Most of us are familiar by now with the popular methods of consumer biometrics, such as logging into our mobile devices with a fingerprint or face scan or activating Amazon Alexa or Google Home with our voice. Given the familiarity, ease of use, and prevalence of these consumer biometrics methods, it’s no surprise that enterprises rely on them for identification. However, enterprises are putting themselves at risk by using methods that are susceptible to fraud and hacking. That’s why enterprise biometrics are making headlines this year.
The rise in enterprise biometrics couldn’t be more relevant than in the healthcare industry, especially where biometrics are key to enabling and validating the true digital identity of clinicians and patients. Identity validation allows for high-trust, secure, and convenient access to patient information and the delivery of care in and out of the hospital. As a result, healthcare organizations are increasingly implementing methods of enterprise biometrics, such as a palm-vein scan or facial recognition, to ensure both security and convenience.
What are the key differences between consumer and enterprise biometrics?
When discussing the accuracy of a biometric, we should consider False Acceptance Rate (FAR) and False Rejection Rate (FRR). These two metrics combined help quantify how well a biometric system performs.
- FAR reflects how likely a biometric system is to accept the wrong biometric
- FRR is the rate at which the correct user’s biometric is rejected
Both have an impact on one another. A consumer-based biometric algorithm may choose to favor FRR to optimize usability, thereby sacrificing a bit of security by setting the algorithm for a higher FAR. In contrast, an enterprise biometric will tend to err more on the security side and sacrifice some user experience, instead.
This focuses on attacks from fraudsters, which range from the primitive to the extremely sophisticated, using a high-quality copy of your biometric.
One of the most basic types of attacks uses a person’s photo, which can easily be obtained from an individual’s social media presence, such as a LinkedIn page. Fraudsters will present the photo to a PC or phone and hope the system grants them access. To help curb these attacks, companies use hardware such as IR cameras that can easily detect that a printed piece of paper or phone with the user’s image is being presented.
However, companies need tighter security methods for persistent attackers.
At the enterprise level, software can be used to stop attacks with AI algorithms that are either passive or active:
- Active algorithms require the user to perform actions such as a blink, a smile, or a turn of the head
- Passive algorithms check for natural face motions such as blinking and micro-movements in the face
These systems are so advanced, that they can even detect imposters wearing lifelike masks.
In a future post, we’ll dive into additional differences between consumer and enterprise biometrics.