IBIA on Easing Consumer Privacy Concerns Surrounding Biometrics Use

Although more businesses are using biometric verification to offer smoother and safer user experiences, customers are still wary to trust this tech with sensitive personal details. In the Digital Identity Tracker, the International Biometrics + Identity Association’s Robert Tappan explains why businesses must emphasize transparency and ethical data handling practices to build public support and acceptance.

Digital Identity Tracker December 2021/January 2022 - Learn how businesses can leverage biometrics to ease consumers' security and privacy concerns

Biometrics require users to trust companies with their personal data, creating the challenge of reassuring consumers that those companies are handling that data in a secure and ethical manner. Securing personal data is a leading concern of consumers, as is not knowing what personal information companies have collected.

Growing numbers of consumers are engaging in online interactions and transactions, and the majority want better user experiences — even if those experiences require handing over more personal data. Organizations developing and implementing biometric technology will influence public perception with the choices they make, whether they focus on user engagement or public policy development.

Robert Tappan, managing director for industry trade group International Biometrics + Identity Association (IBIA), said it is paramount that organizations using biometrics maintain transparency and ensure biometric identity verification protects both consumers and their data.

“We believe that it is essential to communicate with people about what biometric information is being collected, what it will be used for, with whom it will be shared and for how long it will be retained,” Tappan said.

Securing Personal Data With Biometrics

Handling the biometric information collected for identity verification requires companies to respect both people and data, ensuring biometric applications protect privacy and minimizes bias, according to Tappan. Companies using biometrics also must have processes in place for remedying problems such as inaccurate matches should they occur.

“Companies have a duty to ensure privacy and integrity and the responsible use of biometric information,” he said. “Our member companies also want to work with policymakers to develop biometric legislation that facilitates appropriate reporting, oversight and other accountability measures.”

Building User Trust

Tappan said consumers must have a clear idea of not just what biometric data is collected, but also how it is used and retained, including how long the data will be kept. Organizations must ensure the only individuals with access to biometric data are those authorized for that purpose and secure the privacy and integrity of user data.

“There needs to be an ironclad, trust-based relationship between the individual providing biometric information and the company that is collecting the biometric data,” he said.

Accountability to users is essential for both the organizations that employ biometrics and the developers behind the technology, Tappan said. All parties involved must work to ensure those using biometric technology are not just armed with the latest capabilities but also up to date in understanding how to use them.

“First and foremost, biometric technology developers and users need to work together to develop and provide training to the individuals operating biometric systems,” Tappan said. “They need to conduct operational performance assessments on a regular basis when deploying these technologies and regularly upgrade these systems to ensure the use of the most accurate, secure and privacy-protective technologies available.”

The Biometrics Arms Race

While biometrics offer added security, the same bad actors who have developed techniques for skirting other security solutions are unlikely to give up just because fraud scheme execution becomes more difficult.

As with any identity verification technology, biometrics technologies face attacks to gain access to secure data. A report from the Dawes Centre for Future Crime identified deepfakes as the most serious criminal threat posed by artificial intelligence (AI). Deepfakes have the potential to be used as a tool in defeating biometric identification, and the industry is responding with its own advancements.

“The goal is to make continuous improvements to make these technologies better and more accurate and, therefore, more trustworthy and secure,” Tappan said. “No technology is ever 100% correct all of the time. Certainly, some technologies need to be continuously refined and improved. Nevertheless, biometric technologies are far superior in accuracy overall compared to unassisted human assessment.”

For the industry, that means constantly improving existing methods for identifying an individual using biometrics, as well as developing new technologies that use additional identifiers, such as behavioral biometrics. As deepfakes become more sophisticated, biometric developers are creating ever more sophisticated methods for catching them, such as using AI to spot signs of manipulation that humans cannot detect.

User demand for storing and accessing personal data in the cloud continues to trend upward, presenting temptation to those seeking to gain access to that data for criminal ends.

Biometrics-based solutions offer the most advanced method of verifying identities, but those employing the technology still face challenges in everything from creating secure frameworks to providing transparency to users and staying ahead of bad actors.