Biometrics, particularly face biometrics, continue to be adopted as a method of identity verification (IDV) across multiple sectors in South Africa.
By Lance Fanaroff, co-founder and chief strategy officer of iiDENTIFii
While the technology promises greater security and access for the previously unbanked, businesses and consumers are still adapting to and learning to trust these technologies. Are South African businesses ready for face biometrics? Are consumer concerns founded, or is it simply a case of misunderstanding the technology?
SA ready to transition from passwords to biometrics
Passwords are inherently unsafe and susceptible to data breaches, cyber criminals, malware and more. For this reason, South African institutions such as banks have been favouring multi-factor authentication with an emphasis on personal data that cannot be spoofed. The process of using face biometrics, or a series of selfies, have proven effective in demonstrating that a person is real and transacting in that moment.
While this technology is compelling, South African businesses are divided on the future relationship between passwords and biometrics. In iiDENTIFii’s recent Identity Index, South African Edition, 38,3% of respondents didn’t believe that IDV solutions would ever completely replace password-based options in their businesses, while 32,3% expected a shift to IDV to take place within the next year, and 21,4% expecting the change within the next two to three years.
This distribution indicates a significant divide in expectations about the future of identity verification methods. While many businesses are optimistic about transitioning away from password-based systems relatively soon, a considerable proportion remain sceptical or see it as a longer-term change.
That being said, the study showed a common trend towards adopting more secure and efficient identity verification solutions. Some of the challenges to this included implementation complexity and integration with existing systems, as well as user acceptance. The latter is the most crucial to the IDV’s success.
Why consumers may be hesitant about biometrics
There is some misunderstanding about how biometrics works, which can lead to consumer fears when using the technology. One of the prevailing misconceptions is that, by scanning your facial features, companies can hold onto your data and use it for surveillance or identity theft.
The reality is that opt-in biometrics are the most secure way to identify someone – and keep their information and identity safe from misuse – and these differ a great deal from biometrics used for surveillance.
The type of biometrics used by companies is called remote biometric onboarding, which is opt-in verification and account authentication as opposed to surveillance. Remote biometric onboarding links a person’s biometric data, whether their face or fingerprint, to their account so that they, and only they, can access the account safely and securely. Opt-in biometric onboarding with liveness detection is even more secure and protects institutions and clients from fraud.
While face matching on its own poses risks to cyber security, new biometrics solutions with liveness detection are far safer, and assure organisations that they are interfacing with a genuine, physically present human being.
This identifying data is not held in any way that could be used by a cybercriminal or imposter. iiDENTIFii, for example, makes use of biometric hash technology to protect identifying information.
A biometric hash is a cryptographic transformation of biometric data into a string of characters that acts like a unique digital finger or face print. This is a one-way process that is achieved without using Personally Identifiable Information (PII) data, meaning it is both secure and private.
Some consumers may fear that a fraudster could transact in their name and drain their savings. Biometric liveness makes this an unlikely scenario, as it is far more safer and secure than simple ‘gesture-based’ liveness, such as smiling or blinking, to verify a person’s identity.
The most prescient threat is scammers calling unsuspecting consumers and coercing them to reveal their personal details, or transfer money on their behalf. A consumer who has given over their information willingly cannot be protected, which is why financial literacy and ongoing consumer education around fraud is so critical.
Regardless of the organisation, biometrics is set to play a critical role in keeping consumers safe. With education and understanding, South Africans can reap the benefits of a digital identity that is safer and more inclusive for all.