NuData’s Robert Capps has a feature article in Newbusiness where he talks about the privacy debate and the difference between physical biometrics and behavioural biometrics.
Account takeovers are increasingly affecting a growing population of online user accounts due to a confluence of threats, such as weak consumer password practices, frequent mass data breaches and brute force attacks against web properties.
The scope, scale and frequency of these online attacks against user accounts has demonstrated time and again that companies can no longer rely upon authentication methods based on static elements that can and will be stolen, traded and sold to the highest bidder in underground markets.
These trends have recently led organisations to consider the use of human biometric characteristics to supplement standard, but weak, single factor authentication schemes that have historically relied on a shared secret, such as a password, to validate that the rightful owner of an online account is the one who is accessing it. As these organisations investigate advanced authentication methods, they face an environment where the term “biometrics” has become an industry buzzword that encompasses a number of human second-factor solutions from “selfie”-based facial recognition, to fingerprint and iris scans, behavioural patterns, voice – even the human heartbeat.
As such technology is increasingly proposed and used in online and offline transactions; the use of biometric factors is rapidly becoming an area of concern from a data privacy and security perspective.
When most people who do not live and breathe online security hear the word “biometrics”, they immediately think of Tom Cruise in Mission Impossible, using physical attributes such fingerprints, handprints, retinal scans, voice print and facial recognition to secure access to some highly protected asset or location. For some reason, they don’t generally link the use of these elements to facilitate a secure login to an e-commerce, banking or social media website.
While the use of these physical biometric factors has been a boon for physical security, where the person to be authenticated is physically presenting themselves for enrolment and subsequent authentication, many factors quickly lose effectiveness in an online world, where the user is physically enrolling and authenticating themselves through a consumer grade device that they own and control.
For the complete article, go here.