When law enforcement agents authenticate an identity, they turn to fingerprints or dental records - two physical attributes that can't be faked.
When lenders, credit grantors, or merchants want to check an identity, they compare a document signature to a signature on a driver's license or review some other form of identification - such as a passport or PIN at the point-of-sale. Such methods are less secure and identity thieves have found flaws.
But one iron clad security solution debated for years is biometrics - technology that electronically reads physical traits to verify identity. The appeal is that people can be authenticated by traits, such as a retina scan or voice pattern.
Biometrics received a lot of hype in the past couple of decades, especially in movies where filmmakers have capitalized on the technology's "Wow!" factor. It's common in spy thrillers to see biometrics used as part of a high-tech, ultra-secure government agency. (Think James Bond.)
But the technology remained largely experimental through the 1980s and 1990s. Early versions of electronic fingerprint readers, retinal scanners, and voice recognition units were costly and prone to malfunction. Many fingerprint scanners tested on ATMs proved ineffective because the lens on the reader became smudged, scratched, or blocked by a foreign object, making it difficult to scan the customer's fingerprint.
The high cost for a low-end fingerprint reader left banking executives hard-pressed to put much capital behind what they saw as a one-dimensional security device when cheaper solutions, such as smart cards, were available.
So biometrics languished - until recently. Lower costs, improved reliability, and a growing need for lenders, credit grantors, and merchants to curtail fraud and identity theft expanded the business case beyond security.
Potential end-users now weigh the consumer convenience factor and lower operating costs that biometric applications bring to the table. "With applications more robust, costs coming down, and ease-of-use improving, there are more reasons to at least consider biometrics, which is why we are seeing more pilots and rollouts," says Ariana-Michelle Moore, a senior analyst for Celent Communications, New York.
Bank of America, Discover Financial Services, and grocer Piggy Wiggly Carolina Co. are rolling out biometric applications. Yes, even supermarkets that are known for having severely constrained IT budgets, are finding uses for the technology - a sure sign of a strengthening business case.
"We view biometrics as an affordable high-tech solution that provides our customers with convenience at the point-of-sale and that can also help reduce fraud," says Rita Postell, manager, community and employee relations for Albermarle, S.C.-based Piggly Wiggly Carolina Co.
Piggly Wiggly Carolina, a Piggly Wiggly Corp. franchisee with 114 stores throughout South Carolina and Georgia, initially piloted the technology in four stores last year. Plans are underway to roll out the application chainwide. The grocer turned to the technology to create an electronic wallet accessed by reading the customer's fingerprint. But recognizing that its clientele is technologically conservative, Piggly Wiggly Carolina instead focused its initial marketing efforts around the store's loyalty program.
The idea was to introduce customers to the technology through use of an application that didn't access any of their personal financial data. Once customers became comfortable with how the technology worked and the security of the system, the feeling was they would be more apt to enroll their payment information into the system.
The company's assumption proved correct. Customers are warming up to the technology "We see the technology primarily as a customer benefit and a security tool that hopefully will reduce fraudulent check cashing," Postell says.
Customers enroll in the program by showing a valid I.D. They then swipe a finger on the biometric reader five times, after which they swipe whatever cards they intend to use at the point-of-sale - such as credit, debit, or loyalty - to link those cards to their account. All account data is stored at a secure IBM data center.
While Postell declined to be specific about the cost savings, Eric Bachman, chief operating officer for San Francisco-based Pay By Touch, which developed the biometric application for Piggly Wiggly Carolina, says supermarket executives have told him that if the checkout process is reduced by one second per shopper the operating efficiencies gained are the equivalent of about a $6 million savings in labor costs annually.
Pay By Touch also has contracts with Roundy's Inc., a Wisconsin-based supermarket chain that is a division of Pick N' Save, as well as Discover Financial Services. Discover is planning to attach a biometric application to its card in the coming year. Discover executives were unavailable for comment.
Improved operating efficiencies played a key role in Bank of America's decision to roll out palm readers for access to the safe deposit box vaults in its branches. By installing the readers, the bank no longer needs an employee to accompany a customer into the vault. Before this, employees had to be stationed at or near the vault to verify a customer's signature on file.
Next, the employee would accompany the customer into the vault and use a master key in conjunction with the consumer's key to unlock the safe deposit box. The double lock system was an extra layer of security. If a customer's key proved to be a fake, the master key alone would not unlock the box.
BofA modified its entry system to match a customer's handprint to one on file and require customers to enter a PIN. The new system frees personnel to focus on other duties. BofA plans on rolling the application out to its more than 5,800 branches.
The application builds on an earlier biometric pilot by the bank. In 1999, BofA internally tested a smart card-based biometric application that read fingerprints to help customers access its online banking service. The fingerprints were stored on the smart card and were accessed after the cardholder swiped his or her card through a reader attached to a PC and entered a pass code.
The cardholder then placed a finger on a scanner attached to the PC, which verified the finger print image against that contained on the card. The project never made it out of the pilot stage.
A drawback to loading a biometric application onto a smart card is the lack of a supporting infrastructure for smart cards. It has only been in the past few years that merchants began installing terminals with the capability to read a smart card. But even with an improving infrastructure to support smart cards, credit issuers have only dabbled with the technology due to low consumer demand.
Payment experts also argue that smart card wallets can be limited in size by the chip's memory.
It's clear biometrics still face stumbling blocks. Chief among them are privacy concerns over shared databases, which are the cornerstone of any plan to make biometrics a mainstream technology. Without a shared database, end-users are in effect tied to a closed loop system that is limited to a single set of customers.
Closed loop applications are not as effective at fighting fraud in a shared environment, such as at an ATM or over the bankcard networks, because they can only authenticate cardholders of the bank that has deployed the biometric application. That raises the question of whether deployment is worth the cost.
"If one bank deploys scanners at its ATMs and enrolls all it cardholders, but the ATM is linked to a shared network, there is no way to guarantee transactions made by non-bank cardholders are legitimate," says Moore.
Indeed, criminals have developed highly sophisticated means of capturing ATM cardholder PIN numbers. One device is a thin sleeve that fits inside the card reader and captures all data entered into the PIN pad and off the card's magnetic stripe. Once in possession of that information, a counterfeit card can be made and the cardholder's account accessed with their PIN.
Some payments executives say market forces are working to move biometrics into the mainstream. "There is a lot of research that indicates consumers are increasingly becoming uncomfortable with ID theft and fraud," says Julie Krueger, vice president of emerging technologies for Los Angeles-based JCB International Card Co. Ltd. "The market is going to have to do something to address these problems."
Krueger contends that linking the technology to loyalty applications, a la Piggy Wiggly Carolina Corp., will be one of the best ways to introduce consumers to the technology. Still, biometric experts predict it will take at least five years to build a full head of steam in the U.S. during which the market will discard competing authentication technologies, such as smart cards and USB tokens.
Without a doubt, the growing affordability, increasing reliability, and irrefutable authentication capabilities of biometric applications will help push the technology ahead of its competitors. "Ten years ago we would not have been able to afford this application," says Piggly Wiggly Carolina's Postell. "It is still a pretty expensive technology compared to other point-of-sale equipment, but we feel it is well worth the investment."
For biometric proponents, such endorsements are music to their ears.