swipe card could be stolen and used by an unauthorised person to access a restricted area.  

With facial recognition cameras or iris pattern scanners, it is vastly more likely that only the authorised people can gain entry.

Security officers can be comfortable and confident in their systems, with card sharing simply impossible and credential cloning extremely unlikely.  

Consumers want to use biometrics. They love the convenience and ease of use that it offers.  

For administrators and security officers, biometric also means lower long-term operational costs; physical credentials have to be constantly replaced and replenished.

But everyone needs to be satisfied that the convenience and cost savings are combined with robust security.   

Winning back trust  

With biometric technology rapidly becoming part of our everyday lives, consumers are learning quickly.  

And as a result, they’re rightly worrying about what companies are doing with their biometric data. As responsible manufacturers of high security solutions, it’s our job to keep consumer data safe.  

If we’re going to win back trust, we need to be ready to meet and overcome the valid concerns that users have.

We must be ready in two ways: first by developing products that come as close as possible to eliminating the risk of data breach and secondly by communicating about those products clearly and concisely.  

We can’t do it by patronising or minimising users’ concerns about data security. The risk is real and with biometrics, the consequences if it goes wrong are serious.  

We must meet consumers in the middle to rebuild confidence in our technology and trust in us.  

This article was originally published in the July Edition of Security Journal UK. To read your FREE digital edition, click here.