Using Biometric Access Systems: Dos and Don'ts

For biometric access systems, the devil is in the details. Here are implementation strategies from users and analysts.

Considering a biometric access system? Experts offer practical advice in these dos and don'ts.

DO expect resistance. All biometrics systems require user enrollment and credentialing, which are expensive and resource-intensive processes, Most says. "There is well-founded resistance to the idea of large, centralized repositories of personal information," she says. Eventual solutions to this problem may include anonymous identification, encrypted transmission of templates, and identity-centric infrastructures with distributed storage models.

In some cases, resistance comes in the form of cultural norms, says Ant Allen, an analyst at Gartner. For instance, finger scanning is not widely accepted in Japan, he says, as people reject the idea of physical contact with the sensors. Since the country's banks use biometric identification extensively for ATMs, many have turned to vein structure biometrics, whose sensors do not require contact.

Also see Biometrics: What, Where and Why for a look at the demand for biometric systems

Privacy concerns are another reason for resistance, he says. An example is retina- and iris-scanning systems, as these images can show symptoms of certain illnesses that people may want to keep private, he says.

DON'T overlook usability. System usability is another important factor. With finger-scanning systems, there is always a segment of the population that encounters difficulties with the scanners getting a correct read due to their skin type, Allen says. "It may mean providing an alternative system for this small group of users, and that might be seen as discriminatory," Allen says. He recounts a client that had to find an alternative for six users out of 2,000 to 3,000, as they could not interact successfully with the scanner. Reasons for enrollment problems include health conditions, racial characteristics, disabilities and personal idiosyncrasies, Most says.

To continue reading this article register now

The 10 most powerful cybersecurity companies