This article should be interesting to you, if you have an interest in Biometrics and BIO-key.  Its great to help understand what needs to happen to reduce or even eliminate user authentication related crimes and waste.  It also helps to conceptualize how biometrics will be used in the commercial user-authentication marketplace, like in banking.   The article describes a research committee in the financial industry that hopes to develop platforms, systems and maybe standards to thwart data breaches and other attacks within the financial industry.  The committee targets two focus areas.

First, it wishes to better identify privilege applicants…people applying for something at a bank, presumably.  Some call it “Vetting the applicant”.  In my book, I called this process “Identity Basing”.  The entire point is to better determine who is acceptable for a privilege (like a revolving line of credit, for example) and who is not.  In the research community, we like to say “bad data in equals bad data out.”  And Identity management is no different.  If you let a fraudster have a credit card, you will get fraudulent transactions.  So, if we can “Identify” the fraudster, we can exclude the fraudster and preempt the fraud.  Biometrics are used in this process.  In biometrics, this process is call a “one-to-many match”, where you submit a fingerprint into a database to compare it against every or any print in the database.  In a bank environment, the database could include both legitimate existing customers and known fraudsters.  When an applicant (credit card or account) applies, a print is collected and submitted to the database to determine if that applicant already exists as a customer (including under another name) or has been previously identified as fraudulent.  Of course, this capability already exists and is widely used inside Government.  The FBI currently uses BIO-key “matching algorithms” for its Integrated Automated Fingerprint Identification System in Clarksburg, VA.  And our “matcher” is among the fastest and most accurate fingerprint matchers available today.  It also tends to be less expensive to use, as it doesn’t require customized hardware to run.

Second, the committee contemplates how to verify the identities of those successful privilege applicants when they attempt to access the privilege, like use the credit card.  Of course, very many technologies exist that claim to perform this function.  Passwords, PINs, One-Time-Password tokens (OTP), Certificates, Challenge/Response questions, etc, have all been widely deployed for exactly this purpose…to verify that you are the person that’s entitled to enjoy the approved privilege.  Yet, its just as widely accepted that these technologies simply don’t work.  The evidence is clear…authentication related crimes and waste remain pervasive and, in fact, are growing despite the pervasive use of these older technologies.  Thus, we can conclude, and it appears society and business has concluded, that the market will replace ineffective authentication technologies with effective authentication technologies like biometrics.  In this case, the privilege holder (the credit card holder, for example) would submit a fingerprint at the point and time of the transaction to confirm that his/her print matches that print that was collected and is now associated with the credit card or bank account being accessed.  In biometrics, this is called a “one-to-one” match and BIO-key systems are well capable to perform this task.  Most importantly, BIO-key “matchers” are the only matchers designed to work with any fingerprint sensor.  Thus, the bank no longer needs to care what device or sensor the credit card holder or retailer chooses to use.  This, we think, is unique within the industry and is why both IBM and IDC have expressed interest in our capabilities.

They say the definition of insanity is trying the same thing repeatedly, while expecting different results.  Its clear that what has been tried doesnt work.  It finally appears that industry has accepted this and is moving on to something that actually works.  Stay tuned.