Since the first of our series at the beginning of 2004 the media coverage of biometrics issues and solutions has built in both pace and stature, gaining momentum with each day. At the start of the year, partly as a resulting measure following 9/11, the US created media frenzy on announcing their plans that all visitors to the US should have some form of registered biometric identification by October 2004. This revelation produced both strong opinions
for and against the proposal from all over the World but from Europe and the UK in particular. The UK Government had already been exploring the possibility of issuing a national ID card incorporating biometric data, and almost as a direct result of the US announcement, it seems that the idea of UK passports carrying a biometric ID was to be a reality sooner rather than later. Also at the beginning of the year, we were inundated with televised documentary and news coverage introducing the public to the reality of biometrics as a new addition to everyday life, through CCTV crowd control at football matches and during street violence, as a way of protecting ourselves from identity theft through the use of voice or signature recognition for credit card purchases, for security in the home, for example by using a finger print device to gain entry to your house or as a form of security access for a PC login. Earlier in this Olympic year, in the first of our series we predicted the “Biometrics Revolution” was under starters orders; well we have now well and truly left the starting blocks!


Assessing the Risks
Understandably for such a new business sector, outside of the Biometrics
industry there exists very little independent expertise on the subject. Within the biometrics organisations, their knowledge and experience is constantly built upon, but that expertise is also understandably closely guarded and contained. The problems therefore arise for potential buyers who need to accurately assess the feasibility of not only their project, but also the technology to be used and the company to provide it:

• Is biometrics the most effective solution?
• Which biometric is best for the job?
• Should it be a combination of multiple biometrics?
• Is the product reliable? Easy to implement? Easy to use?
• What level of accuracy do we need?
• What level of accuracy should we expect?
• Is it cost effective?
• Could there be an added value to the project?
• What are the privacy and ethical issues involved?
• Is the manufacturer reliable – can they deliver?
• Is the manufacturer commercially aware?
• Is the manufacturer financially stable?
• And what about long term plans, guarantees, new developments and maintenance problems?

According to the IBG (The International Biometrics Group) over 90% of all biometrics companies are not profitable. It would be a tremendous risk to partner with any biometrics company without exploring the above issues. But
equally how can the biometrics companies prove themselves until they have customers with systems in place? As a result only a small number of biometrics companies are winning the most lucrative contracts, because up to now they are the only ones who have been able to prove themselves. Until
recently the emphasis for the industry has been concentrated on the development of its technologies. It is only now that some of these primarily research and science based companies begin to grasp that in order to win their clients over they also need to prove themselves to be commercially and
financially skilled organisations, with an acute awareness of their market and competition, and with a product that will truly work in a real-life situation.


Industry Solutions
Many of the more responsible companies have recognised early on that it is essential for these problems to be overcome in order for the biometrics industry to move forward. As a result they have become proactively involved
in a range of solutions, which have emerged and are still being developed.

• Some organisations have recruited top level experienced business executives to take them to the next stage.
• Others have foreseen the problem as an opportunity and created new independent organisations where groups of expert individuals have formed consultancy firms offering independent advice.
• In the late nineties, trade associations began to be formed and developed such as the IBIA (International Biometrics Industry Association) based in
Washington DC, USA, the AfB (Association for Biometrics), based in Oxford, UK and the EBF (European Biometrics Forum), based in Dublin, Ireland, all of whom are now in the process of offering advice and trying to develop accepted and agreed testing methods, best practice standards, ethics and
privacy principles, and each with the support of their respective governments.
• Committees have been formed with a view to agreeing worldwide standards, on subjects such as interoperability of product, through the International Standards Organisation committee -ISO IECJTC1, the Biometrics Consortium and INCITS, the International Committee for Information Technology Standards for example, with the active participation of individuals representing governments, associations and industry.


Strategic Real World Testing
Biometrics is recognised as being a seriously important way forward for global industry by many multi-national level organisations, as well as governments, and as such they are investing huge sums of money into the development and perhaps more importantly now, into the testing and practical implementation of biometric technologies. These corporations include Microsoft, Honeywell, Wells Fargo and many large banking and investment institutions. Many of the investments so far have been geared towards comparative testing of the performance of the varying biometric technologies, with the aim of independently assessing not only their reliability and accuracy, but also determining which of these technologies might emerge as the front-runner
commercially. The biometric “most likely to succeed” from a commercial viewpoint may not be the one that proves to be most accurate during testing, but the one that best meets other parameters that are important to the user,
such as most socially acceptable, least intrusive, most simple to implement,
the quickest to perform, or least costly to produce. It is important to note that the interpretation of any test results may differ when viewing them from a
commercial or practical perspective, rather than from a purely technical or scientific perspective. In other words, in general terms, there is no “Best” Biometric. The selection and successful implementation of a biometrics system, is therefore almost totally dependent upon a combination of important elements that need to be fully understood and stipulated by the client from the outset.


Testing Methodology
Historically it has been the producers or the end users who have been “responsible” for their own testing within the Biometrics arena, but today there are several recognised bodies and test houses performing and developing independent tests for biometric related products. The main aim is for the industry to agree on a series of uniform tests that can be carried out under real life conditions to assess the reliability and practicality of any biometric product irrespective of whether it is a facial recognition, gait recognition, fingerprint ID, or signature verification product for example. The term for this type of testing is generally referred to as Comparative Testing and is designed to assess certain aspects of any of the technologies and as follows:

• FER (Failure to Enrol) – This is the term used when measuring how often users are not able to enrol their original biometric record into a system. This may occur for example, when perhaps the physical characteristic of a person prevents them from being able to enrol properly, for example, a skin disease causing a “worn-out” fingerprint, a cataract over an eye, or a prosthetic hand.

• FTA (Failure to Acquire) – The system fails to identify the user directly after enrolment. This is generally caused by a more temporary condition affecting the users biometric such as a bandage or plaster on a finger, or a change in signature consistancy due to a broken arm, for example.

• FAR (False Acceptance Rate) or FMR (False Match Rate) – A measure of how often a nonauthorised user is falsely recognised as an authorised user and is permitted to gain access.

• FRR (False Rejection Rate) or FNMR (False None Match Rate) – This test measures how often the system fails to recognise a user that should be recognised.

• ERR (Equal Error Rate) – When plotted on a graph the ERR is the point where the FAR (False Acceptance Rate) equals the FRR (False Rejection Rate)
– and this is often used as a standard measurement when comparing different systems.

The results of these tests are generally represented as a percentage. They are particularly important, and need to be analysed very carefully since they refl ect not only how effective the system or device is, but will also highlight the shortfalls and errors caused by the implementation of a particular biometric due to human interaction.


Personal Threshold Levels
When considering the implementation of a Biometric System, it is important for the users to determine their own personal accuracy acceptance levels, with the help of the supplier at the design stage. In some respects these thresholds are set by the limitations of the equipment, but in certain circumstances these thresholds may be required to perform as an additional measure of security or customer service. For example, a FAR or False Acceptance Rate could potentially lead to major damages, and FRR False Rejection Rates may usually be considered to be a non-critical measure, but more of an annoying or time consuming problem. However, a high street bank may be prepared to allow a minimal threshold for FAR (False acceptance rate) thereby occasionally allowing an unauthorised person access, but they may not want to alienate or “insult” their clients by accepting a threshold level for FRR (False Rejection Rate) where their authorised customers potentially may not be recognised. This scenario could change with almost every application or requirement, and certainly does change dependent upon the biometric being used, as they each by their very nature possess different potential
strengths and weaknesses.


Multi Modal
In general biometric solutions have improved tremendously over the last two decades, and responsible manufacturers are proving their abilities by allowing
themselves and their products to be tested. The most simple and most cost effective technologies to be implemented are those first starting to appear in everyday life, such as finger print and ID technology, dynamic signature
verification, or voice recognition for telephone sales, and the more complicated and more expensive solutions, such as facial ID, iris recognition or combinations of bio metrics are starting to be implemented by governments and high security oriented organisations in our global fight against crime and terrorism. The only similarity with both is that the biometric technology is generally being used in conjunction with some other form of security device, such as a PIN or password, or an ID Smart Card, or PKI technology for example. The conclusion that has to be drawn from any of this movement towards the wider use of biometrics, is that there certainly seems to be a strong argument for the use of multi-technology, or multi-modal (multi-biometric) systems, as it is essential to have a secondary method in place, wherever there is, for whatever reason, the likelihood of a compromise in security or a reduced performance level.

In Part 4 of our Biometrics Series we will be discussing the different types of Biometric Technologies, the development areas, and the strengths and weaknesses of each.