Has your business considered biometric security?

An immutable, convenient solution or a personal privacy risk— biometric security attracts polarizing opinion.
15 August 2019

A biometric security fingerprint scanner. Source: Shutterstock

Biometric security is often hailed an immutable solution in an age under the constant shadow of cybersecurity risks. 

A combination of technology and the verification of unique, physical human characteristics— iris, fingerprint, face— makes biometrics as close to airtight as we can currently get. But that strength also puts the technology in the center of the data privacy debate. 

In short, biometric security is a polarizing matter. 

The benefits are clear in enhanced physical security and cybersecurity and convenience. This is evident in the biometric security market set to become worth US$32 billion by 2023, according to Norton, representing a CAGR of 18 percent. 

On the other hand, well-publicized data breaches do nothing to dispell concerns about submitting the physical traits that define your visual identity to the confines of a data bank. 

Yesterday, it emerged that Biostar 2— a provider of centralized, biometric locking systems for access to warehouses and offices, had made the biometric information of over 1 million people publicly available. Biostar 2’s customers includes the UK Metropolitan police, defense contractors and banks.

The convenience of biometrics

Unlike passwords or access cards, biometric information cannot be lost— it’s inherently part of and unique to the individual. 

For users, this can offer massive benefits for convenience. According to Veridium’s Biometric Consumer Sentiment survey, this reason was behind some 70 percent of workers wanting to expand the use of biometrics within their workplace. 

In fact, speed (35 percent) and not having to remember passwords (33 percent) came in front of security (31 percent) when it came to the appeal of biometric security among respondents. 

For businesses, on the other hand, biometric security across the organization could eliminate fraud, and boost accountability overall— it can provide clear audit trails, without the same loopholes as CCTV or pin system, and can help to highlight absenteeism or scheduling trends. 

Meanwhile, access across the business could be linked and unified. The same fingerprint that gives an employee access to their computer could allow them to take a drink from the vending machine, or access a meeting room at a pre-booked slot.

Perhaps most significantly, biometric security can help combat a growing cyberthreat. With two out of five employees reusing work passwords across platforms, and just 16 percent updating their passwords once a year, IT heads are in agreement that the days of password security are numbered.

Here biometric security can form part of a multi-factor authentication (MFA) process, acting as an additional security layer to a traditional password, or could be used to replace passwords altogether. 

The downsides to biometrics

While businesses may find a majority of their employees are open to the idea of biometric security in a ‘walled garden’ scenario, those deploying the technology to users outside of their own environment are likely to face bigger resistance. 

In May this year, the UK HM Revenue and Customs (HMRC) was forced to delete voice records of five million taxpayers, as it failed to gain explicit consent from individuals before signing them up to its voice ID systems. 

The Information Commissioner’s Office (ICO) said it has been a “significant” breach in data laws, while privacy campaigners accused HMRC of creating “biometric ID cards by the back door”. 

United Airlines, meanwhile, announced a recent partnership with security vendor Clear, giving its customers the option to pass through security more quickly using biometric clearance. 

On the news, ProPrivacy’s Sean McGrath told TechHQ: “It’s a shame that the only way to shave a few minutes off our travel times is to hand over our biometrics; one of the most significant and valuable forms of personal data that exist.”

Alluding to the mass of security breaches reported by the press, McGrath added: “In the wrong hands, this data could be used to devastating effect; and both private companies and the government have proven time and time again that they can’t be trusted to keep data secure.

“[…] when it comes to using biometrics purely for convenience, we’d recommend that travelers spend an extra few minutes in the line and maintain some sovereignty over their personal data.”

Of course, this is only in regards to biometric data voluntarily submitted. There are increasingly ‘alarming’ reports of facial recognition being deployed by authorities and the private sector as a surveillance tool for the unknowing public. 

Following public pressure, the city of San Francisco made the decision to ban facial recognition software by police and other agencies. UK police have recently deployed facial recognition vans in busy, public areas “to identify people who exist on pre-determined watch lists.”

A business case for biometrics?

Any business deploying biometric security will most likely be swimming against varying currents of resistance, centered on concerns about the security of their staff’s most personal information. 

However, if we have learned anything when it comes to data privacy in recent years, it’s that convenience tends to trump privacy. If biometric solutions make actions quicker and more seamless, rest assured they will find favor in the right environments. 

Especially without permission, consumers may not be ready for mass deployment of biometric security solutions just yet. But deployment within the confines of an organization may be a good place to start experimenting with its potential benefits.