Biometric authentication has long been about providing fast, secure access, but as we move into the data-driven age, this technology also has to take into account tightening privacy requirements. Yesterday, CSA caught up with the Alex Tan, HID Global’s Director of Sales for ASEAN, who shared that one of the challenges of applying a technology like biometrics is that some are not aware of the data protection and compliance requirements that they have to adhere to, either right now or sometime in the future.
Based on his experience, Alex said it’s common for organisations to buy biometric technology which is just functional, and then get caught out when they are questioned by auditors or their own end users – for instance on the issue of how the biometric data of users is captured and stored. They then need to reinvest and make changes to their biometric technologies to meet those requirements.
In Alex’s view, biometric technology has advanced profoundly over the years. Today, biometric technology is no longer used just to provide physical access, but also digital as well, for instance in the case of mobile banking sign-ons.
The problem is that many organisations are still continuing to use legacy access control technologies that are outdated and leave them open to evolving security threats and vulnerabilities. Poor user experiences people have had in the past with biometric technology is another factor that may put them off from using it in the future.
During the meetup at HID Global’s office in Kuala Lumpur, Alex and his team demonstrated one of the company’s latest fingerprint imaging solutions to make a case for how much the technology has progressed. The solution uses a technology called multispectral fingerprint imaging, which is able to capture unique characteristics from the surface and subsurface of the finger. The upside of the technology is that it is more accurate, capable of liveness detection, and can be used even if the finger is dirty, cracked, wet, oily or even covered with a surgical glove.
He again highlighted that how the user’s biometric data is kept after it has been captured, is of utmost importance. This is because hackers are always trying to subvert the technology and find loopholes to circumvent security. If the data isn’t properly encrypted, for instance, they are able to reverse engineer and reproduce it.
“So here at HID, not only do we talk about having a good sensor to capture fingerprints, but we also look into areas of how we want to make it secure, keep it secure and lock it away in a secure manner,” Alex explained. As such, he said HID Global makes use of the “best-in-class cryptography which offers unrivalled data and privacy protection, resulting in a more secure environment than other credential technologies.”
Since the credential technology that they use is software-based, businesses have the flexibility of choosing from a much wider variety of form factors and communication protocols, including the use of secure smart cards, tags or mobile devices.
Nevertheless, with growing concerns around cybersecurity, Alex urged that companies should always employ multiple layers of security. “When you want to mitigate risk, especially in the digital age where everything is digitised and connected, it’s best to have two-factor authentication on top of having the data protected and kept in a safe manner,” he added.
On a related note, there was also a common misconception regarding two-factor authentication that he wanted to dispel. According to Alex, two-factor or multi-factor authentication process has to cross different domains, using at least two of the following three components: what you know (PIN or passwords), what you have (a mobile device, card or token) and what you are (this is the physical biometrics part).
Therefore, Alex explained that if one were to implement fingerprint authentication in combination with speech or facial recognition, then that is technically not two-factor authentication. Companies need to be aware of that.
“That’s why in HID we also offer digital credentials, where people can use a mobile phone, for instance with biometric authentication. So we give options to customers, whether they want to use a physical card or digital credential but it has to be cross-domain. As long as you have that, I think you are in better hands,” he said.
Going forward in 2020, Alex shared that HID will continue to invest in growing the market and improving awareness on the areas he has covered not just by offering solutions but also elevating the standards of security governance and ensuring that regulatory compliances are met.
He added that HID Global is fortunate as to have good backing coming from the US, “So our products are already built-in with some of these compliance mechanisms. Hence, when our products are deployed in the [ASEAN] marketplace, this will give a good starting point for customers to build upon.”
Biometrics will continue to be an area that HID Global will have keen interest in and hope to grow. “We’ve been doing very well in the cards, readers and controller space as well, but we also want to be more active in the biometric space, particularly in access control applications. That’s the strategy that we have going forward.”