The technology creates a “one-time biometric” by projecting a cryptographic sequence of colours from the device screen onto the user’s face.

May issue roundtable: Biometrics – The next generation of access control

PCR talk to Rob Watts, Corsight CEO about its facial recognition technology (FTR) and Claire Hatcher, Global Head of Business Development for Fraud Prevention at Kaspersky about its views on biometric technology

Please could you tell me a bit more about the company and its core specialisms in regards to biometrics?
Rob Watts, Corsight CEO: Corsight specialises in Facial Recognition technology powered by Autonomous AI – an advanced artificial intelligence (AI) system. Corsight’s solutions significantly reduce the possibility of false positives with accurate detection that far exceeds the human brain’s ability to register and recognise faces. The company also specialises in real-time detection and can accurately identify individuals with up to 50% of their face covered, from challenging and oblique angles, or in low-light environments.

The organisation, jointly headquartered in the US and UK and with R&D facilities in Israel, provides law enforcement, transportation, government agencies, airports, retail outlets, banks, and more with forensic video analysis that can identify and flag individuals of interest within minutes.

Claire Hatcher, Global Head of Business Development for Fraud Prevention at Kaspersky: We believe biometrics will become an increasing part of authentication options, with much more sophisticated technologies and approaches to secure its development in the future, and our aim is to raise awareness on the topic and show that data requires strong security regulations. We believe people should have the ability to use technologies free from worries, unnecessary limitations and other obstacles brought by cybersecurity risks. As part of our Fraud Prevention solutions, we use behavioral biometrics to help analyse unique customer’s interaction with their device, for instance, mouse movements, clicks, touches, swipe speed and more, to detect whether a device is being used by a legitimate user or not. This technology is also often used to detect either a bot or script.

What is the safest form of biometric tech to use?
Rob Watts, Corsight: Many British citizens already place implicit trust in FRT to unlock and pay with their personal devices; by 2024, Mercator forecasts that 66% of smartphone owners will use biometrics for some form of authentication. Yet, when used by a third-party – either in the public or private sector – concerns about the safety and privacy of Facial Recognition are regularly voiced and listened to.

However, this debate also needs to hear about the great work that is currently being done in the field, to improve algorithms, significantly reduce false acceptance rates (FAR) and deploy Facial Recognition solutions within a framework of regulation and best practice. As promising research continues to influence the industry, and technological improvements are being made with the advances of AI and machine learning, FRT can now operate with the highest safety and reliability standards.

Please could you explain a bit more about the functionality of biometrics devices and how they are being used in specific applications?
Rob Watts, Corsight: There have been significant improvements in FRT in recent years, and therefore there are a number of real-world scenarios in which these solutions are being used as a ‘force for good’ within society.

We are seeing a growing number of airports, worldwide implement Facial Recognition solutions to streamline the overall customer experience, as FRT is the best way to confirm identities without having to pass various security checks. FRT solutions paired with security surveillance technology are also helping enhance overall airport security, whilst identifying dangerous individuals from watchlists.

For law enforcement specifically, FRT is helping departments speed up the analyses of real-time or historic CCTV footage – ultimately saving police time and resource. According to Cloudview research, there are approximately 8.2 million surveillance cameras in the UK, producing 10.3 petabytes of visual data every hour. However, much of this data is ‘wasted’ or goes un-analysed. By integrating FRT solutions with security surveillance technology, law enforcement can gain increased insight into hours of footage within seconds. Therefore, investigations can be speed up and, for some cases, it could be the difference between life and death.

What industry trends or demands does this technology respond to?
Rob Watts, Corsight: Continuing with examples of use cases within law enforcement, a big demand as we re-enter ‘normality’ is for police to have the ability to identify criminals or threatening individuals within large crowds. While officers may engage in surveillance initiatives, busy locations may hinder their success. Facial Recognition could overcome these issues and identify an individual on a watchlist instantly, regardless of how many other people surround them. If reports come to fruition that an upcoming ‘summer of crime’ will overstretch police capabilities, this technology may be more important than ever before.

There are also demands for increased privacy protection; Facial Recognition systems are sometimes installed and utilised without consent, but instead due to public interest. In order to encourage more trust in this technology, the technology itself needs integrated privacy-solutions that act to protect and secure biometric data. Corsight’s FRT solutions in particular have the ability to blur the faces of any individual passing a camera who is not part of a watchlist. Data is stored for 0.6 seconds before being wiped from the system permanently, therefore protecting the biometric data passers-by that pose no threat.

Claire Hatcher, Kaspersky: Today, biometric authentication is used to access government and commercial offices, industrial automation systems, corporate and personal laptops and mobile phones. Both the number and the variety of applications for these technologies continues to grow. Whether customers are unlocking a shared vehicle using a fingerprint scanner or accessing their Spotify or Netflix account via facial recognition, biometrics will enable developers to create detailed, digital customer profiles and potentially a truly seamless user experience. The popularity of solutions such as Apple’s TouchID can certainly be considered as proof that biometrics are well trusted by consumers.

Use of fingerprint or face recognition for device authentication is now commonplace on smartphones and tablets. However, it’s not just the biometrics that you see on your device, but it can also be embedded within devices. This is often used by banks or financial institutions for fraud prevention and authentication purposes.

How is the industry benefiting from this technology?
Rob Watts, Corsight: Part of the fear surrounding FRT is the misunderstanding of who is being watched and why. Former Surveillance Camera Commissioner and current Corsight Chief Privacy Officer, Tony Porter, has already done great work interrogating how watchlists are compiled and audited. As he argues, they should never be impermissibly wide, and must always be strictly compiled based on significant public interest, e.g. tracking a dangerous criminal.

Tony has recently created an FRT Charter of Ethics, pulling together all the leading thinking from the biometrics space.

Claire Hatcher, Kaspersky: Biometric identification is playing a growing role in our everyday security. Physical characteristics are relatively fixed and individualised – even in the case of twins. Each person’s unique biometric identity can be used to replace or at least augment password systems for computers, phones, and restricted access rooms and buildings. Given the importance of authentication in online transactions, and the key role played by passwords in authentication, this is data that cybercriminals have been consistently interested in since the advent of online transactions. The use of behavioural biometrics for authentication can make a real difference – making the task of authenticating almost frictionless. The use of behavioural biometrics also helps the industry view the user’s activity during the login and session, analysing the typical navigation and time patterns, how the user acts in the personal account, what he clicks and more.

What are the key issues with implementing this technology?
Rob Watts, Corsight: Data protection is more important than ever before – take the recent backlash over WhatsApp’s privacy changes for example. FRT can analyse and store very personal, biometric data, which when implemented incorrectly can threaten an individual’s privacy and security. A particularly contentious issue, when implementing this technology, has been the risk of mistaken identities, and what happens if an algorithm mis-identifies an innocent individual. However, each issue can be overcome and it is essential that FRT is paired with a trained human intervener that can mitigate the risk of bias or incorrect identifications.

In coming years, we will also hopefully see further regulation of biometric technology, as well as a single, regulatory body to provide an educational framework for those leveraging FRT. For now, vendors and channel partners themselves must be proactive in establishing and following their own ethical principles, and working with end-users to make sure they utilise the technology in a safe and privacy-focused manner.

Claire Hatcher, Kaspersky: New technologies are always vulnerable – because they are new. Biometric data stored by a service provider is just as valuable a target for cybercriminals as a database containing usernames and passwords. Any security breach resulting in leakage of this information is likely to have much more serious consequences than the theft of a password: after all, we can change a weak password or pin, but we can’t change a compromised fingerprint, or other biometric. There are also privacy implications of replacing an ID to verify someone’s age with biometrics. Biometric data, unlike a username or password, is persistent: we carry it with us for life. Before this technology is rolled out in full force, it’s important that people are informed about the way personal data is used and held, and under what circumstances it might be passed on to other agencies – and this is no less true of biometric data. Biometrics of all kinds are an effective way of identifying a customer, but this technology should be used as a secondary protection method that complements other security measures rather than replace them completely.

Can you mention any key industry partnerships that you are currently involved in in regards to biometrics?
Rob Watts, Corsight: Recently, Corsight announced a partnership with Netpoleon, a Value-Added Distributor of Network Security products headquartered in Singapore, in order to make facial recognition technology more accessible across Asia.

Corsight also partners with a number of law enforcement, defence and security organisations around the world. The Corsight team is working closely with various police forces in the UK to support the implementation of FRT solutions, and ensure that if and when they leverage this technology, they do so not just lawfully, but with ethics and privacy at the very centre of each application.

Claire Hatcher, Kaspersky: We’ve previously teamed up with a 3D accessory designer from Stockholm and created a piece of jewellery at the intersection of technology and art – a unique ring that serves as an extension of a person’s digital identity, designed to keep everyone’s unique biometric data safe. While the ring is just one of the possible ways to tackle the current cybersecurity problems related to biometrics, it is certainly not a silver bullet. A real solution will involve creating measures and technologies that would guarantee the protection of people’s unique identities. Such a solution is yet to be developed, but it is extremely important that we start the conversation within the relevant industries to develop a collaborative approach to ensure this data is protected.

How advanced is this technology and do you see it being increasingly used in the future?
Rob Watts, Corsight: Corsight’s technology is revolutionising the FRT market, with its ability to recognise and identify individuals accurately with face masks on, even from the most oblique angles.

In the future, biometric solutions will be integral in realising the roadmap to normality post-COVID and is expected to be increasingly leveraged over the summer period. Facial Recognition is best positioned to enhance virtual passport efforts, expedite wait times at airport terminals and streamline payments to avoid queues and the transmission of the virus. FRT in particular is set to support a number of large-scale festivals and events re-opening this summer, whereby each attendee’s face will act as their ‘ticket for entry’ and their method of ‘payment’ for food and drinks.

Claire Hatcher, Kaspersky: Biometric technology has the possibility to be used in a variety of sectors and provides endless opportunities for innovation. Use of biometrics on mobile devices is becoming increasingly common, as most recent smartphone models have at least one built-in mechanism for biometric authentication. Biometrics has become so embedded in our devices and the way we live, it’s almost invisible to the end consumer. However, it’s important that security vulnerabilities are eliminated before we entrust sensitive data to it.

As these concerns are addressed, we can expect to see adoption of biometric technology increase significantly, similar to the adoption patterns of other technology such as smartphones and online banking. For example, people were initially wary of online banking, but now it’s hard to find anyone who doesn’t bank online. There will always be early adopters of new technologies, but in time biometric technology will become mainstream across all industries. The possibilities are endless.

Has COVID-19 had any impact on the need for this tech such as temperature readers?
Rob Watts, Corsight: There has certainly been an increased demand for temperature-monitoring technology across the last 12 months. However, to ensure environments remain as safe as possible in the new normal, businesses must integrate a variety of other key biometric technology solutions – from surveillance cameras equipped with FRT to identify individuals entering facilities with or without masks, to contactless entry to reduce crowds in office spaces.

COVID-19 has also led to many more industries becoming interested in FRT solutions, as businesses hoping to re-open their sites in a safe, hygienic manner are searching for new ways to do so without risking the health of their employees or clients. While fingerprint biometric readers are still prevalent for authentication purposes, FRT offers a more contactless – and therefore perhaps safer – identification solution.

How is this technology being used in the financial industry such as payment authentication and identity verification?
Rob Watts, Corsight: The financial services industry is highly regulated, and for organisations to comply with PSD2’s new Strong Customer Authentication (SCA) directive, they need to ensure that electronic payments are transacted using multi-factor authentication, one of which biometrics, to enhance security and reduce the risk of fraud. For mobile banking apps – which increased in usage by 26% from 2019 to 2020 – Facial Recognition has now become a typical solution for safely logging in, accessing accounts and streamlining payments.

Claire Hatcher, Kaspersky: There are three main instances where people encounter biometric authentication in the financial industry. Firstly, where banks have palm scans on ATMs, as well as voice authentication on phone-based service desks. Secondly, where individual electronic devices use touch and face recognition as login security credentials. Thirdly, where behavioural biometrics are embedded within the device itself for security reasons. The financial industry uses behavioural biometrics to help distinguish between legitimate users and cybercriminals, identifying people by how they behave and interact online rather than by static information or physical characteristics.

Read the latest edition of PCR’s monthly magazine below:

Like this content? Sign up for the free PCR Daily Digest email service to get the latest tech news straight to your inbox. You can also follow PCR on Twitter and Facebook.

 

 

Check Also

PCR September Life in the Chnnel: BT Wholesale’s Gavin Jones

BT Wholesale is Europe’s largest wholesale telecoms provider, with a range of services including voice, …