Biometric security comes of age
More than 1 billion mobile devices will include fingerprint readers this year, opening up countless new ways for organisations to beef up their customer service and security.
Biometric security is by no means a new technology, but it is a relatively recent phenomenon in mobile computing, where fingerprint readers are increasingly common. This year, the technology promises to become more widely used than ever before.
Deloitte Global predicts not only that the active base of devices equipped with fingerprint readers will top 1 billion for the first time in early 2017, but also that each active sensor will be used an average of 30 times a day, for a total of more than 10 trillion aggregate fingerprint readings globally over the year. By year’s end, at least 80
1 percent of users with an equipped smartphone will use their fingerprint readers regularly, compared with just 69 percent of users in mid-2016. About 40 percent of the installed base of smartphones in developed countries will incorporate this sensor.
Three years ago, these readers were included only in premium models; by the end of this decade, Deloitte Global expects fingerprint readers to become as ubiquitous in smartphones as front-facing cameras and to be a common part of other devices as well, ranging from laptop computers to remote control devices.
Rapid and Discreet Authentication
The success of the smartphone fingerprint reader is due to its ability to provide a quick and discreet means of authentication. It is a challenge for most people to remember multiple strong passwords, and by 2020, the average user may have 200 online accounts that demand authentication. It is particularly difficult to enter complex passwords on smartphones.
In contrast, it typically takes just 15 to 30 seconds per fingerprint to set up this biometric as a means of security. The corresponding data is normally stored on the device in a secure enclave and not uploaded to the cloud. Authentication occurs when the fingerprint submitted to the reader matches the image stored on the device, which takes only a second.
In 2017, most fingerprint readers will be used to unlock phones and tablets, typically dozens of times a day. This usage level represents a marked increase since late 2013, when the first commercially successful fingerprint-reader-equipped phone launched. At that time, few people were comfortable with the technology.
Early models of fingerprint readers were relatively susceptible to “spoofing” (fooling the reader with a fake fingerprint), but even on a two-year-old phone, capturing a fingerprint that can be used to spoof a reader may require an unrealistic degree of cooperation from the intended victim. Today, the very latest fingerprint readers are based on ultrasonic technology. They take a detailed image of the fingerprint and are reputed to be hard to spoof.
In addition, while traditional readers with capacitive sensors can be inhibited by water on the surface of the finger, ultrasonic fingerprint readers work with wet or dry hands.
The Biometric Trailblazer
In 2017, billions of smartphones and tablets are expected to be capable of processing and collecting multiple types of biometric inputs for purposes including facial, voice, and iris recognition, but fingerprint usage is likely to lead the way. Alternative methods of biometric authentication will account for less than 5 percent of the market by the end of this year, compared with 40 percent for fingerprint readers.
Voice recognition can be a challenge to use in noisy areas. It can also be considered distracting or antisocial, and voices are easily recorded by would-be criminals. Facial recognition, meanwhile, often requires lighting conditions similar to those in which the reference images were taken; glasses, hats, and scarves further reduce its effectiveness. Iris recognition using the phone’s standard camera may require precise position- ing and specific light conditions; it’s also sensitive to reflections and can be affected by glasses or contact lenses. Another challenge with facial and iris recognition is the ease of spoofing: Both may be fooled by a photograph of the face or eye.
Mainstream adoption of smartphone biometrics will act as a catalyst for the deployment of biometric sensors in other environments, Deloitte Global expects. For example, finger vein and palm vein scanners could be integrated into automated teller machines (ATMs) as an alternative to PIN entry, or be incorporated into the authorisation process for high-value B2B transfers. Schools could use a vein scanner to authenticate and register access to and exit from school buildings. Countries may also consider using biometrics in national identity schemes.
Meanwhile, there are numerous organisations that could benefit from considering how best to exploit the growing base of fingerprint readers and the large number of individuals accustomed to using them on their phones. Potential examples include: Financial institutions. Fortythree percent of adult smartphone users in developed markets use their phones to check their bank accounts.
5 Banks could explore the use of biometric identifiers in fraud detection, account access, and payments authorisation. Retailers. In online commerce, the fingerprint reader could be used to provide a one-tap checkout, though this would require the consumer to download an app as well as input information such as credit card data. In-store payment apps could use near-field communication (NFC) technology to enable users to authenticate payments by putting a finger on a sensor and holding their phone near the NFC reader, thereby eliminating the need to enter a PIN. Enterprise users. Biometrics could be used as an alternative to passwords for access to email, intranet, and other such services. Timesheets could be accessed and authenticated via a tap. Biometrics could also be used to control building entry, eliminating the need for physical passes. Unlike passes, biometrics cannot be swapped or misplaced. Nobody ever forgets their fingerprints at home. Media companies. Providers of music, premium news, television, or other content held behind a paywall could control illicit sharing of user IDs and passwords by requiring users to authenticate themselves using fingerprints. Governments. Biometrics could be used to control access to services such as tax payments and even e-voting.
Beyond just fingerprint readers, the smartphone’s presence in all aspects of daily life lends itself well to combined use with other data unique to us, such as typing patterns and location information. Blended usage of various biometric inputs, known as multifactor authentication, would provide even more robust authentication and is likely to become increasingly popular. For more information, please visit www.deloitte.com/mt/gmcs