State-of-the-art electronics have long been a core component of physical security plans for banks and credit unions. That said, as crime becomes increasingly sophisticated, so must the technologies for defending against it. Financial institutions are challenged to survey the industry landscape for new and better video surveillance, intrusion alarm and access control options on an ongoing basis.
In order to take full advantage of the latest and greatest technology, its critical to consider security successes in other industries as well. Case in point: access control. No longer limited to industrial applications, biometric access control is now gaining ground at financial institutions.
Experts believe that this application within the context of a centralized access control solution has legs. Leveraging biometrics may provide a higher caliber of security that assiduously protects assets and equipment at FI branches and back-offices.
What is biometric access control?
Biometric access control is next-generation technology that assesses physical features to trigger entry to closed-off areas. Using such identifiers as facial recognition, ocular recognition, palm veins and fingerprints, biometric readers scan an individual's "credentials" to ultimately grant or deny admittance. Although this technology remains in its relative infancy overall, facial detection appears to be showing the most promise in terms of advancement and development. Not surprisingly, government entities are interested, and as New York Media's Intelligencer reported, the facial recognition database for the FBI now totals more than 641 million identities.
What is the purpose of biometric access control?
Because identification like fingerprints and hand geometry are inherently unique – no two are perfectly the same – biometric technology makes it harder for bad actors to manipulate security systems by means of forgery and replication. Standard door locks may provide a very basic level of protection, but since keys, fobs and identification cards are object-based, they can be stolen or tampered with if these tools should fall into the wrong hands. Biometric security serves as a highly effective and more convenient workaround.
"Biometric access control provides a robust layer of protection by leveraging the body's physical characteristics."
The same goes for information-based methods of entry. Granted, PIN numbers, codes and passwords do provide defenses against incursions and intrusions, especially when used as part of multi-factor authentication, which by definition requires at least two sets of credentials. Yet these as well are not invulnerable, especially in light of the fact that passwords and pass codes are not changed as frequently as experts recommend.
Biometric access control provides a robust layer of protection by leveraging the body's physical characteristics so organizations can ensure the highest levels of security.
How does biometric security work?
As previously referenced, biometric systems come in all shapes and sizes and function in a manner that is dependent on the method of entry used. For example, facial recognition software reads the geometry of an individual's facial features – such as jaw line, eye spacing, forehead size and cheekbone structure – and compares them to a database. If the same identifiers are on file, it serves as that person's ticket, or signature. An up and coming biometric technology goes one step further with a look on the inside, specifically using infrared light to identify palm veins.
What are the challenges of implementing biometric verification?
The challenge of adopting biometric access control for industry including financial services comes in establishing a robust data set that is keyed into users. Think of it this way: If you hand someone a photo ID, the person can easily compare what's on the ID with the person standing in front of them. This is trickier with biometric technology – even with the ability to pick up details more subtle than the human eye can detect, with biometric verification, the "ID" component doesn't come fully established. The machine needs to know this fingerprint is associated with "John Smith." And building the database is in itself not a small task.
For that reason, utilization to date has been limited namely to employees versus visitors and/or customers. In the case of banks and credit unions, biometric access control is most likely utilized in back offices. And while there has been limited use with customer access to specific areas of the branch, for instance in safe deposit box areas, we seem a ways off from use "at the front door."
Without having to wait for a speculative future where everyone's unique biological identifiers are keyed into a massive database – a future that would present logistical challenges in addition to almost dystopian privacy concerns – how can this new technology be best employed in 2020? The answer is likely in your pocket right now.
Biometrics and access control
Our cell phones can bridge the biometric gap. Given the ubiquity of mobile devices, there is a clear opportunity for leveraging two factor authentication to support security. Indeed, the future is now. According to Axios, Bank of America, Wells Fargo, Citi and Chase have all introduced, tested or installed some level of biometric technology to enhance protections all while embracing open concept banking. In this regard, banks and branches are taking advantage of the very consumer technology that people use on a daily – if not hourly – basis.
Likewise, access control and biometrics have the opportunity to work together via phones equipped with facial recognition. Indeed, for FIs looking to get into the game with biometric verification, integrating with existing biometric tools will be critical. Rather than building their own biometric ID dataset, a bank facility might focus on technology that connects with smartphones already using biometric technology. The smartphone could act as a verification key: If you already unlock your phone with facial recognition, all you'd need to do to access financial account information is "unlock" it from your phone via an app or some other integration. The phone is already set up to recognize your facial features and connect them to your identity and the branch would simply just need to tap into that existing data set to verify.
This has two major advantages: Firstly, branches can avoid the significant investment that comes with developing hardware that can read biological features. Secondly, compared to physical ID or debit cards, this system is actually incredibly secure. A borrowed or stolen bank card can provide easy and illicit access to a person's account as long as the fraudster know a simple PIN. Phones are rarely loaned out or misplaced – when's the last time you've let your phone out of your sight for more than a minute or two? – and even if they are, a phone with biometric locks already in place is virtually useless unless the thief can somehow get the owner to unlock it.
To transition that heavy lifting to the access control system itself (versus the phone), an app might require photo uploading for access verification. This concept is, in fact, already beginning to gain traction.
How accurate is biometric access control?
Biometric technology is sexy, but that alone is far from the only reason why biometrics is worth the investment. Accuracy may top them all. In 2018, the U.S. Department of Commerce's National Institute of Standards and Technology tested 127 facial recognition algorithms from 40 developers to see if databases could corroborate whether random faces were on file, Intelligencer reported. In 99.8% of cases, the system worked, a success rate that was 20 times higher than in 2014 when a similar study was performed.
Are biometric access control systems foolproof? Clearly not. False positives are possible and they require a lot of bandwidth. However, it has many things going for it that traditional door locks and outdated digital security strategies do not, noted Andy Adler, professor of systems and computer engineering at Carleton University.
"Biometrics have problems," Adler told The Washington Post. "Overall, my opinion is it's still better than what it's replacing."