Bio-metrics : A Boon or A Bane?

In 1966, Abraham Maslow said,

“I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it is a nail”

The above-stated phrase also known as the law of instrument is a cognitive bias that highlights a human tendency to rely on familiar instruments. This means that humans are naturally inclined to make use of those things which are familiar or convenient. Cognitive biases cause individuals to suspend rational judgements and instead rely on a one-dimensional point of thought, most of the time they are not aware of this themselves. Cognitive biases are particularly hard to counter if our brains have developed a subconscious dependency on a particular habit.

So what is the connection between a little known psychological theory and a high technology system like bio-metrics?

In order to answer this question, we need to first understand why biometric-based technology applications are gaining popularity. Bio-metrics is an umbrella term used to describe all measurements related to the human body. This, when coupled with the fact that every human being has a unique bio-metric characteristic has opened the possibility of using these bio-metric characteristics to provide personalised services to individuals. Especially, in the areas of security. Bio-metrics are of particular interest to governments as it was an efficient way of collecting data on their citizens and it seems like an effective way to prevent any potential frauds. Private companies, then realised that bio-metric systems can be used to replace physical identification documents. This, in turn, would increase efficiency. The use of these systems then spread to the consumer products like phones which can be unlocked through fingerprint or retina scans.

However, these conveniences do come with a cost. A bio-metric security system is highly convenient when compared to other systems like passwords or PIN codes. Why would anyone make an effort to type in a long tedious password when they can simply swipe their fingerprint! The main issue of bio-metric systems is that it is permanent in nature and cannot be reset or replaced. For example, if your password has been compromised and has been disclosed to unauthorized third parties, you have the option of discarding the previous password and adopting a new one. But if your bio-metric data has been compromised there is no way of discarding it. It is biologically impossible to replace your fingerprints or retina outline!

Many proponents of bio-metrics argue that bio-metrics is theoretically the most secure security system, as it is impossible to hack a human body from a remote location. This is a valid argument but it ignores threats arising from your own surroundings. The same advancement of technology which has enabled bio-metric systems, have also provided tools which can be used to circumvent these systems. High-resolution cameras can be used to take discreet pictures of a person's face or eyes and the retina outline or eyeball vascularity can be replicated from these pictures. A person's fingerprint can be photographed and can be replicated through advanced software. These replications can be turned into a physical copy through 3D printing.

This can be best illustrated by the demonstration given by Jan Krissler, a computer hacker. He managed to replicate the Fingerprint of Ursula von der Leyen, the German defence minister through high-resolution pictures.

                          

                                                                                        (Source: DW)

Jan Krissler used several pictures of Ursula von der leylen (Pictured) thumb clicked at different angles including a picture from her office issued press release.

                                                                                 (Source: jankrissler blog)

Jan Krissker (pictured) used a commercial software called VeriFinger to replicate the thumbprint

This leads back to the initial point about the law of instruments and cognitive biases. Bio-metric systems have been perceived as been safe and there is a general atmosphere of excitement about adopting this technology. People, in general, are attracted to the convenience that it can possibly provide. But we must remember the law of instruments just because bio-metric systems are available, we must not indiscriminately use it for a variety of functions without first understanding all the consequences.

In the field of banking, bio-metrics can be used to collect customer data or to fulfil Know Your Customer (KYC) requirements. But, it must be complemented with other security measures like single-use passwords or two- factor authentication.

It would be prudent to completely avoid bio-metric systems to conduct fund transfers and other monetary transactions.  

The weakest link in any security system is the end users. In banking the end users are customers. Even the most secure security system cannot prevent a breach caused by incorrect use by its users. Instead of focusing on bio-metrics, banks must instead focus on incentivizing its customers to develop strong security practices.