Dictionary

Biometric Authentication

What Is Biometric Authentication?

Biometric authentication is the use of a person’s unique biological characteristics – such as their fingerprints, voice or retina – to authenticate their identity, usually for security purposes.

Biometric authentication may also use behavioral traits, as well as physical traits, to confirm who an individual is and grant them an appropriate level of security access. For example, this might have to do with their manner of speaking or typing. 

It is used to grant access to telephones, computers, buildings, countries and more, often as part of a multi-factor authentication process.

The past decade has seen great growth in the reach of biometrics – and there are no signs of slowing down. For instance, Allied Market Research predicts mobile biometrics market growth from $24.6 billion to $184.8 billion in the decade to 2031. 

What Is Multimodal Biometric Authentication?

Multimodal biometric authentication is when more than one of the individual’s biological traits is used to authenticate them. 

For example, accessing a building through a combination of a retinal scan and voice identification, or accessing a laptop through both facial recognition and a fingerprint scan.

When only one biometric indicator is used, the process is known as unimodal biometric authentication. 

Looking for Frictionless Authentication?

Biometrics are rarely friction-free. SEON’s fraud prevention works entirely under the hood to verify and authenticate customers with confidence.

Go Frictionless

How Does Biometric Authentication Work?

Biometric authentication works by comparing live biological data to biometric indicator data stored on file. If the two match, the system authenticates the user. If they don’t, the authentication fails.

The authentication of different biometric indicators works in different ways, from using measurements to inspecting blood vessel networks. Let’s look at a few examples.

Biometric Authentication vs Biometric Verification

It is important to note that biometric authentication is not the same as biometric verification. The process of examining biometric information might be similar in both cases but their purpose is different.

Biometric authentication compares an individual’s biological traits or behaviors to those already held on file, to assess whether they are the previously known person they claim to be.

Biometric verification, on the other hand, is when the individual’s biological traits are used to validate their identity documents, and thus their actual identity – it usually requires both their ID documents and their biological features.

In fact, you might need to complete biometric verification first in your relationship with a user, customer, employee, etc, to be able to authenticate them using biometric markers later. 

The biometric verification process will take place on their first visit or registration. After that, at biometric authentication, the presented features will be compared to what is on file to see whether they match.

Biometric Authentication Examples and Methods

The use of biometric authentication is growing. The KPMG 2020 Technology Industry Innovation Survey found that 79% of respondents were planning to increase their investment in biometrics compared to the previous year. 

Once we look at the ways in which biometric authentication is used, and its ability to authenticate individuals based on a range of unique characteristics, the reason for this rapid growth quickly becomes clear.

Fingerprint Identification

Do you use your fingerprint to unlock your front door, phone, laptop, tablet or other device? This kind of biometric authentication uses individuals’ unique fingerprints to identify and authenticate them using a lens and sensor. 

Looking at a fingerprint in high resolution allows the device to determine if it matches one of the fingerprints in its database. If it does, the system authenticates the user.

Facial Recognition

Facial recognition compares the distinctive details of an individual’s face to those held in the system’s database. 

Such a scanner measures details such as the shape of an individual’s chin, the distance between their eyes, the width of their nose, and so on.

Retinal Scans

Retinal scans work by examining the retina’s fine capillary network – the part of the eye that delivers essential oxygen and nutrients to the retina. 

The eye needs to be close to the scanner for this to work. The scanner beams a low-energy infrared light into the eye, by which it can see the capillary network and compare it with that held in the system database. 

Retinas, like fingerprints, are unique – even identical twins’ retinas differ from each other. 

Voice Recognition

Voice recognition works by comparing a sample of the user’s voice (known as a voiceprint) with a sample held on file. The system breaks the voice down into multiple frequencies to compare the two. Like fingerprints, voiceprints are unique and remain the same throughout an individual’s life.

Biometric voice recognition in particular is also a rapidly growing market. It was worth $1.1 billion in 2020. That value is expected to more than treble by 2026, to $3.9 billion.

Typing Pattern Recognition

Another form of biometric authentication is typing pattern recognition. This works by analyzing a user’s keystroke dynamics.

It measures a range of factors such as press time, seek time, flight time and other factors in order to authenticate the individual.

How Secure Is Biometric Authentication?

Unfortunately, biometric authentication can be hacked or spoofed. There is ample evidence of this as a result of tests and research by cybersecurity professionals, from Apple’s fingerprint scanner hack in 2013 to deepfakes mimicking someone’s voiceprint, and even replay attacks where the criminal’s efficiency can improve over time.

Some of these problematic areas have been discovered by white hat researchers rather than criminals. One example comes from DeepMasterPrints, an artificial intelligence tool created by researchers at New York University’s Tandon School of Engineering, which generates fake fingerprints that can fool biometrics. 

But biometrics can be hacked in simpler ways too: For example, through breaches of biometrics databases, as happened in 2019, when Biostar 2, a biometrics system used by the police, banks and other key organizations in the UK, was hacked. 

Given the unique features everyone carries on their person – fingerprints, irises and the like – one could be forgiven for assuming that biometric authentication is impossible for fraudsters to spoof or hack. But the reality is different.

In fact, the fact that biometric authentication is mistakenly considered by many as impossible to hack makes the problem much worse. 

With individuals and even companies mistakenly believing that biometric authentication is an impenetrable defense, their guard is more likely to be down. Then, tech-savvy fraudsters can use deepfakes, leaks and social engineering techniques to fool biometric authentication and gain access to physical and digital infrastructure.

Where Is Biometric Authentication Used?

Biometric authentication is used in a wide range of settings.

  • Many of us use it daily when logging into laptops or phones.
  • The use of biometric door locks is also increasing rapidly, with users accessing their homes using fingerprints, retina scans, voiceprints and other biometric indicator data. The same technology is also being used by businesses, with companies implementing biometric lock systems for offices, warehouses and other commercial premises.
  • In the financial world, some banks use biometric authentication before discussing customers’ account details with them. Slovakia’s Tatra Banka is an example of this. After introducing voice biometrics in 2013, the bank now uses voice authentication for 85% of the calls to its contact center that require authentication. According to their reports, doing so has reduced the time taken to identify and authenticate customers by 66%.
  • Biometric authentication is also used extensively by border security agencies. Back in 1998, Malaysia became the first country to introduce biometric passports. More than 150 countries now use these. Biometric data is embedded in an electronic microprocessor chip within the passport. Using contactless smart card technology, this is used to authenticate the passport holder’s identity when they travel and has supported the growth of electronic passport gates at many international borders.
  • Law enforcement has also embraced the opportunities that biometric authentication presents. In the US, the Government Accountability Office reported in 2021 that 20 out of approximately 42 federal agencies that employed law enforcement officers used facial recognition software.
  • The use of such technology is not solely limited to government databases either. Clearview AI began scraping publicly available images (from Facebook, YouTube and the like) back in 2017. Its users can upload an image and search for a match. The company has partnered with more than 3,100 federal and local law enforcement agencies, who have been drawn to the size of its database; Clearview AI provides access to some 10 billion images, compared to the FBI’s database of 640 million.

Biometric Authentication Benefits and Shortcomings

BenefitsShortcomings
Can deliver greater security than username/password authenticationCan be hacked, but many do not realize
More secure than possession-based authentication, as you’re less likely to lose your voice or face than an authentication deviceCan be expensive to implement
Less friction than having to carry an item or remember a passphraseTime implication for businesses that need to upskill their workforce to adopt it
Delivers improved business efficienciesThe sheer technological complexity can put companies off
Can accelerate time to marketPrivacy concerns for individuals who don’t want their biometric identifiers on a database
Allows businesses to focus more on operations due to reduction in incidents/breachesMachine learning and algorithm biometrics are said to support demographic bias
Faster/smoother user experience when it works
as it should, but…
…potential for increased friction when it doesn’t work as it should
Can support companies to achieve increased market share
Reduce Risk & Eliminate Doubt

Partner up with SEON to discover the best way to reduce false positives and boost your customers’ experience, no matter your industry.

Ask an Expert

How Can Biometric Authentication Stop Fraud? 

Biometric authentication is being used to stop fraud in numerous ways. Though not impossible, it is harder to steal a fingerprint, voice or retina than it is to steal a password. This reduces instances of fraud by improving the authentication process.

By enabling payment authorization, biometric authentication can also help reduce instances of payment fraud. Customers who use their fingerprint to authorize a payment on their phone or computer aren’t repeatedly entering their debit or credit card details, meaning those details are less likely to be stolen via interception.

Biometric authentication can also be instrumental in keeping individuals’ sensitive data safe. Using biometric authentication to protect a person’s medical records, for example, can prevent them being accessed by anyone who is not authorized to do so.

Using a biometric door entry system can also help to prevent fraud. By controlling access to physical premises, such as offices and warehouses, it can help protect electronic and paper records.

However, it should be said that biometric authentication is not always the best solution, nor is it entirely without risk, as we have seen.

Those companies and organizations who are highly targeted by fraudsters might want to consider combining biometrics with additional security such as device fingerprinting, which looks at a device hash, cookie hash and browser hash to identify a returning user as well as spot other irregularities. 

Meanwhile, it is also important to consider friction in the context of biometrics. Various forms of biometric authentication involve different levels of friction and, depending on the setting, one might prefer to deploy a frictionless authentication solution instead.