By Anthony Eaton, Chief Technology Officer, IDEX Biometrics
In today’s increasingly digital era, how consumer data is stored and managed has been brought to the forefront of conversation, especially in the realm of biometrics. With adoption rates of biometrics for 18-34 year-olds reaching 75%, there is a clear and growing demand for seamless and secure authentication. However, given that biometric authentication directly ties access to an individual’s identity, questions about how to store and protect such sensitive data must be addressed. The use of a centralized storage method, where extensive profile information is consolidated into one location, is raising serious concerns about data protection and ownership.
The debated ownership of identity in a digitized world has triggered fears among global citizens. Almost 90% of people now consider violating the right to privacy as one of the most pressing societal risks. Anything that heightens that risk is likely to be perceived negatively, regardless of the organization or their proposed use of the personal data.
Biometric data, which refers to personally identifiable characteristics such as facial features and fingerprints, is often stored centrally, especially among larger corporations or governments using biometric authentication to grant user access and permissions. In these instances, a server hosting a biometric database is in some cases considered the most practical mode of storage, with all data kept in the same, centralized place.
While biometric credentials are unique to each person, storing them centrally leaves them at risk of data breaches and fraud. While biometrics is an inherently secure method of capturing credentials, data storage needs to also be considered as part of the security discussion. Decentralized methods are increasingly considered to protect users and their privacy.
Removing encryption to boost protection
In March 2023 TikTok was pressured to be banned in the US, for fear of user data being shared with the Chinese government. Growing sensitivity around big tech’s influence has been amplified by a series of high-profile breaches over the past decade. Household names including Facebook and Netflix have been subject to serious breaches in recent years. Similarly, Apple continues to patch its infrastructure eight years on from the XcodeGhost malware that compromised 128 million iPhone users.
The upshot of such breaches is twofold. To risk exposing people’s private information in an era of high data privacy sensitivity, and fears over big tech’s growing influence, is a quick way to lose customers, employees and a trustworthy reputation. These access credentials could also unlock wider data pools relevant to the organization, such as business strategy, intellectual property or other sensitive information.
The threat of breaches from all sectors of society is palpable among citizens, and organizations must learn from past breaches and their impacts on consumers. They can do so by demanding that personal biometric security credentials remain truly safe and secure.
A decentralized, off-cloud model where biometric data is encrypted and stored locally offers a highly sought after alternative.
Placing control back into the consumers hands
Centralized storage is effective in certain organizational scenarios. However, it is crucial to implement the highest level of cybersecurity with optimal levels of privacy and data protection.
Decentralized storage, on the other hand, involves encrypting sensitive biometric data. It removes risk by avoiding having all data deposited in the same place. One example of an off-cloud solution is a biometric smart card which works by verifying the cardholder via their unique fingerprint. If the card was to fall into the wrong hands and be used by someone other than the cardholder, the transaction would fail. The user’s fingerprint is captured, transformed and encrypted and then safely stored on the card’s secure element, rather than on on-prem servers or in the cloud.
With 84% of consumers in the US placing huge importance on the privacy of their data in today’s digitized world, the demand for enhanced authentication security relating to access and payments has never been higher. In fact, the biometric sensor market alone is set to triple its 2020 value to $3.3 billion by 2030.
Biometrics are a certainty, rather than a possibility; especially with 58% of consumers now agreeing that biometric payments make transactions more secure – up from 48% a year previous. This is becoming even more apparent given the impact of GDPR in the UK and Europe, CCPA in the US, and evolving security legislation equivalents around the world, which are encouraging both organizations and citizens to rethink how they keep our digital assets safe. In their relative nascency, there is the perfect opportunity to pivot quickly and rethink the protection of fast-scaling sectors such as biometrics.
