cfo.com

Print this article | Return to Article | Return to CFO.com

A Touchy Subject

Fingerprint technology and other forms of biometrics have improved, but problems remain.
Norm Alster, CFO IT
March 15, 2005

With issues of security, identity, and privacy preoccupying government officials, corporate executives, employees, and consumers, it's hard to imagine a technology more in tune with its times than biometrics. Because it can confirm an individual's identity through such unique biological features as voice, eyes, fingerprints, and even the shape of a hand, biometrics has been held up as an almost ideal way to prevent a variety of security abuses. But despite high interest, corporate uptake of the technology is only now beginning to gain momentum.

After a period in which government agencies and transportation authorities showed the keenest interest, "we're seeing biometric technology move into business and consumer markets," says ABI Research analyst Erik Michielsen. Today, less than 15 percent of the $1 billion spent on biometrics comes from the private sector. But by 2008, Michielsen predicts, corporate customers will account for more than 25 percent of a nearly $7 billion biometrics marketplace.

"We do envision corporate acceptance of biometrics," says Prianka Chopra, biometrics program manager at market researcher Frost & Sullivan, adding that perceptions of biometrics are shifting from its potential threat (consumers, for example, have shied away from having fingerprints or other physical characteristics stored in a database) to its usefulness as a guarantor of privacy and accurate identification.

To date, biometric technology has come in many varieties from hundreds of mostly small companies, and vendor promises have often exceeded capabilities. But as the initial hype abates and some product categories enter a second generation, corporate buyers are beginning to regard biometrics as anything but science fiction.

Devices that measure hand geometry have emerged as popular choices for controlling access to such high-value facilities as research and development labs and data centers. Some companies, including McDonald's and Owens-Illinois, also use the geometry readers as high-tech time clocks. Fingerprint recognition is a fertile area, with readers now showing up in new laptops, cell phones, and other mobile devices. IBM, for example, has built a fingerprint reader into its T42 ThinkPad and is likely to incorporate the biometric tool into other laptops. And systems that identify callers by voice have begun to draw some interest from financial-services firms.

MCI, which recently emerged from Chapter 11, uses hand geometry readers from Recognition Systems to control access to data centers where it hosts customer applications. Employees entering a facility are identified by badge and PIN number, and that identification is verified when they put their hand into a reader, which compares the live reading with the one stored in a database. James P. Callahan, director of data-center security at MCI, says that while fingerprinting and facial recognition systems sometimes trigger privacy concerns on the part of employees (who fear that fingerprints may be matched up with those held in law-enforcement computers or that a hacker who obtains facial images might be able to manufacture counterfeit identification, for example), the hand readers have been well accepted and have proved to be very reliable. He estimates the cost of installing a reader, which is wired to a server through an adjacent door, to be $1,200 to $1,500 per door, or about equal to a conventional card reader.

Bill Spence, director of marketing at Recognition Systems, claims that hand-geometry readers have a false acceptance rate of just 1 in 1,000. For workers doing manual labor in harsh environments, they offer a key advantage over fingerprint scanners, which are often thrown off by greasy or dirty fingers, or even by cold temperatures.

But fingerprint readers are catching on, in part because of technological improvements. Some models, for example, use silicon wafers rather than optical scanners to capture only enough information from a fingerprint to create a unique ID for the user. This keeps the cost relatively low and the convenience high: given that employees often possess a dozen or more passwords and frequently pester their company's help-desk team to remind them of what they are, a handy physical identifier can save both parties time and money. They also keep personal information safe, be it an E-mail archive on a laptop or phone contacts and text messages on a cell phone.

Severko Hrywnak, CEO and director of medical education at the Advanced Ambulatory Surgical Center in Chicago, notes that proper patient identification can be a problem because people sometimes "pass their medical insurance cards to others." To be sure it performs surgery on properly insured patients, the center recently invested in an identity-management system from Ultra-Scan Corp. of Buffalo. The Ultra-Scan reader uses ultrasound waves to generate a three-dimensional fingerprint that is more accurate than the two-dimensional optical systems or the silicon readers now going into mobile computing and communications devices. By employing a form of ultrasound technology, the device is not thrown off by grease or dirt, and it can read the prints of children and other subsets of the population whose fingerprints tend to have ridge structures that are too small for optical scanners to accurately assess.


In-Your-Face ROI
The importance of properly identifying patients goes beyond the issue of who has insurance coverage. Although precise figures are hard to come by, hospitals perform a surprising number of surgical procedures on the wrong patients, resulting in lawsuits and even wrongful deaths. For that reason, says Ultra-Scan founder and president John K. Schneider, "the ROI is right in your face. We can set up a complete identity-management structure that approaches 100 percent accuracy for less than $500,000 for a multifacility system."

Financial-services firms are also interested in biometric fingerprinting, both for performing background checks on prospective hires and for verifying customer transactions, particularly credit-card transactions and drive-in bank transactions.

Financial services, so often on the cutting edge in IT adoption, are also turning to voice authentication, which compares a caller's voice with an account owner's unique digitized "voiceprint" stored earlier. Online-trading firm Ameritrade began a pilot project last year using software from ScanSoft to verify customers calling in for quotes or to place or cancel orders. (Although most of its customers trade online, Ameritrade does execute some trades by phone.) Ameritrade plans to expand its use of voice authentication to all telephone customers within the next year, but the company says it's still too early to evaluate just how well voice authentication works.

Voice-recognition systems are appealing in part because they provide a way to authenticate someone across the miles and can spare precious time on the part of customer-service personnel. But the accuracy rate doesn't match those of other biometric technologies. Rob Kassel, senior product manager at ScanSoft, says false positives (approving the wrong caller) and false negatives (rejecting the right caller) combine for a voice-authentication error rate of 5 to 7 percent, which may be too high for many uses.

While corporate customers are more impressed than ever by what biometrics technology can do, as MCI's Callahan notes, "relationships are built on trust." Therefore, any technology aimed at guarding customer data has got to leave little doubt that it's up to the task. Certainly, current systems that rely on passwords are far from foolproof, and employees and customers often ignore policies that would help keep their identities protected.

That creates plenty of opportunity for new and improved versions of current biometric technologies, not to mention entirely new categories being developed in R&D labs around the world. While perhaps not yet mainstream, biometrics has come far enough that companies should, at the least, keep a finger on its pulse.

Norm Alster has worked for Forbes and BusinessWeek and is a contributor to The New York Times.




CFO Publishing Corporation 2009. All rights reserved.