Authentication

Like It or Not, Your Face is Your ID


Cybercrime and data protection are on everyone’s mind. From the consumer perspective, more people are choosing to do business with security-conscious companies. Across industries, advanced security solutions are becoming a must-have, increasingly in the form of multifactor authentication (MFA) solutions that go beyond usernames and passwords.

Biometric identification and authentication solutions are taking center stage in this revolution. Already part of our daily lives, the biometric system market is predicted to increase from 10.74 billion (USD) in 2015 to 32.73 billion by 2022.

One up-and-coming biometric option is face recognition. By 2020, it’s projected to generate an estimated $9.6 billion in revenue or roughly one-third of that total pie.

Here are a few examples of how face recognition technology is being used in trend-setting industries:

  • Security: Casinos use facial recognition technology to identify high rollers who should get VIP treatment and also watch for card counters and other unwanted guests.
  • Law Enforcement: Police departments are testing facial recognition by installing cameras in potential trouble-spots such as train stations, and comparing faces against watchlists and criminal databases.
  • Mobile and PCs: Apple’s FaceID and Samsung Galaxy Note 8’s Face & IRIS unlock opened the possibility for further innovation of facial recognition in mobile security. One analyst predicted one billion smartphones will feature a face unlock solution by 2020. At home and at work, more than 50 million people use Windows Hello to log in to their PCs.
  • Healthcare: Annually, medication non-compliance results in a whopping annual cost of $100 billion, mostly in emergency room visits. In a 24-month pilot study, face recognition software by AiCure increased drug adherence rates among schizophrenic patients from 71.9% rate to 89.7.
  • Financial Services: Beyond POS payment options in brick and mortar shops, Mastercard Identity Check brings this convenience to web stores. At checkout, customers receive a pop-up on their smartphone, through which users are authenticated with a fingerprint or face scan.
  • Travel: The regulation-laden travel market is ripe for facial recognition. In Dubai International Airport, more than 100 iris and face recognition kiosks identify passengers within one or two seconds—reducing check-in times, improving security and enhancing customer experience.

Face recognition risks to keep in mind

To fully benefit from face recognition, organizations need to address a few risks, specifically:

  • Hacking: Stored data from face recognition is still hackable, and you can be sure that cybercriminals will do all they can to steal valuable data in any form. That’s why new innovations that store a mathematical representation of users’ faces, protect it with the best encryption, and employ anti-spoofing technology should be prioritized.
  • Privacy and data transfer regulations: Be knowledgeable about current and upcoming state regulations on biometrics. GDPR, for example, requires special handling for biometric user information that includes having the biometrics be revocable by the user.
  • Consumer distress: While some people will agree to upload their photos, others who think it’s creepy will resist. One consumer survey revealed that 71 percent of millennials were uncomfortable with face recognition technology where they shop. Actual or perceived in-store face recognition brought damaging controversy to Walmart and Saks Fifth Avenue.

Know your security options

Like it or not, multifactor authentication—including approaches that use face recognition and other forms of biometrics—is the wave of the future. Fortunately, by knowing the options and making smart choices, organizations can manage the risks and use these emerging technologies to improve security posture.

Contact us to learn more about the latest release of our DigitalPersona 3.0 advanced authentication solution, which now offers face recognition options.

Jeff Carpenter is Director of Identity and Access Management solutions at Crossmatch. In this role, he is responsible for evangelizing Crossmatch’s DigitalPersona® solution. In his 10+ years in cybersecurity, Jeff has held positions with a number of top tier cybersecurity and technology companies, most recently he was with RSA, a Dell Technologies company. Jeff earned a Bachelor of Science degree in Business Administration from Creighton University in Omaha, Nebraska. He holds both a Certified Information Systems Security Professional (CISSP) and a Certified Cloud Security Professional (CCSP) designation.

Authentication
What Data Protection Officers Need to Know for GDPR
Authentication
National Credit Union Compliance Audits: What You Need to Know
Authentication
Revisiting the NIST 800-63-3 SMS Authentication Conversation