The implications of integrating facial authentication to protect customer data

It was only in June last year when global ticketing group Ticketmaster revealed a significant data breach which left their customers vulnerable to fraud or identity theft. Customers who had previously bought tickets prior could have been affected by the malware which infiltrated the company’s database and stole almost 40,000 customers names, emails, home addresses, phone numbers and payment details. Many angry and frightened customers witnessed fraudulent transactions debited from accounts and criminals spending their money on Uber, Xendpay and Netflix.

 

So, how could incidents like these be mitigated or avoided?

 

While organizations across public and private sectors have been adopting many of the latest digital technologies to improve not only user experiences but also their bottom line, these additional access options and features come with much more exposure to ID fraud and theft. But most organizations, large and small, have only just started to consider new strategies for more effective security measures.

 

However, there is good news. Many new developments have been made in the digital security industry that can aid companies in fortifying their technology against cybercrimes. One, gaining particular favor across all types of organizations, is face biometrics.

 

Can face biometrics guard against digital identity crimes?

 

It has been estimated that by 2020 over 50 per cent of the world’s population will use their smart devices as their main form of identification and for access to private documents and personal data. Security measures such as multi-factor authentication and fingerprint scanners reflect this, as smart mobile devices are becoming the primary forms of personal data access and communication.

 

Similar to the widespread use of fingerprint scanners, facial recognition technology has been quickly adopted across many industries, even with the negative privacy concerns associated with it. Facial recognition, a sub-category of face biometrics, focuses on matching a stored face image against what a smart device camera sees when someone accesses an account.

 

Without a need for a passcode, this method has been praised by consumers for its convenience and has become the go-to option to access their device quickly. However, all variants of facial recognition software have been fooled by photos, videos, masks, and even cardboard cutouts, leaving significant security questions in its wake.

 

While providing a higher degree of security for device access and low-level transactions than options like fingerprint and passwords, does facial recognition address higher-level security concerns when needed for meaningful transactions or access to sensitive information, or will it be simply relegated to be a convenience feature?

 

Face Authentication: the answer to security woes?

 

Given the inherent security issues with facial recognition, within the face biometric category there is another option when robust security is a necessity. Face authentication is a very strong digital security access method that ensures that only legitimate users will be able to access their sensitive data. A key difference with face authentication is its sophisticated ability to detect and verify unique human liveness traits during the login process. Robust liveness detection is not simply responding to a request for the user to nod or smile, actions that are easily faked, particularly with three-dimensional objects. It is the detection of dozens of concurrent unique human traits – including textures, reflections and micromovements – which collectively add up to the determination that there is a live human at the controls, making spoofing, or faking a legitimate user, virtually impossible.

 

Unlike hardware-based applications like Apple’s FaceID, where the application only compares and matches images, and uses three-dimensional depth analysis to avoid spoofs with photos or video, robust liveness detection can verify a real, live person.

 

Face authentication technology driven by AI clearly has many benefits that go beyond just user convenience. In addition to its intuitive, easily accessible nature, true authentication (which includes image verification, 3D depth analysis and liveness detection) can exponentially reduce fraud and cyber-attacks in a broad range of industries because of the extreme certainty in verifying the legitimate user. Further, the biometric data generated during the authentication process is not subject to dishonest use by the bad guys because images are converted in a “FaceMap” to binary files (only computer-readable) that use very strong 256-bit encryption (as used for SSL certificates), and have no relevance outside of the process itself: To do anything nefarious with a user’s FaceMap data, they would need full control over the entire system and process.

 

It's clear that many businesses have leveraged the latest convenience and feature technologies to compete with increasingly stiff competition at the cost of having put cybersecurity on the backburner. Now, with many companies named and shamed regularly in the media, to prepare for even more aggressive and sophisticated attacks companies need to put much more robust security at the top of their agendas. Attacks are no longer “if”, but “when”.

 

Facial authentication, with its selfie-level ease of use and advanced, robust security, has the potential to be the most secure method against ID-related theft and fraud and should not be confused with its convenience-oriented cousin, facial recognition. A truly spoof-proof defense with true liveness detection is an absolute requirement to prevent many forms of cyber attacks in this rapidly approaching age of the ubiquitous digital ID.