Earlier this year, one of the world’s largest banks, The Hong Kong Shanghai Banking Corp. (HSBC), announced the largest rollout of biometric security technology in the U.K. with a voice and fingerprint authentication system that will encompass some 15 million customers. The HSBC biometric security technology will give its customers access to fingerprint authentication using readers built into iPhones loaded with HSBC banking apps, and the bank also will utilize Nuance Communications voice recognition technology, which uses 100 distinct identification factors to identify a speaker.
Biometrics involves using the unique aspects of human beings – fingerprints, retinas, voice patterns and facial features – as identifiers for security systems developed to authenticate identity. Of course, the idea is not new. The police have been using fingerprints in investigations for more than 100 years, but consumer-level biometric verification systems have not made great strides until recently. Our increasing use of the internet, smart phones and other devices to make purchases, manage financial transactions and access our personal data has required all of us to use and protect a variety of passwords – passwords that cyber crooks increasingly are able to hack. Financial companies have been at the forefront of the development of biometric systems and have been seeking customer opinions and exploring biometric authentication as a viable replacement for trouble-plagued password authentication.
Will Biometrics Take off Here?
In the United States, response has been mixed. Some industry pundits argue that biometrics are inherently public and no more secure than passwords – they note that fingerprints can be “lifted” and that high resolution photos can be taken of people without their permission. In the public sector, law enforcement has embraced biometrics with Homeland Security and the U.S. Customs and Border Patrol working together to collect iris scans and foreigners’ fingerprints to add to the FBI’s national database.
Issues involving privacy and consent have yet to be settled. Currently in 48 states, it is legal for people or organizations to use software to identify you using images taken in public without your consent. In Texas and Illinois, such images may not be used for commercial purposes. The use of biometrics remains largely unregulated, and Washington has not clarified the question of consent or determined how to regulate the industry.
Last year, an effort to develop a voluntary code of conduct for facial recognition technology, which was spearheaded by the National Telecommunications and Information Administration, failed to achieve any consensus. The industry remains self-regulating, and some private sector industry leaders regard the whole topic as a can of worms.
Finally, some experts note that hackers are already finding ways to spoof biometric identification, and that biometrics may be no more secure than passwords and PINs. Others wonder if the tradeoff – privacy for convenience – might turn out to be too high a price to pay.