The concept of fingerprint verification is well known through its use by the law enforcement community. As a few users of commercial fingerprint biometrics might feel concerned, it is important that they are educated as to the benefits of their use, and reassured about the secure storage and operation of such systems.
A small part of the security picture
The important factor in any biometric roll-out is to identify what level of security is required by different people and for different applications. You may decide that not everyone needs to use biometrics, or that they only need to be used for certain applications – which means organisations must thoroughly analyse their systems to identify the key processes and functions that must be secured.
However, biometric authentication needs to be positioned in the framework of the wider security picture. Passwords, security tokens, evidence of presence at a specific location (such as an IP network address) – and biometrics – all contribute in different ways to our certainty of the employee’s identity. Managing these various aspects of identity in the evolving digital networked economy will need high-volume, low-cost authentication
One company that has embraced biometric technologies as part of its IT security is Banque De Luxemborg. Six hundred employees have been issued with biometric smart cards with fingerprint readers to replace as many as ten different passwords for each individual. This enables the employee to access the corporate network more easily, and has reduced pressure on the IT department. In addition, these same biometric smart cards can be used to pay in the bank’s restaurant, access certain buildings and car parks, and even use the lifts.
Turning theory into reality
Having decided to implement biometric technology, managers must look closely at how people will interact with it, how it is perceived, whether there are any legal issues and whether it is trusted and convenient? This last point is worth emphasising; a good biometric solution is one that becomes part of a daily routine and one that fits the existing business processes. Of course, in order to ensure the smooth introduction and running of these solutions, the operator will have tested them beforehand using groups of users from a similar community.
When the organisation looks at the actual biometric technology, there are three aspects that merit particular attention – the algorithms used in matching a user to an identity, questions of biometric security, and standards.