ICT SECURITY


                          Opt-in biometrics is not


                        surveillance – here’s why







                hen the Independent Communications Authority of South Africa (ICASA)
                recently proposed linking biometric data to SIM cards, privacy concerns quickly
        Wcropped up. Would this mean constant surveillance or an increased potential
        for identity theft?
           A resounding no, and no, says Gur Geva, Co-Founder and CEO of iiDENTIFii, the leader
        in remote biometric digital facial authentication and automated onboarding technology.
        “Because biometric technology only started making its way into the mainstream relatively
        recently, consumers are still unsure of what the technology entails and how it may be used.
        This, naturally, leads to some misconceptions and fears. The reality is that opt-in biometrics
        are the most secure way to identify someone – and keep their information and identity safe
        from misuse – and these differ a great deal from biometrics used for surveillance.”

        Increased privacy and security
        “When biometrics are mentioned, many people imagine dystopian scenarios – surveillance   Gur Geva
        cameras on streets, capturing faces to keep track of civilians. But ICASA’s proposal, and
        the type of biometrics currently becoming more mainstream, is called remote biometric   and a fingerprint, for example, and even
        onboarding. It’s opt-in verification and account authentication as opposed to surveillance.   social media could become more secure.
        Remote biometric onboarding links a person’s biometric data, whether their face or   “Currently, only celebrity social media
        fingerprint, to their account so that they, and only they, can access the account safely and   accounts get verified, and even then, not
        securely,” explains Geva.                                                 biometrically. But everyone should have
           Biometrics come in many different forms. While there is a place for biometric   the ability to show that their account is
        surveillance, such as security at airports or building entrances, opt-in biometric onboarding   truly theirs. The number of bot accounts
        with liveness detection protects institutions and their clients from fraud. “Fraudsters   is material – as the due diligence on Elon
        have made face matching on its own almost obsolete by employing spoofs that exhibit   Musk’s Twitter deal proved.  These fake
        human traits, such as photos or puppets. Furthermore, even authentication processes   accounts can be used to push the same
        with gesture/motion requirements to overcome this problem can still be spoofed. Leading   message, thousands at a time, regardless
        biometrics AI uses liveness detection to determine that it is interfacing with a genuine,   of accuracy of message. That could be
        physically present human being,” says Geva.                               prevented,” says Geva.
           This makes it far safer than passwords or PIN numbers, which can be hacked or stolen   And the world is ready for biometrics.
        by fraudsters. With stolen passwords, fraudsters can potentially access thousands of   A Visa study shows that 86 percent
        accounts in a matter of seconds. Where biometric liveness detection is required, it becomes   of consumers are interested in using
        exponentially harder for thieves to impersonate or hack accounts.         biometrics to verify identity or to make
           And, from a privacy perspective, it’s not that different from current identification   payments, while 70 percent of consumers
        methods. “When someone has a copy of your ID, they already have your biometric data –   believe that biometrics are easier.
        an image of your face. How biometric data is managed by mobile operators would still be   Geva believes the possibilities will
        subject to strict privacy laws laid out in the Protection of Personal Information (POPI) Act   scale significantly. “Technology is not static
        and the General Data Protection Regulation (GDPR) guidelines,” he adds.   and evolves all the time. Some laptops,
                                                                                  for example, can detect your liveness
        Safety meets convenience                                                  through infrared and switch on when you
        Because biometrics and liveness detection can truly prove that you are really you when   sit in front of them. Tying that to biometric
        logging into an account, it opens a world of convenience and security for consumers. Says   facial mapping could log you in to your
        Geva: “The average person has around 80 passwords. Passwords they forget, passwords   devices in future in a far more secure
        that are compromised, and passwords that don’t transfer between devices. Biometrics,   manner. Facial biometrics with liveness
        on the other hand, provide a seamless experience where onboarding no longer requires   detection will likely be the dominant
        account details, an ID book, fingerprints, and more. Now, you can add your ID number, hold   biometric authentication method,
        your phone up to your face for liveness detection, and link your SIM. And yet, it’s safer,   simply because it’s more accurate than
        because no-one except you will be able to perform a SIM swap or take out an additional line   voice, easier than fingerprint, requires
        without this direct biometric link.”                                      no contact, and can be compared to an
           This safety and convenience mean the identification method will become much more   identity document face image. It’s the
        mainstream, and soon. Two-factor authentication could be replaced by proof of liveness   ultimate in convenience and security.”  n


                                                 EngineerIT | September 2022 | 17