SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
The future of authentication: Are you embracing biometrics?
Fri, 23rd Feb 2024

With end users increasingly expecting passwordless, contactless experiences, security professionals are turning to advanced biometric technologies as a more secure and user-friendly alternative to traditional authentication methods.

Growing demand for enhanced security that is easier for the end user to manage is pushing the popularity of biometric technology to unprecedented levels. According to Statista, revenue in Australia is expected to show an annual growth rate (CAGR 2024-2028) of 3.37%, resulting in a projected market volume of USD194.10m by 2028.
Unlike traditional security measures like passwords and physical identification cards or keys, biometric technology uses fingerprints, facial, iris and even behavioural characteristics to authenticate users. The seamless user experience, increased security and ease make biometric authentication a compelling option for healthcare organisations, financial institutions, government agencies, and organisations needing to improve their cybersecurity strategy.
The appeal and popularity of biometrics are already evident, with newer generations of smart devices with embedded biometric authentication capabilities already on the market, capable of unlocking phones and providing access to apps for banking, healthcare and digital wallets. As a result, end users are increasingly expecting such passwordless, contactless experiences when engaging with their technology.
Today's Biometrics
An estimated 4.7 billion people use smartphones today, according to Statista, with newer smartphone models coming equipped with at least one integrated feature for biometric authentication, typically involving facial or fingerprint recognition. Biometric authentication presents a secure and convenient substitute for traditional passwords or PINs.
The FIDO passkey is one example. When a user is asked to sign-in to an app or website, they can now simply use the same biometric as the one which unlocks their mobile device or computer. The passkey's rapid growth in popularity has some experts predicting it will soon become the dominant form of passwordless identification. Tech giants such as Google, Microsoft, and Apple and key authentication vendors such as HID have already adopted the technology into their ecosystems. In fact, global market revenue for passwordless identification systems is projected to grow 27% to USD 53.6 billion by 2030. 
Facial recognition is also gaining popularity, driven in part by government utilisation with drivers' licenses, national ID cards, and passports to protect against identity fraud. Other uses in Australia include the self-exclusion register for promoting better gambling habits, with many licenced venues adopting facial recognition and a register of self-excluded patrons to help facilitate self-imposed rules. Further to this, because of advancements in computer graphics, which have led to impressive improvements in photo and video quality, facial recognition technology has progressed remarkably. Combined with the latest enhancements in artificial intelligence (AI) and machine learning (ML), for example, facial recognition has become impressively accurate and convenient. While there are concerns regarding matching bias, margins of error and false match rates, security experts nonetheless say facial recognition use cases will increase significantly over the next few years.
Indeed, modern cameras with AI functionality and multispectral imaging (MSI) technology can handle challenging lighting conditions and deliver superior presentation attack detection (PAD) to detect fraudulent activity.
Additionally, it is now possible for edge devices to process algorithms and matching capabilities, which used to belong only in big server databases. Therefore, it is now possible to process advanced biometrics at the edge, making processing much faster and dramatically improving the user experience.
Taking authentication to the next level with behavioural biometrics
As digital fraud becomes rampant and more sophisticated, behavioural biometrics also leverage AI and ML to identify unique and measurable patterns in human behaviour. Behavioural biometric data consists of identifying and learning actual user activities so that identity is validated and intent is understood.

User activities such as logging in to an application, navigation to a specific page, transaction checkout, and the data that characterises the user as a human being, such as mouse movements, typing cadence, touch events and swipe patterns, all represent behavioural biometry, which can uniquely characterise a user with a reasonable amount of analysis and proper processing.

This pro­file is continuously updated, improved and enriched in real time, so it can be used to identify a user uniquely and seamlessly. These markers, augmented with user-specifi­c information such as IP address, device, time and navigation patterns, deliver the best contextual value, resulting in a high fraud detection rate and decreased number of falsely rejected users.

The paradox of regulatory compliance and trust
Regulatory concerns go hand-in-hand with technological advances, and biometric identification is no exception. Privacy laws are expanding in tandem with biometrics on a global scale, including the Australian government's Data Privacy Act, in tandem with the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), and others.
It is unquestionable that protecting an individual's biometric data and making sure companies use the data responsibly is important. But the paradox is that this very biometric information is used to protect the integrity and the privacy of someone's identification, their assets, and the access to places.
The complex regulatory landscape can be a barrier to the broader adoption of biometric technologies. Many smaller organisations are fearful of some of the laws and how they've been enacted and enforced by expensive lawsuits and fines.
There are other challenges impeding broader adoption of biometric technology. One is the public's worry that their biometric data will be secure and ethically managed. The second is consistency with the devices it is being used to secure. Biometrics are highly dependent on the environment in which they're captured—the device in broader terms. For example, if the information is on a camera, that camera and the reader must work reliably.
It's also important to consider the suitability of any particular deployment. For example, requiring facial or fingerprint recognition isn't ideal when the user is driving a car. In this case, voice recognition would be a better fit.
Best Practices for Growing Adoption
Education and communicating with customers and end users will help them better understand how biometric technology works and what will happen with the data. For example, employers using biometrics for time and attendance or at the point of sale for fraud and abuse prevention should explain how the technology is helping the customer, what is being collected and why.
To this end, it's important to partner with companies that have a modular approach to biometrics, as there is no one-size-fits-all solution. In other words, trying to deploy the same solution for every use case or industry isn't ideal. Instead, it's important to stay laser-focused on the end-user experience by reducing the level of friction, using data encryption, obtaining user consent, and creating different components to allow resellers and end users to integrate biometrics into their applications as seamlessly as possible. This way, a solution can be tailored to the various use cases and maybe even their geographic regions.
Looking Forward
The future of biometrics is bright as the public's comfort level with the technology's security grows.

As advancements in biometric technology continue to evolve, and security providers adopt ethical and privacy considerations, as well as address all potential vulnerabilities within their solutions, the public's trust and confidence will continue to strengthen.