How to convince your customers that biometric authentication is safe to use

With traditional password authentication approaches being proven as risky security measures, many industries have beefed up security protocols to keep intruders out. Unfortunately, forcing complex passwords and two-factor authentication requirements has not been well-received by customers due to the time-consuming and tedious nature of gaining passage.

Introducing Biometric Authentication. While not new technology—biometric systems of identification and authentication using voice, fingerprint, or iris scan have been around since the 1980s—modern biometrics could be the silver bullet for creating a highly secure, yet convenient identity verification experience. Already some big names in banking, including Barclays and HSBC, have introduced biometric services like voice recognition and fingerprint scanning to strengthen their security strategies.

Yet, despite biometrics’ obvious potential and impressive possibilities, consumers aren’t spilling over with excitement. In fact, recent research shows the public is rather ambivalent about adopting biometrics, with a significant number of people lacking trust in it.

Companies already know this. According to a recent IDG Research survey of financial services and insurance industry executives, nearly half (42%) see getting customers on board with biometric authentication as being a significant challenge for their organizations.

The real issue is consumers’ lack of understanding of how biometrics work, and even a few misconceptions. While people are fed up with passwords and want an easier, more convenient solution to protect their information, the human tendency is to stick with the familiar—despite its disadvantages—when the alternative is unknown and feels risky.

The good news is there’s hope for improving customers’ perception of biometrics. Businesses can overcome the hurdle by addressing their customers’ concerns and being ready with the right information. Here are six common questions we hear from consumers.

1. How secure is my information using biometric identification?

Answer: Biometric template is encrypted at the firmware level and not just via software and it is nearly impossible to duplicate this information from one device to another. Also, the biometric information that is stored is unique for each application on the device. For extra security, companies can add multi-factor authentication. For example, customers can be asked to authenticate with fingerprint and face or voice or face and voice. Let’s not mention security question since we are trying to get away from passwords and security questions for authentication.

2. Can the company see my biometric information?

Answer: No. Today, biometrics are stored on a user’s personal device, not on a company’s server or in the cloud. Secondly, the actual fingerprint or face or voice is not stored on the device. The biometric engine generates a unique numerical code that is unique to each face, fingerprint.

3. How accurate is the technology?

Answer: In the early days of biometric technology, voice identification systems were unreliable if there was too much background noise or customers’ voices were affected by illness, such as a sore throat. If sweat or oil were present on a person’s skin, finger scans were problematic. Today, state-of-the-art technology offers a higher level of accuracy for recognizing voice and fingerprints on the first try. For example, Apple’s popular Siri voice assistant boasts a five percent word error rate. The False acceptance Rate for some of the facial and voice authentication systems are 0.0020% and False rejection rate is 0.50%.. Siri’s 5% seems too high

4. Is it easy to use?

Answer: In response to rising cybercrime, many industries have begun forcing their customers to create longer, more complex passwords, often requiring a variety of letters, symbol, and numbers be used. For mobile device users, using a highly secure, yet simple and fast to provide thumb, voice or facial scan for authentication seems infinitely easier than entering a 8-digit password; even more so for customers with arthritis, dexterity or sight issues.

5. Can my biometric data be stolen?

Answer: When the initial fingerprint, face or voice data is captured to become the authentication setting, it is translated into a proprietary code. If your mobile device were stolen or lost, this biometric data could not be deciphered, let alone used.

6. Could someone spoof the system using a photo of me?

Answer: Cybercriminals are continuously changing their tactics and improving their methods. Unfortunately, social media sites provide hackers with a wealth of information, including photos, they readily use to hack into personal accounts. This summer security and computer vision specialists from the University of North Carolina demonstrated at a security conference how they were able to create a digital 3-D facial model based on publicly available photos and successfully spoof four of the five systems they tried. The key to protection is to leverage multi-factor authentication so that a hacker cannot simply spoof a singular biometric. It becomes exponentially more difficult to hack two distinct biometrics from the same person. Additionally, trust in a certified vendor who continuously monitors technologies and cyber-attack tactics, using new information to adjust and strengthen their solutions. As hackers become more advanced in their techniques, so must enterprises in how they protect themselves.

Shankar Saibabu
Shankar Saibabu

Shankar Saibabu is the lead Solutions Architect and FIDO Standard Specialist for the Financial Services Team at Samsung SDS America. Shankar has various experiences in regulated industries when it comes to software solutions and services, including the healthcare industry.