Biometric authentication is gaining trust—but is it foolproof?

We now live in an age where consumers mail DNA swabs to learn more about their ethnicity, and where device makers continue to advance security functions that involve biometric data. It’s time to consider the relationship between technological advances and sensitivity about data security.

Deloitte’s 2018 global mobile consumer survey: US edition shows that after years of gradual growth, biometric authentication has attained critical mass.

Use of biometric authentication has grown among US consumers, particularly for people who use their smartphones for financial transactions.

Consumers are becoming increasingly aware of data breaches, unauthorized data sharing, and personal data theft. They understand the risk and want to have more ownership and control over their data.¹ To protect their digital identity, US consumers are increasingly relying on biometric authentication. In this context, biometric authentication is any automated method of verifying the identity of device users based on physiological characteristics, such as fingerprints and voice/facial recognition.

According to Deloitte’s 2018 global mobile consumer survey, nearly half (48 percent) of US smartphone owners use at least one biometric authentication method for unlocking, authorizing, or validating applications or processes.² Penetration is even higher among consumers who use their smartphones for financial activities such as online banking transactions (63 percent) or transferring money (67 percent).

Given their widespread adoption and utility, smartphones contain an array of personal information such as banking details, purchase history, and even health care data.³ Hence, many device manufacturers are embedding robust biometric authentication functions that also enhance consumer data protection. This has bolstered development of specialized microchips and increased the number of patents filed in this space.⁴

However, new security threats are brewing. As the use of biometrics grows, so, too, does the nefariousness of hackers aiming to violate these safeguards. For example, researchers at two leading US universities have discovered it is possible to create copies of fingerprints that could potentially unlock almost a third of existing smartphone models.⁵ Similarly, a set of experiments done by a UK-based studio demonstrated how easy it is to hack facial recognition systems using 3D-printed heads.⁶ Some experts also believe that biometric authentication could infringe consumer privacy, leading to a new way of selling personal data that correlates with buying behavior.⁷

These examples show that given enough time, investment, and resources, any biometric data can potentially be copied. Multi-factor authentication could be one way to minimize such threats and make the system foolproof. Although these innovations are aimed at providing greater convenience and efficiency, it could be wise to combine biometric authentication with other authentication techniques, such as PIN-based methods. In this case, authentication would involve using the principle of “something you know” (the PIN), “something you have” (the device), and “something you are” (biometrics).⁸

Companies also should be cognizant of the privacy aspect of biometric data. Given current sensitivities about hacking and data security, the risks associated with a breach related to facial biometric data, for example, could not only undermine consumer confidence in these technologies, but also be catastrophic for the company. As such, companies pursuing biometric authentication should develop a robust, fully transparent privacy policy to build and maintain consumer trust.

This charticle authored by Shashank Srivastava on April 3, 2019.

Subscribe to receive the latest charticle releases

Endnotes

¹ “2018 global mobile consumer survey, US edition,” Deloitte, November 2018.
² Ibid.
³ Erok Sofge, What Personal Data Stays on a Phone?, Consumer Reports, March 23, 2016.
⁴ Ian Campbell, “The Biometrics Arms Race and the Future of In-surface Fingerprint Sensors,” Biometric Update, August 27, 2018.
⁵ Chloe Taylor, “Researchers Develop Artificial Fingerprints, Claiming They Could Hack into a Third of Smartphones,” CNBC, December 31, 2018.
⁶ Mario L. Major, “A Look at How Easily 3D-Printed Heads Can Hack Facial Recognition,” Interesting Engineering, December 18, 2018.
⁷ Arielle Pardes Gear, “Facial Recognition Tech Is Ready for Its Post-phone Future,” Wired, September 10, 2018.
⁸ Darril Gibson, “Understanding the Three Factors of Authentication,” Pearson, June 6, 2011.