Biometrics at the Forefront: From Healthcare to Digital Identity and Beyond
Sir William Hersher’s innovative approach of imprinting his employees’ handprints on the back of their contracts, in the 1860s, was revolutionary and a significant milestone in the evolution of biometrics. From this early instance to our present day, the use of biometrics in the professional, or even life in general, has come a long way. The global biometrics market was valued at US$ 33.2 Billion in 2022 and is forecast to reach 119.42 billion USD by 2029.
In a previous article, we covered the history of biometrics evolution in detail. In this article, we will dig into the use cases of biometric technology.
But before diving into particular use cases across industries, let’s discuss why biometrics are adopted.
Biometrics have traditionally served as a reliable means to distinguish people from one another. Mainly, biometrics have five uses:
- Identification: Identifying someone by analyzing a physical characteristic such as their face, voice, fingerprint, or other modalities
- Verification: Confirming a person’s identity
- Authentication: Authenticating someone by using a unique identifier like your fingerprint or face to prove you are who you say you are
- Authorization: Authorizing access to a particular place, thing, or information by confirming that the user trying to access is legit.
- Liveness check: Checking if a person is a real human being or a bot, 3D mask, etc
Today, we see biometrics being adopted in many sectors, from military access to our day-to-day life, for a multitude of reasons. But have you ever considered why the world is shifting to biometrics while other methods like passwords, PINs, and device-based authentication are available? Well, there are several reasons for this, and let’s lay them out.
Why Biometrics?
Biometric technology and its uses in modern-day technology have several advantages.
Security
Biometrics offer confidence to providers that a person is real and unique by verifying a real-world trait. Passwords, PINs, and other personal identifying information can be forged or compromised through various social engineering and hacking techniques. According to a report, over 2 billion data records containing usernames and passwords were compromised in 2021, an increase of 35% from 2020. Biometrics, if used with advanced technologies like liveness detection and anti-spoofing techniques, offers additional levels of security.
Convenient and Seamless User Experience
One of the most important things in the highly advancing digital space is user experience. With a lot of information to process, the attention span of users has declined. Signing up for multiple applications daily and remembering passwords for each one is unrealistic unless you are a superhuman.
While the internal process of biometric technologies is quite technical, from a user’s perspective things couldn’t get easier. Placing your fingerprints on a scanner or simply glaring at your screen to unlock your device, log into an app, or even unlock doors is easier than typing a long password, let alone trying to remember what it was. The chances of you forgetting your own biometrics? Almost Zero! These super conveniences of using biometrics play a major role in its adoption.
Near Spoof Proof
Biometrics like fingerprints, iris scanning, facial recognition, and other behavioral biometrics are difficult to replicate when used with advanced technologies like liveness detection. There’s a reason we use biometrics as a unique identifier. For example, in the case of facial recognition, FaceTec which uses one of the most advanced 1-n matching claims to have the False Acceptance Rate (FAR) of 1 out of 125 million. Technically, you have a better chance of winning a lottery than having a possible biometric match.
From unlocking our phones to increasing security and saving time in airports, biometrics are used for security and convenience. Let us now dive a little deep and look at various use cases that are emerging or that are currently in use
Biometrics in traditional finance and banking
Out of multiple industries, the financial sector is one that works with a lot of sensitive customer information. A data breach means financial losses not only to customers but also to banks. Don't even mention the litigation and penalties that will follow!
This is why throughout banking history, regulations concerning opening accounts, conducting transactions, and the security of customer data existed, and are regularly updated. Enabled by technology and the emergence of a global economy, the landscape of the industry as a whole has changed and accelerated to meet the demands at a global scale. Currently, in most countries, banking does not necessarily require human interaction for regular transfers. From making financial transactions to getting loans, securing insurance, and much more, you can just do it online. This shift requires more robust security for the banks and convenience for the customers. Biometric technology's heightened security and convenience fit right in, which led to its adoption in banking. The global market for biometrics in banking is expected to reach 8.9 billion USD by 2026 from US$ 74.4 million in 2021.
Fingerprints, face recognition, voice authentication, iris scans, and other biometric modalities have become unparalleled means of authentication in the financial sector. Here are some of the ways financial institutions utilize biometrics:
Biometric ATMs
Biometrics-based ATMs make it easier, more secure, and convenient for users to withdraw cash at ATMs without a PIN number. Today, ATM machines across the globe often either have fingerprint scanners attached or face recognition software integrated into the system to identify users. Poland was the first European country to introduce fingerprint scanners on ATMs in 2014. Two years later, to combat ATM fraud, Firsev introduced a palm authentication reader based on Fujitsu’s PalmSecure palm-vein technology. In 2019, Spain’s CaxiaBank claimed that it was the first bank to introduce face recognition to let users withdraw cash at ATMs. Today, Biometric based ATMs are common across the globe.
Protecting Banking Information
Using biometrics for authorization to access users' personal information protects the information from being compromised by an unauthorized person. One of the major benefits is protection against identity theft. When a bank requires biometric verification along with verification of identity documents to onboard customers digitally, the chances of faking an identity become less. Another benefit of utilizing biometrics is insider fraud prevention. Many banks use biometrics to authorize financial transactions so that no employee from inside could mess up with users’ funds.
Secure Online Banking
Online banking became prevalent during the COVID pandemic, and today it has become an integral part of our lives. Users can open accounts and perform any financial activity without visiting the branch. The advancement of biometrics on smartphones ensures secure and seamless online banking. Banks and fintech companies mainly use biometrics for opening an account and authorizing existing customers to access their accounts. With the introduction of liveness detection and 3D scans, online banking has become more secure.
Biometrics Payment Cards
Biometric payment cards have become a new sensation in the financial industry, with banks racing toward commercializing such cards. Recently, the largest bank in UAE launched the country’s first biometric payment card. With a promise to make payments contactless, biometric payment cards are gaining traction from the banking sector, and the global biometric smart card market size was valued at $74.4 million in 2021, while there are more than 1 billion access and ID cards with Compound Annual Growth Rate (CAGR) of 10-20 percent. Biometric payment cards contain a fingerprint sensor which requires user authentication when used.
Financial Inclusion
Financial inclusion is still one of the biggest challenges we face today. According to a report, there are 1.4 billion unbanked people worldwide. Using biometrics for identification and authentication, financial institutions can reach people with literacy challenges and limited access to official documentation. In parts like remote African countries, fintech companies are working on providing banking means to the people, and most of these startups today use biometrics as an integral part of their ecosystem.
Biometrics in Web3
The idea behind Web3 is to create a new generation of digital services that combine artificial intelligence, augmented and virtual reality, and blockchain technology. One of the challenges in creating these new kinds of experiences is proving the identity of individuals accessing those services. There have been a lot of considerations for proving identity, including wallet-based authentication, KYC, Decentralized Identities, token-based authentication, and more.
But all of these have some shortcomings. For example, how do you ensure that a single user isn’t using multiple identities in token-based authentication? Or, in KYC, how do we ensure that the provided data belongs to the same person and isn’t stolen or forged? Or, in wallet-based authentication, how do you ensure that the person isn’t a fraudster? The answer lies in biometrics. Although conventional authentication mechanisms such as passwords, key phrases, and PINs are pretty potent, biometrics provide more robust security plus convenience. Let’s discuss the role of biometrics in Web3.
Securing decentralized identities (DIDs)
As outlined in the W3C Proposed Recommendation, “Decentralized Identifiers (DIDs) are a new type of identifier for verifiable, ‘self-sovereign’ digital identity. DIDs are fully under the control of the DID subject, independent from any centralized registry, identity provider, or certificate authority.”
In simple terms, a user's personal information is stored in an identity wallet. Whenever a service provider requests access to any information, they are granted access to the specific information they require with the consent of the owner of the identity wallet.
But some risks are associated with keeping all of the user’s info in the wallet. For example, what if the user loses access to their keys or forgets their passwords? What if the data is stolen and used for malicious purposes? Enter biometrics! There is no need for passwords, and no one else can access the information unless the person grants access. While there are no known real-life use cases yet, the research on how to utilize biometric modalities for securing DIDs is ongoing.
Safeguarding digital assets
Digital currencies may help to level the playing field and bring people out of poverty; however, challenges abound. Security is the biggest concern. Cryptocurrencies must be stored in ‘hot wallets’ when they are being traded or exchanged. Hot wallets are devices connected to the internet: a laptop or phone. They’re convenient but more vulnerable to hacking and fraud. Many crypto adopters today use ‘cold wallets’—external storage like a hard drive or USB stick. These devices are safer, but they are still flawed. The storage can only be accessed through a seed phrase or a private key, but if a user somehow loses access to his private key, the funds will be lost forever. In crypto, there’s a saying, “not your keys, not your crypto.” Using biometrics as a private key to access digital assets both in cold and hot wallets, users can access and control their crypto in a safe and secure manner “not your face, not your crypto”. One use case is integrating fingerprint sensors on cold storage wallets, which is under development by IDEX biometrics. Other modalities like facial recognition and iris scans can also be used as a means of authorization.
Sybil Resistance for DeFis, GameFis, DAOs, and social media
While it is a common misconception that blockchain and Web3 are all about cryptocurrencies, it’s more than that. As per stats, the number of GameFi projects has touched 1582, which is a 31% increase from January 2022. Similarly, the number of DAOs and DeFi projects has increased overwhelmingly in the past few years. All in all, these projects in Web3 have gained tremendous traction. However, a challenge still remains unsolved - dealing with Sybil Attacks. In simple terms, Sybil attack on a system is a situation in which someone creates multiple identities to get control over the system. You can read in detail about Sybil Attacks here. As an example, let’s take a Play-to-Earn gaming platform. A user who wants to spam the forum can create multiple accounts or use bots to deceive the platform and earn cash. Similarly, in DAOs, if there aren’t any criteria to ensure that one person only has one chance to vote on a specific proposal, anyone could create multiple accounts to either upvote or downvote the proposal according to their plans. Using biometrics as a form of identity to verify that the person is unique and alive can help Web 3 protocols to ensure that one user can only create one account.
Biometrics in Healthcare
Healthcare is one of those sectors that could benefit from using biometric technology. Biometrics can be used to authenticate patients, verify their identity, and control access to restricted areas.
Patient Identification
Hospitals and healthcare organizations can use biometrics as a unique identifier to identify patients and see their previous health history. A patient’s medical record can be uploaded in a nationwide centralized database or maybe in a distributed system that can be accessed from anywhere, simply through biometric scans.
Access control
One of the most common uses for biometrics in healthcare is access control. Access control is the process of granting or denying access to resources, and it's often used to protect data and people.
In healthcare organizations, unauthorized access to critical information such as patient data, research data, or bio-labs could lead to disasters. Imagine if someone gets hold of critical bio-research data and uses it for malicious purposes. We have seen such scenarios in movies where bad people get access to bioweapons and lethal viruses to destroy the world. This could happen in reality. By using biometrics, healthcare organizations can restrict access to legit users only. Although healthcare organizations use passwords and PINs for access control, passwords and PINs are easy to crack, especially with the high-level technology that is now available.
Risk assessment and fraud detection
Biometrics can be used to detect fraud in healthcare. Biometric data is collected from patients and analyzed to make sure that they are who they say they are. It is then compared with previously stored data to determine whether there has been any change in the biometric characteristics of the patient. Biometric authentication is used by hospitals and clinics across America, helping them prevent identity theft and detect fraudulent activity within their facilities.
Biometrics have been used successfully for risk assessment and fraud detection since at least 2002 when the US Department of Health & Human Services began using fingerprint technology to determine which Medicaid recipients were eligible for benefits (US DHHS). The US DHHS also requires that all applicants submit a photograph before receiving benefits and provide additional information about themselves, such as where they live or what income level category applies most closely, if none applies exclusively.
Detecting Signs of Disease through Iris
While this section isn’t directly related to the biometrics technology discussed in this article. Rather it is related to biometric modalities that can also be used to detect signs of diseases using external biometrics images. Three years ago, Google published research on predicting multiple cardiovascular risk factors through back-of-the-eye photos using deep learning. Recently, researchers have discovered additional biomarkers that could be used to detect other chronic diseases, such as kidney and diabetes. While this research is still ongoing, it is expected that we will be able to identify many signs of diseases through external biometric scans soon.
Biometrics in the Government Sector
Previously, biometrics were mainly used by law enforcement agencies to identify criminals. But now, automated biometric identification systems use different biometric modalities. Many governments today use these systems for civic purposes, identity verification, voter registration, social security programs, and other administrative purposes. In a report published by the World Bank, there has been “an exponential growth in social protection measures between March 20, 2020, and May 14, 2021, and a total of 3,333 social protection measures have been planned or implemented in 222 countries or territories”. Most of these programs use digital channels and biometrics to distribute resources and money fairly. Some examples include UNHCR financial assistance to refugees in Jordan and the Ehsas cash program by the government of Pakistan.
Other than social work, governments are using biometrics for various purposes. India’s Aadhar card captures different biometric modalities of citizens and issues a unique 12-digit ID that is considered a person's digital identity. This is the largest biometric database, with 1.3 billion unique people registered. This initiative is used by different state institutes for administrative purposes.
Biometrics for Airport Security Control
With countries worldwide seeking to tighten up security at borders in the face of threats of terrorism and immigration pressures and offer convenience to travelers, biometrics are playing an increasingly important role.
Innovative ways to use biometric technology have been implemented at many airports around the world to improve service efficiency and speed up passenger logistics from check-in to boarding. Back in 2013, around 3,000 British Airways passengers flying out of London Gatwick could use an iris scan to check in and claim baggage, clear passport control, and board a plane without any identification documents. As an example of commercial implementation, Paris-Charles de Gaulle Airport has upgraded the PARAFE automated border crossing system, first introduced in 2009 and based on fingerprint recognition.
Paris-Charles-de-Gaulle and Paris-Orly airports currently have about 100 eGates automated border gateways that use facial recognition, allowing passengers to pass through faster and save significant time on departure and arrival. The updated system can now be used by more than 40% of travelers versus 3-4% in a fingerprint-only system.
Source - Discover Magazine
While the concept of undocumented travel is not yet fully realized, new biometric systems are already being tested. In Europe, more than 18 countries already use facial recognition technology, and more than 200 million passengers have crossed borders using such systems. In the Middle East and Asia, multimodal biometric facial and iris recognition technologies are popular.
The facial biometric template as a single token is being tested and implemented at airports, these are Aruba Happy Flow (Caribbean), Changi FAST (Singapore), Sydney FPPS (Australia), Emirates Biometric Path (UAE), Carrasco EasyAirport (Uruguay), Schiphol Seamless Flow ( Netherlands), Bengaluru DYBBS (India) and a dozen US airports, including Los Angeles International Airport.
Biometric systems allow self-contact biometric boarding, while the border and customs service performs border checks (biometric exit) using only the face as an identifier.
Biometrics for a Digital Identity
With the internet playing a significant role in our daily lives, our digital presence now extends to work, social lives, studies, and even financial activities. This literally means sharing our personal information for the purpose of identification and authentication with multiple service providers and organizations. The concerns over the security of this data have been raised by different sectors. One of the suggestions to ensure the security of this data is creating a digital identity based on someone’s physical or behavioral traits. The goal of digital identity is to verify identities online to prevent spoofing while safeguarding privacy.
Organizations that require personal information can use biometrics to verify that the person is who they say they are. This will help ensure that the person providing personal information for verification is actually the same person, not a fraudster. Many online service providers use biometric modalities (facial scans, voice recognition, and fingerprints) to verify and authenticate users.
Challenges in Adopting Biometric Technology
So far, we have discussed multiple sectors that are already using or could benefit from biometric technology for verification, authentication, and authorization. Most of the sectors opt for biometric technology because of the convenience it offers to the users. But many are still reluctant to use biometrics as a form of security. Here are the main reasons:
- protecting anonymity
- fear among users of biometric data being used against them or to invade their privacy.
Although it may seem easier and safer to have a centralized authority safeguard this highly personal information, in truth, that may not be the case. Naturally, there is the issue of trust towards major corporations who commonly utilize “personal information” for commercialization, but at the same time, not many people want a government to have full control over their biometric data. In addition, in this day and age, there is not a single government in the world that can truly represent everybody living on this planet. This fear of users' biometrics data going into the hands of specific groups is a challenge for the adoption of biometric technology.
Nonetheless, the importance of biometric technology couldn’t be ignored due to these challenges. To address these challenges and streamline the true potential of biometric technology, there is a need for a global identification system that not only protects the privacy of the users’ biometric data but also isn’t in control of a centralized authority, be it large corporations or governments. We also need to consider the integrity of the information, preventing malicious actors from accessing the information and the network as a whole, preventing Sybil attacks, deep-fakes, and an endless number of various possible and potential attacks.
This is where the concept of verifiable private computing comes into play. At Humanode, we use crypto-biometrics and employ confidential computing to safeguard biometric data as well as make the process transparent at the same time so that anyone can verify how the data is being processed.
Crypto-biometrics is based on a combination of various technologies and exists at the intersection of the disciplines of mathematics, information security, cybersecurity, Sybil resistance, biometric technology, liveness detection, zero-knowledge proof (ZKP) technologies, encryption, and blockchain technology.
Verifiable confidential computing is used so that users can easily verify the whole process of biometric data processing transparently and at the same time no one could get access to the data, not even those who have control over the servers. You can read the article on biometric data processing in BotBasher to get a detailed description.
In simple terms, crypto-biometrics technology ensures the security of private biometrics data and protects it from exploitation by anyone. So even if someone wants to get hold of the users’ private biometric data, it isn’t possible, not even by the Humanode team.
Now consider the use cases we discussed above with crypto-biometrics technology. With private biometric data, financial institutions can verify that the user is a unique human being and alive without knowing the identity data. Similarly, Web3 GameFi companies, DAOs, and other DeFi projects can ensure Sybil's resistance without storing biometrics data in centralized servers. You can read the uses of biometrics in Web3 in detail here.
For P2P marketplaces, crypto biometrics can secure transactions without trusting any third party.
For the healthcare sector, a global biometric identification platform can be built using crypto-biometrics that will not be controlled by any centralized governments and will give access to useful data (anonymously) to every researcher regardless of where they are in. This could help groundbreaking healthcare innovations based on the global availability of information.
For developing a decentralized digital identity system based on biometrics, Crypto-biometrics enables users to be able to control their verified credentials, as consent to use those credentials is essential for an identity system to be self-sovereign. This minimizes the unintentional sharing of users' personal information. Imagine a scenario where a hacker takes over a user’s private key.
For a typical Web3 wallet or smart account, it would mean the hacker has gained total control over the account. With crypto-biometrics, we can enable liveness detection checks of the private biometrics for each epoch, whereby the user would have to prove he or she is indeed the account owner.
Similarly, biometrics could be utilized for multiple other uses if we make it secure and private.
Sources
- https://findbiometrics.com/financial-biometrics-november-snapshot-fintech-trends-511178/
- https://www.biometricupdate.com/202211/the-future-of-payments-biometrics-within-the-financial-eco-system
- https://www.sciencedirect.com/science/article/pii/S2667096821000422
- https://www.tandfonline.com/doi/abs/10.1080/19187033.2004.11675154?journalCode=rsor20
- https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/inspired/biometrics