Biometric Basics
While the transportation industry is racing to embrace increased security in the aftermath of Sept. 11, both the retail and hospitality industries have been making measured forays into embracing biometrics technology. Essentially biometrics is the use of various biological data (voice print, signature dynamics, fingerprints, face recognition and iris or retina patterns) to positively identify a person as being who they say they are. What makes biometrics compelling is that unlike cards or codes, each person’s biometric features are unique. According to Jeff Dunn, chief of protective systems for the National Security Agency (NSA), “Only biometrics authentication bases an identification on an intrinsic part of a human being. Tokens, such as smartcards, magnetic-stripe cards, physical keys and so forth, can be lost, stolen, duplicated or left at home. Passwords can be forgotten, shared or observed.” The IDC, a research company, predicts that the use of biometrics will grow at a compound annual growth rate (CAGR) of 50 percent per year until 2005.
What Are the Current
Opportunities?
While we don’t envision real-time CRM/push marketing à la Mr. Cruise anytime soon, the following examples are some uses of biometrics that are viable today.
• Payment Systems - Using a fingerprint or thumbprint to authenticate a card transaction has been found to be an effective way of reducing fraud. Proponents suggest fingerprint-derived ID has the potential to eliminate more than 90 percent of all card-related fraud.
• Workforce Management/Time and Attendance – Use of biometrics for time and attendance functions serves to eliminate “buddy punching,” the unscrupulous practice of employees clocking-in absent or late co-workers. It would also allow for more secure communications through shared systems. Certain software providers such as ADP, Stromberg and Recognition Systems currently provide biometric readers (handprint or fingerprint) with some of their time clocks already in use. Recognition Systems’ technology uses the unique characteristics of a person’s hand, the size and shape, not the imprint, to positively identify an employee.
• Security/Access Control – Physical or logical access is an obvious use for biometrics, as asset protection and employee/customer health and safety are essential concerns for an enterprise. An added benefit is trustworthy audit trails.
What Are the Issues?
The biggest issue involves the intrusiveness of biometrics. Each of the biological data listed above requires some physical intrusiveness. Iris or retina scanning tends to be the most physically intrusive method. Voice patterns and signature dynamics are the least intrusive, but they are not pure biometrics as they have a behavioral component. Fingerprint-based methods are the next least intrusive, but there is a certain amount of criminal stigma attached to the use of fingerprints. All have positives and negatives. The choice of which one to use depends on the level of security required and the budget to purchase the systems. Along with the physical intrusiveness, privacy is an issue. To establish a biometrics authentication program, the users have to be convinced to give up some of their privacy.
While this might be an inconvenience for most people, this is a critical concern of those individuals who might have a criminal record or immigrant workers (legal or illegal) who might come from a more oppressive government background and would prefer not to be identified in this manner. And privacy groups such as CASPIAN and Fight the Fingerprint will also prove to be difficult adversaries as these technologies move forward in the marketplace.
The pricing issue will vary depending upon the method of biometrics to be employed. However, regardless of which form of biometrics is used, two things are certain. First, the price of implementation will drop as adoption increases, and second, extensive risk/reward analyses will need to be done in each organization to justify the use and expenditure. This is not simply a price
“Well...it beats the heck out of me. This biometric iris ID system is state-of-the-art and it was working just fine a minute ago.” decision. As we have discussed, there are several more factors involved in the decision. As with any technological advance, the standards required tend to lag the actual development of the technology. Expect standards organizations to become heavily involved as the use of biometrics increases. And then there is the matter of education. Because there are misunderstandings about the use of biometrics, it is important to educate the public on the use of such systems. For instance, any system implemented for authentication must be established as a “one-way” system; that is, the system can be used to verify identity, not used to “find” a person from the biometrics data. One such system uses extraction algorithms to convert a fingerprint image into a digital vector number, which is then stored. The fingerprint itself is not stored, and it cannot be re-created from the stored digital vector. Instead, the person is authenticated because the associated vector number of that individual recorded in this reading is within acceptable limits of the initial reading.
The combination of all the above makes the area of biometrics a field day for the litigators. As systems are adopted, expect to see increased legislation regarding how these systems can be used.
In the near future we should expect to see the primary use of biometrics in hospitality to regulate internal processes and security. Initial applications will be time and attendance, workforce management and access control. These are environments in which the employer has the ability to mandate the use as part of the employment situation. It is also an area where the expense to add biometrics can be easily justified i increased security and lower worker fraud.
Greg Buzek is president of IHL Consulting Group, a leading consulting/marketing research firm that specializes in technologies that are deployed in retail and hospitality establishments. He can be reached at greg@ihlservices.com.
© Hospitality Upgrade 2003. Reproduction without written permission is prohibited.