By: Peter Trepp April 24, 2019

This blog is syndicated from The New Rules of Privacy: Building Loyalty with Connected Consumers in the Age of Face Recognition and AI. To learn more click here.

Over the next several years, face recognition, along with other biometric identifiers, will completely revolutionize personal identity management, enabling greater consumer security and privacy than ever before.

If you have never considered what a massive problem identity management is, have you ever thought about how many different forms of verification are required to get through daily life? Think about your digital identity alone. If you’re like me, you’ve forgotten several of your 200 passwords along the way.

Current Identity Management Technologies

Here’s a shortlist of what many people use today:

ControlVerification MethodSecurity Risk
Apply for a passportBirth certificate and a photographHigh
Authorize a contractSignatureHigh
Register for a mobile appEmail addressHigh
Register for schoolBirth certificateHigh
Reset a loginText messageHigh
Start your carRemote keyHigh
Use an ATMATM card and four-digit codeHigh
Enter a conferenceBadgeHigh
Enter an officeKey fobHigh
Enter a gymKey fobHigh
Purchase alcoholGovernment IDHigh
Purchase a computerCredit cardHigh
Prove residencyUtility bill, deed or rental agreementMedium
Board a planePassportMedium
Log into softwareUsername/passwordMedium
Open a bank accountSocial security number, Government IDMedium
Prove residencyGovernment ID, deed or rental agreementMedium
Qualify for a loanGovernment ID, social security number, proof of incomeLow

 

As you can see, a dizzying number of identity verification tools are required to function in society. That’s not even considering the many unique private organizations a person may belong to, the dozens or hundreds of unique websites or applications they use, or their business interests. Adding them all up, it’s not unusual for a single person to require dozens of unique verification tools or codes.

What is also striking is just how often people in society exploit obvious security holes that have been the standard for decades. Take home entertainment, for example. According to a Reuters/Ipsos poll, 21% of streaming viewers ages 18-24, and 12% overall, said they had accessed at least one digital video service such as Netflix, HBO Now or Hulu with someone else’s credentials. Survey respondents cited the primary reason for doing so as saving money. Consider the existing revenue impact, especially at a time when what we think of as “television” is in a transition period where cable services compete with cheaper online rivals. Considering Netflix’s 118 million streaming subscribers at the time I’m writing this, and overall revenue of $11.69 billion USD, the revenue impact from password sharing is easily a ten-figure number. That’s just the impact to a single company. In terms of cable TV, 16% of American households admit to credential sharing, according to Parks Associates, which estimate the industry’s losses to rise to $9.9 billion by 2021.

The Risk of Identity Fraud

Identity theft remains one of society’s largest unresolved problems. Public breaches against Equifax and several larger retailers in 2017 caused widespread panic when news of each security failure hit the media. The 143 million records hacked in the Equifax breach amounts to nearly every American family. According to Mike Shultz, CEO of Cybernance, nearly 44% of those breached were directly affected.

A problem that is far less-examined, but perhaps equally widespread, is access control for events. As someone who has attended dozens of industry conferences in my career, at an average cost of roughly $1,000 per entry, I can tell you that badge sharing – the act of lending a badge to a co-worker or acquaintance so that they can enter without paying an additional entry fee – is blatant and widespread. On a related note, no one seems to know exactly how widespread gym membership sharing is, but if online forums are any indication, it’s hardly rare.

A far more serious and quantifiable problem for consumers is credit card fraud and account identity theft. The Federal Trade Commission’s online database of consumer complaints has compiled 13 million complaints from 2012 to 2016, with three million in 2016 alone. Of those, 42% were fraud-related, and 13% were identity theft complaints. And the problem is only getting worse. According to a report from Javelin Strategy & Research, thieves stole $16 billion USD in 2016, a full $1 billion more than in 2015. If you’re thinking that this is largely due to online hacking, you’d be wrong. Granted, poor password hygiene – like using the same password for your bank account that you use for your web mail – is a major vulnerability. But credit card fraud and identity theft existed long before the Internet, and the old methods still work. With little more than a few pieces of personal information – your mother’s maiden name, your social security number and your birthplace – you can easily convince a mobile phone company or even a bank that you are someone else. This is a big unsolved problem.

Sadly, the problem extends to government documents such as passports, which are the key to many personal identity verification processes. Passports are incredibly intricate documents featuring holograms, specialized typeface, disappearing ink, RFID chips and more. A passport is a truly advanced work of art and science.

And yet, forgery remains a massive problem. To stay one step ahead of criminal enterprises, passport designers in many countries work iteratively, updating and improving the process each year. Unfortunately, these efforts have not substantially eliminated the problem. Take Ireland, for example. Back in 2003, 22,600 Irish passports were issued to citizens who reported them lost or stolen. Many of those were believed to have been traded illegally. As a result, reporters at the Irish newspaper The Sunday Independent set out to find fake passports for themselves and were able to buy three in almost as many hours.

Subsequently, Sunday Independent reports quickly found a Nigerian criminal gang offering to change the names and photographs on the passports. Fast-forward to 2017, when the UK government issued a warning about a multi-million-euro passport scam involving thousands of non-EU nationals looking to gain EU citizenship. A firm of lawyers, accountants and advisers had teamed up to create fraudulent Irish pay slips, bank accounts and tax payments to create the illusion of a person living in Ireland – all the necessary ingredients to qualify for a passport. Meanwhile, a 2017 Newsweek report said that ISIS has approximately 11,000 blank passports readily available for terrorists to obtain for purported entry into Europe. As a side note, fake passports were used by the perpetrators of the infamous November 2015 Paris terror attacks.

This chess match between governments and criminals is seemingly without end. What’s clear by now is that the solution – to this and all the aforementioned issues – is not a more sophisticated passport, a better key fob or an app on your phone. The answer, instead, is face recognition.

Better Security with Biometrics

As the possibilities for biometric security became increasingly viable in recent decades, creative minds were already thinking about how to defeat them. In 2005, police in Malaysia reported that car thieves had chopped off a man’s finger in order to start his Mercedes S-class vehicle. Unfortunately, that guy won’t grow another finger. But fortunately for the rest of us, the technology problem has been solved. Numerous companies, including Apple, created a “liveness” mechanism to prevent such crimes from happening. Starting with Apple’s iPhone 5, the company’s Touch ID sensor was created to respond to the electrical current in our bodies. This is also the same technology used in the phone’s touch screen. Such screens work by measuring the change in voltage across electrodes. In other words, such measurements aren’t possible in dead tissue. Unless a thief has the medical skills of Dr. Frankenstein, cutting off your finger won’t do them much good.

The same transformation is happening with facial recognition, including iris recognition. Long ago, Hollywood understood that the idea of facial spoofing might create excellent drama. Realistic face masks have long been a staple of the Mission Impossible franchise, while in Face/Off, John Travolta had someone else’s face surgically replicated. In Minority Report, Tom Cruise’s character famously had his eyes surgically removed and replaced by a black-market doctor in order to go unrecognized by an iris scan.

Meanwhile, in the real world, increased accuracy using hundreds of thousands of points of measurement has made facial recognition extremely reliable. But what if someone simply uses a photograph of your face? Similar to prior innovations for fingerprints and touch screens, forms of liveness detection are already in use. For example, the iPhone X asks users to move their head in a circle. While this helps create a 3-D image, it’s also an indicator – although an imperfect one – that the subject is actually alive. My company, FaceFirst, has developed a unique and reliable method for detecting liveness in a person’s face. As soon as it is available for commercial use, we’ll talk about the details behind it.

While more breakthroughs in liveness detection are on the horizon, future security protocols may simply require more than one biometric indicator. In place of fingerprints, voice recognition, gait recognition or other passive indicators will no doubt be harnessed.

It’s also easy to imagine how face recognition could replace your government ID, the key fob to your office, your ATM card and even your car key. The most visible evidence of this trend is how successfully face recognition has replaced a standard passcode on some mobile phones and computers. Airlines have also begun implementing face recognition to expedite boarding, and also help with baggage identity. Auto manufacturers, hospitals, and corporations aren’t far behind.

Why is this better, you ask? Think about how easy it is to steal a key fob, a car key, a plane ticket or a social security number. It doesn’t take a great deal of skill, planning or training to pull it off. Consider how a driver’s license or credit card can be replicated. Then consider how much damage can be done with that data. By contrast, biometric identifiers such as facial templates, fingerprints, iris scans and voice recognition are incredibly difficult to replicate, and biometric template keys are extremely hard to spoof. Almost anything that prevents identity theft is ultimately a victory for personal privacy.

Biometrics also provide far more convenience than existing methods. Imagine eliminating your passwords, house keys, key fobs, ATM cards and even mobile apps. The result would be a radical simplification of almost every aspect of modern life. In terms of both mental and physical efficiency, it’s fair to say that human beings would have fewer identity tools to worry about than at any time since before the industrial age.

4 Benefits of Biometric Identity Management

Using biometrics, we can all look forward to these and other benefits:

  1. Simplified Personal Security – a gradual end to passwords and the related mental and physical clutter that has made modern life so complicated.
  2. More Convenience – go ahead, forget your keys! You won’t need them.
  3. Reduced Fraud – nothing is foolproof, but biometric security will raise the difficulty level for fraudsters immeasurably.
  4. Greater Personal Privacy – what is more secure is also more private, and using biometric security, consumers will be able to better safeguard their data, their homes and their possessions.

There is no question in my mind that these changes are coming. Some conditions that must be present prior to widespread adoption include the following:

  • Is the personal benefit greater than risk?
  • Is it being used by millions?
  • Are breaches of data being handled properly?
  • Is the organization known and trustworthy?

Today I spent an hour sitting on a runway waiting for my plane to take off. After the guy next to me asked what I did for a living, he confessed that there was no way he would give his face or fingerprint to a technology company. His biggest fear? Misuse of personal data. Of course, no one wants their personal data misused. Are his concerns justified? Are they rational? Are they based on news stories or blogs that seem too often to represent a hyperbolic view of the scenarios that could result in the misuse of one’s personal data? There are no easy answers. Only by convincing customers that the value of the technology exceeds the risk, and that their data is reasonably secure, can widespread adoption occur.