Monday, 31 January 2011

A Lesson Or Two On Fingerprint Biometrics

In recent years we have seen national news stories about biometrics being introduced in schools, but why are people, particularly parents, protesting against schools introducing biometrics to do everything from check out library books to checking attendance rolls.

Some of the arguments suggest that the parents are unaware of the fingerprint readers being installed in the schools and haven’t been asked to give consent for their child/children to hand over their identity, leaving their fingerprints and biometric information in the hands of the school.

In a paper published by the Department for Children, Schools and Families (DCSF) and in consultation with the Information Commissioners Office (ICO) schools are guided, under the Data Protection Act 1998, that parents should be contacted asking permission to store their children’s fingerprint. The Data Protection Act of 1998 doesn’t state an exact age of where there should be parental permission. But the pupil or parent has to be provided with a Fair Processing Notice which contains information such as: the name of the school, the purpose for which the data is going to be held and any information required to make the processing fair, including details on any third parties to whom the data may be passed. The British Educational Communications and Technology Agency (BECTA) also stresses that any school using biometric technology must destroy any records of the pupils biometric information after they have completed their education at the school.  But does all this actually happen in practice?

Fingerprint reading biometric technology is being applied by schools across the UK and around the world in many ways; the most popular in the UK has been for ‘cashless catering’. This is a system where parents pay in advance for student’s school lunches, crediting student accounts with a daily lunch allowance. Students then use this credit to pay for their lunches by registering their fingerprint at the till. The systems are said to allow quicker service in school lunch halls, provide money security and also give anonymity to those who have free school meals. The latter may contribute to a reduction in bullying as children from poorer families are less obvious. Surely this a safer, more efficient environment for our children during school hours?

Another way that fingerprint biometric technology is being used in schools is for automated attendance systems. Students are asked to scan their fingerprint on arrival into school and when they depart for the day, and in cases as they go from class to class. This is for security as well as to try and reduce truancy.  Some schools have gone the extra mile and have replaced the registration system at the beginning of each class. With fingerprint registration there is no possibility that someone else is registering for them, and that’s possible when using smart cards. The school also has very accurate and easily managed data to measure pupil absence and truancy.

Fingerprint biometrics are mainly being used in schools as they as the least intrusive form of taking biometric information. Not only do they provide extra security for our children, reduce bullying and theft in schools and also provide accurate information on your child’s attendance and time management, but they also reduce costs for schools. Although the systems can be expensive they do not need any additional items such as smart cards which are often lost and cost to replace.

With all this in mind can fingerprint biometrics teach us all a lesson or two about their effective use by schools, colleges and universities?

Wednesday, 19 January 2011

Auto biotica – is there any sense in biometrics for cars?

Several popular car blogs suggest that Ferrari is working towards bringing out a car that is more or less controlled by human biometrics. The car will be fitted with a range of sensors to monitor the driver’s respiration, perspiration, blink rate, blood pressure and cranial activity, as well as many others. It will free up more relaxed and capable drivers to drive without the car’s stability and traction control systems intervening.
Other car manufacturers have been adopting biometric technology into their security systems for the past few years but have any of them been proven secure enough? There’s the horrible story about the Malaysian business man who had his finger chopped off with a machete so four men could steal his Mercedes fitted with a biometric fingerprint reader without having to bring him along to start it. These stories make consumers naturally apprehensive about biometrics and take their minds of the real issues which are about the quality, reliability and pricing of biometric technologies.
Global Bio Tec, with support from industry professionals and academics, has set up the Global Biometric Centre of Excellence, with the purpose of establishing recognised international standards for biometric technology and boosting the flow of information on the practical application of biometric solutions. As you know a lot of awareness and insights into biometrics comes from the media including newspapers and the movies!
The Lexus 2054 concept car was designed for the 2002 movie Minority Report. It hasn’t made it to the road but it has highlighted the use of fuel cells and biometric security systems. Although the Lexus 2054 is not available to buy there are cars coming into showrooms with a range of biometric control and security systems. It tends to be the higher end models which have them fitted.
Do you think that biometrics in cars is a good way to establish that the human/technology interaction is effective, non-invasive and adds value to control, safety and security?

Tuesday, 11 January 2011

Online security pointing at fingerprints

In just one year almost ten million American adults were victims of identity fraud/theft. Over 12 months this activity cost the US $52.6 billion. With hackers and fraudsters becoming more aggressive and sophisticated isn’t it about time that banks and financial institutions consider how biometrics really can help in the war against identity theft fraud?
When signing into online banking you are asked for a series of unique codes created by you or the bank. Each organisation has different ways in which they will ask for this information – whether it be the whole code or just several random digits from it. A customer is usually asked for their date of birth or a memorable word they have chosen. Once this information is given the customer has full access to their account details, balance and many other things as well as the option to transfer funds. Although the information may be unique to the person it is not hard for other people to find these questions out and simply have full access to your account details. Banks know that their customers’ account login information can be vulnerable and they seek to improve security, but can they do more now?
UK and international banks have added additional security measures for their online banking customers. For example HSBC gives all of their customers the choice of downloading Rapport, their personal anti-virus software which authenticates websites and their security certificates and warns you if they are unsafe before you submit your password. Barclays, NatWest and Lloyds have given all internet banking customers ‘card readers’ meaning that the card being used to transfer money has to be entered into this and the customer has to enter their pin number before any money can be transferred. Many customers see these as an inconvenience but agree to use them because they believe they are using their personal details more securely.
With all these security measures in place why are there still high levels of identity theft and fraudulent activities happening? It’s simple because pin numbers, card readers, secret answers and unique codes can all be stolen.  Thieves will continue to find ways around even the strongest of security measures except the only thing that can’t be stolen, you. By finding the genuine article of authentication there will be no need for pins, codes and questions – only your fingerprint.
Which of these seems the likeliest to protect your information securely?
·         Something you may know – a pin code, a sequence of numbers and letters, a password?
·         Something you may have – an ID card, a token, a passport?
·         Something you are – a fingerprint, your voice, your signature?
A fingerprint, a voice, a signature can be copied, but with effective sensor and reading technology forged copies can be detected and rejected. The Connective Touch range of fingerprint reading solutions from Global Bio Tec can identify a forged or fake fingerprint and will deny access to fraudsters and thieves.
The logical application linked to governmental imperatives to minimise welfare benefit fraud is to consider introducing fingerprint biometrics to make sure that welfare payments are paid to those who are entitled to them. The savings on fraud and administration costs could be immense!