2 March 2023: Whenever a digital identity is used to perform an action like requesting information or executing a transaction, it is invariably important to check that the correct person is using that identity. Many techniques are used to perform these checks including the use of biometric technology. New papers from the Biometrics Institute address this amongst other concerns, providing guidance on good practices for implementing biometric authentication in a secure and effective manner.
According to Isabelle Moeller, CEO of the Biometrics Institute, “The use of biometrics in digital identity authentication is becoming increasingly important. It should be considered in the context of the classic three pillars of identity verification: ‘something you have’, ‘something you know’, and ‘something you are’. The paper on Digital Identity and Biometric Authentication sets out the Biometrics Institute’s recommended good practices for the use of biometrics in authenticating existing digital identities.”
Biometrics can also help ensure that the right person is using a digital identity, providing enhanced security while reducing the risk of fraudulent activities. The paper also highlights the importance of biometrics in providing useful mitigation against identity theft, account takeover, account recovery, and unauthorised usage. It’s important to remember that individuals are at the core of any biometric process and Brett Feldon, Head of the Biometrics Institute’s Digital Identity Group states “Biometric technology is not a one-size-fits-all solution and should be evaluated on a case-by-case basis. Factors such as the sensitivity of the information being accessed, and the level of security required should be considered when determining whether biometrics is an appropriate technology choice.”
The paper outlines the key considerations when introducing biometrics for digital identity authentication. These include focusing on business benefits, assessing the impact on other authentication mechanisms, differentiating between biometric and non-biometric mechanisms, and using biometrics to minimise uncommon negative events. It also highlights the importance of making ethical and responsible decisions in biometric authentication applications and provides references to the Biometrics Institute’s Good Practice Framework for guidance. And it covers the reuse of digital identities provided by another party and on-device biometrics to support self-sovereignty of identity and digital wallet usage.
Ensuring the security and privacy of digital identities
The paper on Digital Identity and Biometric Authentication is recommended for individuals and organisations considering the use of biometrics to authenticate the digital identity of a user that has signed up to an online service. This includes those interested in on-device biometrics for high-frequency transactions, centralised biometric systems for secure transactions, designing authentication processes for customers, reusing digital identities provided by another party, and supporting confidence in self-sovereignty of identity and digital wallets.
It is a practical reference for organisations looking to develop new authentication processes or enhance existing ones in a way that aligns with individuals and ensures the security and privacy of their digital identities and is relevant to a wide range of sectors including government, financial services, healthcare, and technology.
About Digital Identity and Biometric Authentication
Full, and summary editions of the paper are available to members of the Biometrics Institute on the organisation’s website.
About the Biometrics Institute:
The Biometrics Institute is the independent and impartial international membership organisation for biometric users and other interested parties. It was established in 2001 to promote the responsible and ethical use of biometrics and has offices in London and Sydney.
The member register which represents a global and diverse multi-stakeholder community now lists over 200 membership organisations from 34 countries. It includes banks, airlines, government agencies, biometric experts, privacy experts, suppliers, academics and 10 Observers representing United Nations agencies, IGOs and European Union institutions.
The Biometrics Institute connects the global biometrics community. It shares knowledge with its members and key stakeholders and most importantly, develops good practices and thought leadership for the responsible and ethical use of biometrics.
For more information, please email Marco Lombardi.