Physical characteristics (biometrics) have become increasingly popular as a method of authentication. They are static, highly resistant to alteration, non-transferable and cannot be misplaced or forgotten. According to a Spiceworks report, a professional IT network, up to 90% of organisations will be implementing biometrics by 2020. This is a reaction to the 1,579 high publicity data breaches that occurred in 2017 and exposed over 179 million personal records.
While physical biometrics have certainly been instrumental in providing a high level of authentication, it is unsurprising that they have seen a range of hacking attacks and regulatory issues.
What are Physical Biometrics?
Physical biometrics have increasingly become an integral part of many individual’s daily routines; as an alternative to password protection on smartphones, tablets and computers. It is essentially a technology that recognises an individual based upon their physical characteristics. The most common characteristics include: fingerprints, face recognition, hand geometry, voice recognition, palm vein recognition, retina scans, iris recognition, and signature verification.
There are a number of reasons that businesses have implemented physical biometric authentication, namely: to eliminate fraud and credential reuse, to increase revenue and transactional volume, to accelerate transactional speeds, to reduce password resets and IT costs, to enhance user privacy and security and to improve customer experience.
Examples of Physical Biometrics
Fingerprints: Through ultrasound and thermal sensors, fingerprints can be digitally stored. Fingerprints contain 30-40 minutiae points, and no two people have more than 8 points in common; making it one of the most accurate means of identifying an individual.
Facial recognition: Using statistical patterns, facial recognition measures different points on an individual’s face to map them to pre-existing templates and verify their identity.
Iris recognition: These systems use sensors to identify the iris and map various segments into vectors. The data is then converted into a unique code and is then compared to other stored codes for authentication.
Limitations of Physical Biometrics
While physical biometrics are certainly a useful tool for verification, they correspond with several limitations.
- Susceptibility to Cloning
Biometrics are only as strong as the built-in biometrics in the device, and as a result no biometric has proven to be immune to cloning. This most frequently corresponds to mobile devices, none of which have withstood attacks from researchers or hackers, who have deployed user-coercion methods to defeat biometric authentication. For example, hackers have found solutions to combat Apple’s TouchID, and Samsung S8 iris recognition system.
- Difficult to change
Despite the apparent strength of physical biometrics immutability, there is a chance that the biometric templates may need to be changed. For example, if fingerprints get worn through incessant use and/or injury, or voices change with age and illness. In most devices, making these changes is considerably more complex and costly than simply changing a password.
- Biometrics hacks may have greater consequences
Since a biometric is a record of an individual’s identity, if stolen, it can be used to falsify documents, passports, or criminal records. If someone has a photo of an individual’s iris, they cannot get another eye; likewise, with a fingerprint.
Insurance biometrics are providing new opportunities and challenges to experienced hackers. It is therefore imperative that insurers are apprised of these developments when looking to insure against the risks associated with biometrics.
While these risks are evident, it is not all bad news. Biometrics implemented as a tool for insurers bring a great opportunity. While they are not always entirely secure, biometric authentication certainly offers greater protection than traditional passwords, and it should come as no surprise that we will see the technology increasingly deployed in our day- to-day lives.
Some insurers are even utilising certain forms of biometrics to help quantify insurance packages in a way that is entirely unique to each customer. These are most commonly known as behavioural biometrics, which enable the measurement and analysis of patterns in human activities. Insurers have already deployed this technology in cars to monitor individual’s driving patterns, and price the insurance based upon the safety of their driving.
Whether deploying physical biometrics as authentication, or utilising it to quantify insurance pricing, it is important that businesses fully understand the risks and opportunities associated. As the coverages afforded by cyber policies become increasingly responsive to the latest cyber threats, it is important that cyber insurance forms an integral part of the overall risk management strategies that businesses adopt. Biometrics are no doubt a risk area in which the insurance industry will soon need to respond.
If you would like to discuss please get in contact at Cyber@Safeonline.com