Connect with us

Interviews

Q&A: THE IMPACT OF ENVIRONMENTAL CONDITIONS ON BIOMETRIC AUTHENTICATION.

Published

on

Joël Di Manno, Authentication & Biometrics Laboratory Service Line Manager and Abdarahmane Wone, Biometrics & AI Researcher at Fime.

 

User adoption of biometric authentication has accelerated in recent years, yet some users are still cautious. Fime is exploring ways to innovate on biometric evaluation to help solution providers to launch reliable and high-performance products. In this interview, Stéphanie Pietri, Communications Director at Fime, speaks to Joël and Abdarahmane about their scientific paper to learn more on the impact of environmental conditions on fingerprint systems performance.

 

Stéphanie Pietri: What is biometric authentication?

Joël Di Manno: Biometric authentication solutions utilize a person’s physical or behavioural characteristics, such as their fingerprint, face, or keystroke dynamics to verify their identity. Using biometric characteristics to authenticate someone provides a high level of security because these traits are unique to that person. It also provides a good user experience, as there is no need to remember long passwords. This can provide consumers with easier routes to make a payment or access a service.

However, the adaptability of biometric solutions can present challenges, as different conditions have the potential to increase false acceptance or rejection rates. This means that there is the potential for security to be compromised if non-genuine users can be verified, or the user experience will be impacted if genuine users cannot.

 

SP: What type of environmental conditions can influence biometric authentication?

Abdarahmane Wone: One of the challenges of biometric solutions is that environmental conditions can alter their performance. For example, if someone is using a facial recognition solution, changes in lighting or the background can influence its performance. Similarly, fingerprint systems can be affected when environmental conditions like temperature and humidity change, because the texture of fingerprints alter accordingly. This change can mean that the fingerprint does not match the reference fingerprint that was recorded during enrolment and therefore is not verified.

These environmental changes impact the performance, security, user experience and the trust of biometric systems. It is also important to note that not all biometric systems are impacted in a similar way. However, while we know that there is an impact, very little research has been done to assess the performance of biometric systems in different climatic environments.

 

SP: What did Fime do?

AW: To find out more about these impacts, Fime undertook some research to understand how humidity and temperature changes affect the performance of fingerprint systems. We tested the performance of three different third-party fingerprint authentication matchers in different climatic conditions. The aim was to see how accurate the algorithms were at matching the fingerprint samples taken during enrolment. The performance of the biometric systems was evaluated in six different conditions made up of a combination of two different temperatures and three different humidity environments. The different humidity and temperature environments were created using climatic chambers. After signing consent forms regarding European GDPR regulation, more than one thousand fingerprint images were collected from 17 volunteers.

 

SP: And what was the impact of these environmental factors on biometric authentication?

AW: We observed that all of the algorithms performed better when the environment was less humid. Importantly, we saw that the three algorithms were all impacted differently by temperature and humidity changes, demonstrating that the impact of environmental factors is not consistent across biometric solutions.

Also, the environmental conditions of the enrolment of the fingerprint samples made a difference. The algorithms all performed better when the environmental conditions were the same as those during enrolment of the fingerprint samples. Again, we saw that the three products were all impacted differently when the verification was done in an environment different to the enrolment environment. While two of the products differed less than 1%, the third product differed by 24%. This shows that the product could present high security risks and/or a bad user experience for consumers. This study highlights the importance of a comprehensive enrolment guide for vendors and users, to decrease the impact of environmental conditions as much as possible.

 

SP: What can be done to mitigate the impact of these conditions on biometric authentication systems?

JDM: Fime has now developed a process and identified parameters to evaluate environmental impact, thanks to the research project. The results of this research demonstrate that environmental conditions can have differing degrees of impact on biometric authentication systems. Therefore, testing the performance of biometric solutions in different environments, including different conditions between enrolment and verification, could prevent real-life issues. Certification schemes could introduce this aspect into their evaluation programs to ensure security in various conditions and decrease variance between different biometric solutions.

Biometric solution vendors can use this evaluation during their own quality assurance processes. By performing testing in this area, they can fine-tune solutions to mitigate the impact of environmental conditions. This will verify that their products can be deployed globally and will perform well in different climates. By taking these factors into consideration, they can enhance the trust, security, performance and user experience of their solutions. This may give them the ability to outperform competitors who are not considering the impact of environmental factors when developing their solutions.

 

Business

Q&A: Improving biometric systems using AI-based spoofing

Published

on

By

Abdarahmane Wone, Software Engineer at Fime

As adoption of biometric authentication increases, so does the need to ensure that biometric systems are resistant to attacks. Presentation attacks, such as spoofing, which aim to “spoof” a biometric verification or identification procedure, can compromise biometric authentication. Fime is exploring how to transform genuine biometric images into synthetic spoofs and evaluate the robustness of biometric systems in detecting presentation attacks.

Stéphanie Pietri (SP), Communications Director at Fime, speaks to Abdarahmane Wone (AW), Software Engineer, about Fime’s new research paper to discuss the potential impact that digitally synthesized fingerprint spoofs can have on anti-spoofing systems.

SP: What is an anti-spoof test?

AW: Presentation attacks, when an attacker attempts to trick a biometric system, are one of the key security challenges facing biometric systems. It is critical that the presentation attack detection (PAD) technology in a biometric system is thoroughly tested, as this is what ensures the security of the system. Presentation attack detection testing is usually done by creating presentation attack instruments (PAIs) and performing active spoof attempts to determine whether a biometric system will authenticate a credential that is not genuine. This requires significant skill and time investment from testing labs.

SP: What did Fime do?

AW: To learn more about biometric systems’ ability to resist presentation attacks, Fime conducted research to determine whether digitally synthesized images are as good as real spoofs. AI and deep learning were used to transform genuine fingerprint images into spoof images similar to the ones made from the spoof materials commonly used in anti-spoofing tests. We did this in order to simulate the standard testing process.

We used a multi-domain style transfer model taking data from LivDet, an international competition of presentation attack and fingerprint liveness detection. Data from five different materials were used: Ecoflex, gelatin, latex, modasil, and wood glue. The data set was composed of a training set and a testing set, each containing 2000 images (1000 genuine images and 200 of each spoof material for each set). We extracted and randomly cropped multiple 224×224 patches from each image and injected them into the system to see if they were detected as spoofs under the NIST Fingerprint Image Quality (NFIQ) algorithm.

By using this kind of method, the testing process is sped up and a larger number of spoof materials are covered than it would be possible to physically fabricate in a given time.

SP: What was the impact of the digitally synthesized spoofs on the system?

To assess the validity of the digitally synthesized fingerprint spoofs, the NIST Fingerprint Image Quality (NFIQ) algorithm, which provides an overall score on a scale of 0 to 100, was used. This is based on the usability and features of an image. We used this algorithm to determine whether the quality of the presentation attack instruments was similar to that of the synthetic presentation attack images.

For each material, we found that there is a similarity between the distribution of the genuine images and synthetic images.

SP: What does this mean for the future of biometrics?

Fime has developed a method that can be used to evaluate biometric systems’ ability to resist fingerprint spoofs. This can help vendors to develop their fingerprint recognition products, in particular training algorithms to resist presentation attacks. Payment schemes can also use the research to implement new testing methodologies for these products. These findings will ultimately help laboratories to make cost and time savings, helping secure products launch more efficiently.

Continue Reading

Interviews

Matt Cox, Managing Director and General Manager, EMEA, FICO, answers questions on fraud from Finance Derivative

Published

on

By

What are the biggest fraud concerns for FICO’s customers?

Scams are definitely high on the list. There is a continued surge in Authorised Push Payment (APP) scams, advanced social engineering, and pandemic-related fraud.

The level of sophistication present in scams seems to grow at a daily rate and that is always one of our biggest concerns – staying ahead of the criminals. A coordinated approach to managing the authentication of customers will be a strong starting point for any organization, so that they can adapt and adjust as the market changes. To address current fraud concerns, banks need to take this into consideration. There are specific machine learning models designed to detect scam-related activity, and banks should explore those.

How have scams changed since the pandemic started?

Investment and crypto scams saw a big spike and there was a swift rise in vaccine-related scams with an emergence of a black market for the sale of fake vaccine passports. There is certainly a good level of public awareness of scams, but according to our consumer fraud survey, only 6% of customers said they were most concerned about being tricked into sending payments to a fraudster — as compared with 26% who were most concerned with having their stolen identity used to open an account, which is much less likely. This relaxed attitude in combination with increasingly realistic and creative social engineering and impersonation schemes, is part of the reason why fraudsters continue to succeed in scamming customers.

Authorised push payment fraud is one of the biggest concerns in the digital payments industry. According to UK Finance, APP fraud has, for the first time, surpassed card fraud with £355 million in losses attributed to APP fraud in the first half of 2021.

What is the challenge for banks right now in dealing with APP scams?

APP scams present a unique challenge as they involve tricking the victim into sending money to the fraudster. Despite measures like Confirmation of Payee (CoP) being put in place to stop these fraudulent transactions, the victim will have the final say and can override warnings put in their way. A layered approach is needed to prevent it, multiple tiers of armor are always most effective.

Some improvements in payment technology are actually making it easier for criminals to commit APP fraud. As more consumers and businesses adopt simple ways to send money in real time the pool of potential victims increases, a trend accelerated by the COVID crisis pushing more people to use online banking. Real-time payments also lower the risk for fraudsters, as money is transferred instantly, fraudsters can move payments through multiple accounts in a process of layering to launder the proceeds of the fraud and make tracing them more difficult.

Criminals are devious and clever, and victims cannot simply be written off as gullible exceptions. As real-time payment schemes can be used to transfer large sums of money, there is a need to employ layered fraud protection across all products and channels used to manage real-time payments.

Maintaining good customer experience by not impacting too many genuine transactions is a growing concern. As banks get better at detecting scams, there is still a very high false positive rate with many genuine customers needing to be disrupted in order to find a single fraud. This is where advanced analytics and particularly a consortium approach are critical aids.

What has your research told you about how different generations think about fraud and scams and the actions they take to avoid them?

We frequently survey consumers across the world to get a sense of their attitudes towards fraud and the security measures implemented to catch it. The results are always interesting and often flag the differences in how age groups approach financial security.

For example, in our most recent survey of 1,000 UK consumers, 55% said they would switch banks if theirs was reported to be involved in a money laundering scandal. The younger age groups would be most eager to swap their financial service provider after a money laundering scandal: 64% of 18 to 24 year-olds would switch, as would 68% of 25 to 34 year-olds.

Those in the Millennials generation – aged 25-34 – appear to be the least impressed with banks’ current approaches to fraud. When asked about account takeover, 19% thought banks were not fair with customers in terms of how they resolved this. And when considering cases of customers being tricked into sending money to fraudsters, 21% of them thought measures were not fair.

How much of an issue is social engineering?

Social engineering is a vital component of a fraudster’s playbook. It is not a new approach for them but is one that can cause devasting results. Fraudsters buy compromised data (credentials, ID documents, personally identifiable information or payment details) and ultimately, they use it to manipulate victims and commit fraud. Sometimes, fraudsters don’t have all of the pieces of the puzzle together, so they often further manipulate systems and customers in order to get the full suite of assets they need to steal.

The complexity of scams and social engineering means that financial institutions have to take a layered approach to prevention and detection. For example, checking device characteristics is useful, but when combined with Confirmation of Payee, transactions analytics, customer profiling and instant messaging services for verification, this is where the layers play extremely well together. When and how fraud prevention solutions are deployed must be balanced with other factors such as customer experience and operational costs. Being dynamic and flexible is key to both creating the necessary balance and evolving at least as fast as the fraudsters can.

Identity authentication isn’t as strong in a scam event as it is in other fraud types. Nearly all fraud events start with a data compromise and with scams it’s no exception. Identifying compromised and vulnerable customers is still very inconsistent across banks, so there is a big opportunity to be more proactive in stopping the scam before it is initiated.

Many banks have incorporated consumer protection into their marketing plans but I would like to see more do it across the industry.

What are the latest scams you are seeing emerging?

Before Open Banking, criminals applied for low-risk accounts using a fake identity in order to start building up their credit file. Over time, they would move into commerce and then onto higher-value targets, hitting them hard.

We believe this approach is finding its way into the Open Banking ecosystem as a faster route to higher-value credit. Having secured low-risk bank accounts and passed the Know Your Customer requirements, criminals are attempting to access new services through Open Banking third-party providers, who offer loan approvals and various other financial and investment services.

We’ve also seen a steady rise in fake videos and audio with targeted content that manipulates and gains access to personal and finance data. As the technology becomes more sophisticated, it’s becoming the new favorite tool in financial crime. For instance, bank manager in the United Arab Emirates fell victim to a threat actor’s scam, when hackers used AI voice cloning to trick the bank manager into transferring $35 million.

We believe this will become a big challenge for banks in Europe and across the globe as they find themselves increasingly targeted in this way. As those deep fake technologies develop, we will see more innovation and use of a wider variety of biometric technology thrown into the mix.

Continue Reading

Magazine

Trending

Business13 hours ago

How Big Data is Transforming Bilateral Trading

By Stuart Smith, Co-Head Business Development – Data & Risk   Since its inception, Big Data has been an important...

Banking14 hours ago

Three tips to help banks profit from the rise of managed services

By Chris Mills, Global Head of Managed Services Sales, Finastra Research from IDC finds that only 29% of banks claim...

Banking14 hours ago

How Biometric Payments Are Tackling Financial Exclusion

By Catharina Eklof, CCO, IDEX Biometrics We are moving closer to a cashless society: 89% of payments in the UK...

Banking2 days ago

Poor software testing puts banks at high risk of IT failures

 Sune Engsig, VP Product at Leapwork   IT failures have plagued the banking industry for several years. From the TSB computer...

Finance2 days ago

The Importance of Experienced Customer Service Advisors in Finance

If there is one thing which can be said about the finance sector, it would be that as a customer-facing...

Business4 days ago

Financial Services Makes Gains In Employee Engagement

By Phil Chambers, GM Workday Peakon Employee Voice    A new report shows that the financial services industry improved in...

Business4 days ago

The FTX collapse: Lessons learnt for the CFO

Hartmut Wagner ,CEO of Serrala   ‘A complete absence of trustworthy financial information’ were the words used to describe the...

Business4 days ago

Black Friday, Cyber Monday and beyond: The inevitable shift to mcommerce

Arunabh Madhur, Regional VP & Head Business EMEA at SHAREit Group   Last year, we saw explosive growth in Black...

Business5 days ago

Keeping your options open and flexible: How to manage cloud migration for Financial Services Organisations

By Rachel Mcelroy, Marketing Director at Cloud Gateway   Financial Services Organisations, such as banks, insurance firms, and accounting firms,...

Business5 days ago

What makes a good entrepreneur?

By Emma Lewis, Myriad Associates Ireland   Many of us have dreamed of coming up with the next big thing...

Finance5 days ago

Things To Think About Before Starting Your Cryptocurrency Investment Journey

Making the decision to start investing can be an exciting time. Knowing that you’re going to be taking a more...

Banking5 days ago

How banks can increase customer acquisition and user engagement with sustainability

By Karolina Szweda, Head of Growth Marketing at Connect Earth Young people are demanding more innovation from traditional financial institutions,...

Banking5 days ago

The new blueprint for Open Finance? – A look inside the new Saudi Open Banking Framework

Chris Michael, Co-Founder & CEO, Ozone API   It has been a genuine privilege for all of us at Ozone...

Business6 days ago

How intelligent AP automation can put construction businesses on solid ground for growth

Cody Manning, NORAM Chief Sales Officer at Yooz   The ability to access personal emails, utility bills, invoices and other...

Finance6 days ago

Unlocking the power of AP Automation to tackle payment fraud in an economic downturn

Daniel Ball, SVP Innovation at Medius   Fraudulent activity in the workplace is not stopping any time soon. According to...

Business7 days ago

Why building trust in the workplace should be an employer’s priority

Emma Price, Head of Customer Success of ActiveOps discusses why managers should focus on workforce trust to negotiate the management...

News7 days ago

Times International and SaaScada partner to deliver innovative trade and commerce financial solutions

Global trade is forecast to increase between 30% and 70% by 2030, with 80% relying on trade finance. With traditional...

Top 107 days ago

Top 5 Holiday Season Fraud Trends

By Doriel Abrahams, Head of US Analytics, Forter With International Fraud Awareness Week and the holiday shopping season officially underway,...

News7 days ago

3S Money partners with Crown Agents Bank to boost international trade

3S Money, the UK Fintech scaleup, has partnered with Crown Agents Bank to offer 33 new currencies to its corporate...

Business1 week ago

How Startups Can Use Digital Technology to Strengthen Their Businesses in the Face of a Recession

Gemma Dodd Brand Development and Marketing at Shift6 Studios   Startups are often lauded for their innovation, creativity, and willingness...

Trending