IN A typical James Bond film, the suave hero deals with iris scans, facial recognition systems and voice authentication as common technological security measures, but such gadgetry is fast expanding beyond the realm of Hollywood’s imagination.
Marius Coetzee, MD of identity management company Ideco, says biometrics refers to the identification of humans by their physical characteristics or traits.
Arriving at Ideco’s offices in Pretoria is like walking onto the set of a spy movie. To enter, a visitor must submit a fingerprint to the guard on duty along with an identity number and contact details. Then a registered and verified employee must open the door, again using fingerprint technology. The time and date are logged, as is the name of the person who opened the door.
Mr Coetzee says the industry has made the biggest advances in fingerprint biometrics.
“It’s a key aspect of forensic application. At a crime scene, the first thing the police dust for are fingerprints. Most people have 10 fingers and it’s highly unlikely for any two people to have the same prints. If you remember the first time you took fingerprints, it was probably with dark ink on paper, but technology has advanced since then,” he says.
“Depending on how good the technology is, it cannot only capture and store your fingerprint in 1.8 seconds, but also verify whether that fingerprint belongs to you. Fingerprint biometrics is now a real-time application.”
Mark Paynter, a sales executive at Ideco, says the technology is evolving rapidly.
“We’ve seen in the movies where people are able to lift someone’s print from the scene and access information that’s not their own (by stealing someone’s identity), but that is going to become more difficult to do.”
He pulls out a small, glossy black box. “This is the finger-vein print scanner. Not only does it check your fingerprint, but it also captures your vein network and checks to see whether blood is circulating in that finger. Like all security, none of it is criminal proof, but no run-of-the-mill criminal could crack this kind of intense biometric technology.”
Biometrics technology is in different stages of development globally, but South African technology and compliance are at the forefront. The police, the South African National Defence Force and government departments such as home affairs all use state-of-the-art biometric technology. The quality of the equipment is measured against a global standard for biometrics set by the FBI in the US.
The Department of Home Affairs has in 2013 started rolling out new smart South African identity cards that use biometrics. According to Home Affairs Minister Naledi Pandor, laser engraving of personal details and photographs make the card difficult to forge or change. The smart card is expected to curb the use of fake or stolen identity documents.
The government’s technology meets the FBI standard, but according to industry sources, not all financial institutions in South Africa do, which would make their biometric evidence inadmissible in a court of law.
But are these high-tech systems within the reach of smaller businesses? Paul Hutton, CEO of voice biometrics company One Vault, says that as the technology improves, more companies are showing interest and the cost is declining.
“I used to work at a credit bureau and one of the major worries was always that our clients’ information wasn’t as secure as it could be,” he says. “Identity theft is becoming a scary phenomenon, increasingly in South Africa too. We work on a consumption model, which means there aren’t any large start-up costs. You pay for the technology as you use it.”
He adds: “Voice authenticating improves customer satisfaction and reduces costs and the probability of fraud. And this kind of biometric technology is the only one that can be used remotely.”
Mr Hutton says passwords used to access devices such as laptops and cellphones will soon be replaced by biometric controls. As ever more transactions are conducted online, companies are requiring significantly enhanced, multilevel authentication systems to combat fraud. There are also a range of processes — such as password resets — that require authentication but are time consuming and costly for companies and clients alike. These processes can be automated using remote third-level authentication at greatly reduced cost and with improved security.
In third-level authentication there are three ways of authenticating a person’s identity, in case of failure of one or two of the methods.
“Voice authentication is actually a technology that has come out of the military,” Mr Hutton says. “It’s not that easy to crack. If you record my voice and play it back to the machine, it won’t give you access to my data and information.