Technology advances have made using humans’ unique physical differences a more viable means of access control. With a pandemic to consider, fınd out which methods make the most sense.
Integrators are faced with ever-increasing choices when it comes to access control. The security industry has a half-century of experience with door-mounted readers, plastic cards and PINs.
Lately, there’s been a movement toward replacing the credentials with employee smartphones. And then there is biometric technology, most often based on fingerprint, facial and iris recognition technologies.
Some people still view biometric devices as something from a spy movie, available at a cost that warrants their use only in mission-critical government facilities. But it’s no longer the 1990s and cost-effective biometric technology is used now in everything from enterprise organizations to small businesses. Most people use some form of biometrics daily – often to unlock their smartphones.
Biometrics offer a convenient, quick and accurate solution for access control and more for any facility. Unlike a plastic credential, an iris pattern, a fingerprint or facial structure can’t be lost or shared with an unauthorized user.
With biometric technology, there is no need to carry plastic credentials or remember a PIN. Following a one-time system enrollment, employees are immediately recognized at any other organizational facility on the same network. And biometrics are highly secure – breaking into a system yields hackers encrypted identifiers that can’t be copied or reused.
Many organizations are looking to replace aging Wiegand wiring protocol systems that lack encryption between cards and readers, making it easy for hackers to intercept signals and create working clones. This is an excellent opportunity for integrators to introduce biometrics.
Biometrics can become a profit center for integrators as the solutions become readily accessible and cost-effective for end users. Here are a few ideas for incorporating biometrics into a security plan.
Biometrics are well suited for protecting revenue at amenity-driven businesses that charge membership fees. Gyms, golf courses and other operations lose money when members share access cards with nonmember friends. Installing biometric readers at entries matches guests with enrolled templates ensuring only paying members to gain access.
It’s expensive to keep employees on duty to open bays for after-hours deliveries. End users can save money and increase convenience by enrolling authorized delivery drivers into a biometric identity system enabling unattended deliveries.
Traditional access control systems have a routinely need to add, replace and delete cards, creating a source of recurring revenue. Biometric management, including employee enrollment and deletion, also creates RMR opportunities.
Save customers regulatory fines and possible injury claims by installing a biometric reader at dangerous equipment to ensure only trained personnel has access to operate it. Biometric systems are also well suited for hourly employees’ time and attendance needs. Organizations using timecards or plastic credentials are open to “buddy punching,” a practice in which one employee clocks in or out for an absent friend.
This process costs businesses millions of dollars annually. Eliminate this fraud with biometric systems, many of which have already installed payroll software. Markets significantly increasing their use of biometrics include healthcare, law enforcement, transportation and property management.
Like the overall security industry, biometric providers were significantly impacted by the COVID-19 pandemic. One leading choice for identity authentication — fingerprint technology — saw sales fall as employers sought touchless solutions.
The same was true for hand geometry readers. Also, neither technology worked where employees routinely wore gloves as part of their jobs. The move away from contact-based devices opened opportunities for integrators to sell replacement systems.
New touchless fingerprint readers work by illuminating the surface of the finger to create a 3D model of a finger’s shadows and ridges.
However, a 2020 study by the federal National Institute of Standards and Technology (NIST) looked at six commercially available touchless platforms (two standalone devices and four smartphone apps) and found they lacked the accuracy of contact-based devices.
Scanning any single finger returned accuracy rates of 60% to 70%. But the scanning of multiple fingers significantly improved accuracy, with one touchless device coming very close to the 99.5% accuracy rate of contact devices.
Earlier NIST studies showed some facial recognition systems reached an accuracy rate of 99.97%, matching iris-based platforms. However, personal protective equipment (PPE), such as masks and goggles, often interfere with accurate ID authentication.
A 2020 NIST survey found masks covering nearly three-fourths of a person’s face resulted in authentication errors ranging up to 50%. A follow-up study released this year showed significant improvements in some algorithms, with the error rate dropping to 3% with the best performing platforms.
Another NIST study from late 2019 found facial recognition’s accuracy often depends on the demographics of people being scanned. Using more than 18 million images of people pulled from FBI, Department of Homeland Security and State Department databases, the survey found females, people of color and persons between the ages of 18-30 were less likely to be accurately recognized.
Iris recognition systems are touchless and unaffected by PPE, including goggles, glasses and contact lenses. Greasy, dirty or scarred fingers play no role in iris-based systems, nor do skin color, tattoos, facial hair or makeup. However, one academic study found that certain ocular diseases, including those related to Type II diabetes, may affect accuracy.
Looking Into Iris
Iris-based biometric systems are probably the least familiar of the three major technologies among integrators and end users, so here’s a quick look at how the technology works.
The iris offers more markers than most other biometrics, with 240 captured at enrollment. What amounts to an infrared photo taken during the enrollment process creates a small 512-byte template of each iris which can’t be reversed or reconstituted to create a workable image.
Iris patterns, found in the colored ring around the eye’s pupil, are like a snowflake – no two are alike. Even genetic twins have different patterns. The iris is fully formed at birth and remains stable throughout a person’s life, eliminating the need for re-enrollment.
The technology also authenticates children’s identities. And while media reports often describe iris recognition as retinal scans, the two technologies are not the same. Iris-based technology doesn’t require shining bright lights into a person’s eyes.
Privacy is a growing concern among many people. It’s possible to identify people by the fingerprints they leave on hard surfaces and comparing them to law enforcement, corporate and other databases. Facial recognition uses social media, public records — even high school yearbooks — to identify people seen in the security video.
Iris-based biometrics are the only opt-in solution. People know when they enroll in an iris biometric database.
Fringe & Future
There are many other biometric measurements; however, these are primarily niche solutions. For example, voice biometrics most often authenticate a person’s identity for telephone and Internet transactions, such as remote access to websites and networks.
A handwriting biometric is commonly used for authenticating signatures on business transactions, typing rhythms for workstation logins, and vein recognition is widely used for employee time and attendance.
The most accurate biometric technology is DNA matching, which is used most widely in law enforcement and healthcare. DNA is collected from virtually any part of the human body, including blood, saliva, skin, tissue and hair.
The technology has the unique ability to detect familial relationships. The biggest roadblock to DNA going mainstream is the time required to return results. The fastest systems need 90 minutes to confirm or deny identity — way too slow for most security operations.
For decades, the pairing of electronic access control readers and plastic cards has worked well for small businesses and enterprise organizations. Certainly, they were a better, safer choice than the mechanical key locks they replaced.
Don’t expect plastic credentials to disappear soon. However, integrators and end users always strive to improve security and convenience. Today, they are doing so more often with the many biometric options available to them.
Mohammed Murad Vice President, Global Development and Sales for Iris ID.