Page 55 - ITU-T Focus Group Digital Financial Services – Technology, innovation and competition
P. 55
ITU-T Focus Group Digital Financial Services
Technology, Innovation and Competition
authenticate the registered person at a later date. Unfortunately, it is likely to be the case that the poor
quality of registrations is not apparent to the relying parties, and are used in live service.
• Purpose: Different biometrics might be used for different purposes. For example, a facial biometric might
be used for de-duplication at the time of registration, whilst a fingerprint might be used for subsequent
authentication.
• Biometric selection: It is important to choose an appropriate biometric. For example:
• Fingerprints are used very successfully with young office workers, but will not work reliably with
older manual workers, or those living in an arid environment.
• Finger vein appears to be reliable and easy to use with all sectors of the population, but the equipment
is expensive, and some versions of the equipment require the customer to place their finger into a
small tube – which many people are reluctant to do.
• Palm vein has gained traction in some markets for use at ATMs, and appears to achieve customer
acceptance. However, the equipment is expensive and relatively bulky, so integration into an ATM
may be the only practical use case.
• Face and iris biometrics can be reliable with a camera of sufficient quality, but environmental
conditions – poor lighting, lack of contrast, inappropriate backgrounds – can make their use less
reliable. However, the increasing quality of smart phone cameras make these biometrics increasingly
attractive.
• Liveness checks: These are essential – for example, checking for a heartbeat, or body temperature, or
a blink.
• Risk: There is an obvious and substantial risk that, if an individual’s biometrics are compromised, they
can be used by an attacker to impersonate that individual. Because of the nature of the biometric, there
is no prospect of revocation of that biometric credential.
• Centralised or distributed: Related to the risk issue is the decision on where to store the biometric data,
a decision which is based on the particular use case and the associated risk and privacy rules.
When stored centrally, biometric data can present privacy and security implications. Whereas alternative
forms of authentication, such as password credentials, can be changed in the event that data has been
compromised, biometric profiles are consistent, at the very least, within the domain that they were
initially captured. Once an individual’s biometric information is compromised, its usefulness within future
services may be limited.
When stored locally on personal devices, the consequences of breach are less severe and transactions
can be processed locally. However, use cases for the information may be restricted to authentication
only.
• Disease: There are concerns that the contact nature of many readers (fingerprints, finger/palm vein
in particular) can cause disease transmission – for example in the recent Ebola epidemic there was
understandable resistance to the use of fingerprint readers for cash transfer (DFS) services. Of course,
the same applies in principle to PIN entry systems, but in that case gloves can be worn.
• Security: It is important that the registered biometric is stored in a secure manner, since compromise
renders it useless due to the potential to replay it for service access. One solution is to store it on a
suitably-secured device in the possession of the registrant, such as a smart (digital identity) card or a
secure enclave on a mobile phone (for example, the subscriber identity module (SIM)). Alternatively, it can
be stored centrally in a highly secure server facility for later online authentication. However, since there
is of course no such thing as perfect security, the latter approach raises the possibility of a population-
wide compromise of biometrics, rather than the compromise of a single individual’s biometrics if the
distributed approach is used.
41
