by Steve Thies, CEO
Recently, a non-scientific representative from the Electronic Privacy Information Center — a public interest research group in Washington, D.C. concerned with constitutional issues of privacy — was quoted as saying that moving from password protection to biometrics is trading off one privacy issue for another, as there is no guarantee that a digitized fingerprint can’t be snatched by a hacker.
Although privacy concerns are indeed valid and require vigilance, simply writing off the future of biometrics as an identity management tool is extraordinarily short-sighted and somewhat misinformed insofar as inferring that digital fingerprints are easy to steal and utilize for nefarious purposes.
With enough effort, you can imitate someone else using pretty much any type of standard identity management system. In our society, one of the most common types of identity theft is credit card hacking. In 2014 alone, major retailers like Staples (1.16 million), Home Depot (56 million), Target (40 million), Neiman Marcus (350,000), and Michaels (2.6 million) saw their systems compromised. Restaurants (PF Changs, Dairy Queen, Jimmy John’s) were also victims, and even nonprofits like Goodwill Industries saw hackers steal their donors’ identifies, with a data breach in 330 of its stores compromising an estimated 868,000 debit and credit cards.
For every hacker idea, there is an effective countermeasure that can be developed. One of these is the use of biometrics, such as fingerprint scanning, which is harder to imitate than say a credit card or a driver’s license.
Are fingerprint biometrics hack-proof? Well, you can cut someone else’s finger off, but that’s not a very practical way of biometric hacking. What if someone is forensically trained, could they lift a fingerprint and make a copy? It’s a pretty sophisticated process, but it is possible.
Let’s assume someone does this; now they have to enroll and match your fingerprint for applications that use that finger. Not all applications require just one finger; many are now requiring two or four fingers, or a unique combination of this particular single finger and that particular single finger.
Again, every hacker idea that bubbles up can be addressed with an effective countermeasure.
Major successful international companies like Apple and Google are investing millions of dollars into fingerprint biometrics for their mobile devices like iPhones and smartphones. Not only are they pumping tons of R&D into developing stronger biometric identity management applications for their consumer devices, but they are employing an end-to-end approach which includes a good deal of focus on securing network and data center solutions managing the identities captured on mobile devices.
This fact alone should point toward the overwhelming benefits of using fingerprint biometrics in identity management systems, especially mobile devices.
As has been the case throughout our nation’s innovation history, sometimes the biggest challenge in introducing something new is getting the naysayers, uninformed, and traditionalists to listen to the facts with an open mind. It is clear that the smart phone industry is creating converts by the millions, and the time is now here where it is not a question of “should we use biometrics” but more of “when do we start using biometrics”?