SlideShare ist ein Scribd-Unternehmen logo

2010 Biometrics Conf: Biometrics, From High-Stakes Exams To Loyalty Cards

K
kharmanstokes

Private sector use of biometrics, from high-stakes exams, to protecting every mouseclick, grouping personal photos by faces and use as loyalty cards.

1 von 14
Downloaden Sie, um offline zu lesen
Private Sector Uses of Biometrics: From High Stakes Testing to Loyalty High-Stakes Cards Prepared for the P d f th National Defense Industrial Association Biometrics Conference January 21, 2010
Private Sector Use of Biometrics: From High- Stakes Testing to Loyalty Cards  High-Stakes Testing: Preventing Fraud in the GMAT® Exam g g g  Advances in Employee Access Control, Time & Attendance Tracking  Biometrics to Secure Data at Data Level: Protect Every Mouse Click  Consumer Authentication/Identification  Biometrics in Banking  Biometrics at Retail Point of Sale  Biometrics in the Hands of Consumers 2
High-Stakes Testing: Preventing Fraud in the GMAT® High Stakes  Scores used by 1900+ schools in 70 countries  Delivered in 110 countries to approximately 250,000 people annually  2003: 6 individuals impersonated 185 business school applicants  Exam fraud = fraud on the schools using scores. Unethical applicant gets in, honest applicant left out  2006: Began biometric fingerprints  Process:  First time test taker provides print at test center check in. check-in.  Upon returning from break, new fingerprint compared to original, 1:1  If person re-tests, new print compared to original, 1:1  If no match, manual investigation. 3
High-Stakes Testing: Preventing Fraud in the GMAT® High Stakes  Yet, technical challenge with fingerprint  Legal challenge: Strong cultural sensitivity to fingerprints, based on Nazis, Nazis Stasi/secret police. police  In Europe, right to privacy is “fundamental human right,” basis of civil society, democracy  Embedded in national constitutions, European and EU law constitutions  Data collection, use and transfer out of EU highly regulated  Overriding EU law, plus national laws, with independent data protection authorities (“DPAs”) with varying powers th iti (“DPA ”) ith i  DPAs provide check on private and public sectors  Fingerprints rejected by some European authorities  2009: Shift to Fujitsu palm vein biometric 4
High-Stakes Testing: Preventing Fraud in the GMAT®  Palm vein system designed to meet challenges:  1:N matching on the horizon  “No trace”: User leaves no trace on device and no surreptitious collection  No image stored for later use  Unique algorithm to prevent interoperability  July 2009: France’s authority, the “CNIL,” approved GMAT’s collection, 1:N matching, and transfer of data into central database in the US  Most other EU countries expected to follow  Palm vein implemented in over 100 countries 5
Biometrics for Employee Access, Time, Attendance  Gl b l Rainmakers: I i Recognition S t Global R i k Iris R iti System  High throughput while person in motion (up to 50 people/minute)  Ex: Large US bank using for employee building/logon access  Quick efficient system for 1:N  Less public resistance than w/fingerprint © Global   Aurora: Face Recognition System Rainmakers, Inc. Rainmakers Inc  Solved lighting problem using infra-red  Almost 100 clients, 940 sites in UK and Middle East: e.g., construction industry, colleges, airport operators using for 1:1  Ex: Engineering company using for employee access, time/attendance, with data passed to timesheet and p y payroll systems y  Ex: Colleges using to track students’ attendance Ex: Employee access through turnstiles 6
Securing Data at the Data Level: bioLock  bioLock: Only SAP certified biometric system  Secures HR, financial, health, research and other data at the data level, mitigating fraud and ID theft level  Protect any mouse click  Swipe fingerprint on keyboard or mouse for 1:N identification for:  Initial computer log on  To view or edit particular data, e.g., employee/customer health info, financial records  For standard workflow approvals, e.g., manager approval of budget  To authorize a transaction, e.g., authorize wire transfer 7
Securing Data at the Data Level: bioLock  Blocks access for those not authorized  Logs every attempt, identifies anyone in the system  Reduce or eliminate reliance on passwords, risks of phishing  Strong solution for Sarbanes-Oxley financial controls and HIPAA compliance  Current users of bioLock include:  Major EU bank, other banks  European and US energy companies  European hospitals  California state universities, city governments 8
Biometrics for Customer Authentication/ID  National Australia Bank: Voice Recognition  35 million customers. Significant losses from fraud, e.g., phishing, trojans, “man in the middle” trojans, ID theft  2009: launched voice recognition for phone banking  Starting w/customers who cannot remember PIN code:  Previously, manual, time-consuming process. Ask 5 pre-selected questions.  Answers to questions now available on Facebook (e.g., high school mascot). Expansion of social networking leading to expansion of fraud, ID theft  Now, 85-90% of these customers enroll in voice recognition for 1:1 authentication. th ti ti  VR enrollment is manual process, repeating info for print creation 9
Biometrics for Customer Authentication/ID  National Australia Bank:  Post-enrollment, customer calls automated system: if no PIN, put into VR system  Customer says NAB known ID number and DOB  System matches what is said for accuracy: correct NAB ID and DOB?  And matches whether voice print matches that NAB ID and DOB p  50K enrolled customers; exploring offering to all customers  Better customer experience than 5 questions; saves staff time/costs  With other security improvements, substantial reduction in fraud losses improvements  Several Japanese Banks: Palm Vein on ATMs 10
Biometrics for Customer Authentication/ID  EasySecure, Netherlands: Fingerprints at Retail Point of Sale  Fingerprint system authenticates customers, allows access, charges to account or as loyalty card  Manual enrollment process, web-based application  Allows 1:1 or 1:N matching  Post-enrollment, customer scans fingerprint, system checks against central database to authenticate or identify, approves or denies  Ex: At fitness centers, swimming pools, fingerprint allows access according to subscription  E C Ex: Camping store sets up customer account tied t fingerprint; allows i t t t t ti d to fi i t ll charges via fingerprint from family  Ex: As loyalty card, fingerprint tracks purchases or points  No image retained; image retention generally now allowed in NL or Belgium 11
Biometrics in the Hands of Consumers: Face Recognition Applied to Photos R iti A li d t Ph t  Apple® iPhoto ® “Faces,” Adobe ® PhotoShop ®, other p photo-sharing web sites g p p g group photos by faces y  Consumer’s photos added to photo site  Site software applies FR biometric technology to all p photos, grouping together p ,g p g g photos of p p with the people same faces  Consumer adds names to each group of faces  Convenient tool for consumers – easy to create y albums for friends, family  Possibly millions of biometric FR templates stored on web-servers through sites 12
Conclusion  Biometric use spreading rapidly in private sector – employees and also employees, retail and consumer applications  Increased convenience, more accurate information, reduces employer admin costs  But, what recourse if biometric data/ID stolen? How is data being used, by whom?  Privacy and legal questions: In the US, not aware of any specific oversight or laws that apply to biometrics (except Illinois)  Europe and US legal regimes share several common goals: fully inform consumers, give them choices, abide by their choices  Europe: Strong rules and limits around biometric data use  US: Goals met sporadically, case by case. Some disclosure and choice, determined by company. Do consumers fully understand? Limits on biometric use?  As growth continues, when a major problem arises, regulation likely 13 © 2010 Katherine Harman‐Stokes. All rights reserved.
Kathy Harman-Stokes, J.D., Certified Information Privacy Professional Kathy is an attorney and consultant on US and international data privacy laws, advising a broad range  of clients on privacy laws, focusing on biometric laws. She advises her clients on, among other things,  legal issues arising from the use of biometrics in specific countries, how systems should be designed to  l li ii f h f bi i i ifi i h h ld b d i d comply with international laws and where and how biometric data may be transferred. For 6 years, she  was the Associate General Counsel and a corporate officer at the company that owns the GMAT exam,  a high stakes test used for graduate business school admission worldwide. Kathy oversaw legal  compliance efforts for the GMAT’s collection of fingerprints and palm vein biometric data in 110  countries, and held discussions with EU data protection authorities concerning biometrics and other  sensitive data. Before her work with the GMAT, she was an attorney at Hogan & Hartson LLP in  Washington DC and McLean Virginia, specializing in litigation, employment and intellectual property  matters. She attended the University of Virginia School of Law, and is an IAPP Certified Information  Privacy Professional*. y *The Virginia State Bar has no procedure for approving certifying organizations. Apple® and iPhoto® are registered trademarks of Apple, Inc. Adobe® and Photoshop® are registered  trademarks of Adobe Systems Incorporated. GMAT and the Graduate Management Admission Council® are trademarks of Adobe Systems Incorporated GMAT® and the Graduate Management Admission Council  are   registered trademarks of the Graduate Management Admission Council®.  14 © 2010 Katherine Harman‐Stokes. All rights reserved.

Empfohlen

02-05-15 - Evolution of Biometrics
02-05-15 - Evolution of Biometrics02-05-15 - Evolution of Biometrics
02-05-15 - Evolution of BiometricsHector Hoyos
 
Mobile payments v1 1
Mobile payments v1 1Mobile payments v1 1
Mobile payments v1 1AndrewRJamieson
 
Ecrime Practical Biometric
Ecrime Practical BiometricEcrime Practical Biometric
Ecrime Practical BiometricJorge Sebastiao
 
Introduction tobiometrics
Introduction tobiometricsIntroduction tobiometrics
Introduction tobiometricszia balti
 
Trademark Attorneys Clearly Useful, Data Shows
Trademark Attorneys Clearly Useful, Data ShowsTrademark Attorneys Clearly Useful, Data Shows
Trademark Attorneys Clearly Useful, Data Showsabutterman
 
Khs Ndia Conference Ppt Version 15 Jan 09 Redacted 8 Sept 2009
Khs Ndia Conference Ppt Version 15 Jan 09 Redacted 8 Sept 2009Khs Ndia Conference Ppt Version 15 Jan 09 Redacted 8 Sept 2009
Khs Ndia Conference Ppt Version 15 Jan 09 Redacted 8 Sept 2009kharmanstokes
 
Elementos Pasivos
Elementos PasivosElementos Pasivos
Elementos PasivosAnyelineRodriguez
 
Tipanluisa amanda imagenes y organizadores graficos (1)
Tipanluisa amanda imagenes y organizadores graficos (1)Tipanluisa amanda imagenes y organizadores graficos (1)
Tipanluisa amanda imagenes y organizadores graficos (1)belentipanluisa
 

Empfohlen

02-05-15 - Evolution of Biometrics
02-05-15 - Evolution of Biometrics02-05-15 - Evolution of Biometrics
02-05-15 - Evolution of BiometricsHector Hoyos
 
Mobile payments v1 1
Mobile payments v1 1Mobile payments v1 1
Mobile payments v1 1AndrewRJamieson
 
Ecrime Practical Biometric
Ecrime Practical BiometricEcrime Practical Biometric
Ecrime Practical BiometricJorge Sebastiao
 
Introduction tobiometrics
Introduction tobiometricsIntroduction tobiometrics
Introduction tobiometricszia balti
 
Trademark Attorneys Clearly Useful, Data Shows
Trademark Attorneys Clearly Useful, Data ShowsTrademark Attorneys Clearly Useful, Data Shows
Trademark Attorneys Clearly Useful, Data Showsabutterman
 
Khs Ndia Conference Ppt Version 15 Jan 09 Redacted 8 Sept 2009
Khs Ndia Conference Ppt Version 15 Jan 09 Redacted 8 Sept 2009Khs Ndia Conference Ppt Version 15 Jan 09 Redacted 8 Sept 2009
Khs Ndia Conference Ppt Version 15 Jan 09 Redacted 8 Sept 2009kharmanstokes
 
Elementos Pasivos
Elementos PasivosElementos Pasivos
Elementos PasivosAnyelineRodriguez
 
Tipanluisa amanda imagenes y organizadores graficos (1)
Tipanluisa amanda imagenes y organizadores graficos (1)Tipanluisa amanda imagenes y organizadores graficos (1)
Tipanluisa amanda imagenes y organizadores graficos (1)belentipanluisa
 
ndia2010biometricsconferencehighstakesexamstoloyaltycards-12672795325078-phpa...
ndia2010biometricsconferencehighstakesexamstoloyaltycards-12672795325078-phpa...ndia2010biometricsconferencehighstakesexamstoloyaltycards-12672795325078-phpa...
ndia2010biometricsconferencehighstakesexamstoloyaltycards-12672795325078-phpa...James Fisher
 
Facial Recognition Technology
Facial Recognition TechnologyFacial Recognition Technology
Facial Recognition Technologypriyabratamansingh1
 
Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009wegdam
 
Biometrics Based Authentication AKASH
Biometrics Based Authentication AKASHBiometrics Based Authentication AKASH
Biometrics Based Authentication AKASHAkash Deep Maurya
 
Voice recognition
Voice recognitionVoice recognition
Voice recognitionKenneth Carnesi, JD
 
facerecognitiontechnology-131025121934-phpapp01.pdf
facerecognitiontechnology-131025121934-phpapp01.pdffacerecognitiontechnology-131025121934-phpapp01.pdf
facerecognitiontechnology-131025121934-phpapp01.pdfPoooi2
 
Face recognition technology - BEST PPT
Face recognition technology - BEST PPTFace recognition technology - BEST PPT
Face recognition technology - BEST PPTSiddharth Modi
 
Industry and Regulatory Insights Using Applied Science
Industry and Regulatory Insights Using Applied ScienceIndustry and Regulatory Insights Using Applied Science
Industry and Regulatory Insights Using Applied ScienceSven Von Dem Knesebeck
 
Identity in the Internet Age
Identity in the Internet Age Identity in the Internet Age
Identity in the Internet Age Cartesian (formerly CSMG)
 
Linas Eriksonas, Market for mobile biometrics
Linas Eriksonas, Market for mobile biometricsLinas Eriksonas, Market for mobile biometrics
Linas Eriksonas, Market for mobile biometricsLinas Eriksonas
 
Biometrics Presentation By Sachin Yadav (S/W Engineer)
Biometrics Presentation By Sachin Yadav (S/W Engineer)Biometrics Presentation By Sachin Yadav (S/W Engineer)
Biometrics Presentation By Sachin Yadav (S/W Engineer)sachin yadav
 
NEC Public Safety | Digital Identity for Banks
NEC Public Safety | Digital Identity for BanksNEC Public Safety | Digital Identity for Banks
NEC Public Safety | Digital Identity for BanksNEC Public Safety
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceBankingdotcom
 
Multi factor authentication issa0415-x9
Multi factor authentication issa0415-x9Multi factor authentication issa0415-x9
Multi factor authentication issa0415-x9Clare Nelson, CISSP, CIPP-E
 
Csop 2011 Al Raymond
Csop 2011 Al RaymondCsop 2011 Al Raymond
Csop 2011 Al Raymondspencerharry
 
Digital analytics on a shoestring an experience from the startup world
Digital analytics on a shoestring an experience from the startup worldDigital analytics on a shoestring an experience from the startup world
Digital analytics on a shoestring an experience from the startup worldXavier Sansó
 
Xavier Sanso
Xavier SansoXavier Sanso
Xavier SansoGlobal Business Events
 
Moving beyond passwords - Consumer attitudes on online authentication
Moving beyond passwords - Consumer attitudes on online authenticationMoving beyond passwords - Consumer attitudes on online authentication
Moving beyond passwords - Consumer attitudes on online authenticationBee_Ware
 
Remote Audit: During and Beyond Covid-19
Remote Audit: During and Beyond Covid-19Remote Audit: During and Beyond Covid-19
Remote Audit: During and Beyond Covid-19Vinod Kashyap
 
Cover page
Cover pageCover page
Cover pageErmiyasSolomon2
 

Weitere ähnliche Inhalte

Ähnlich wie 2010 Biometrics Conf: Biometrics, From High-Stakes Exams To Loyalty Cards

ndia2010biometricsconferencehighstakesexamstoloyaltycards-12672795325078-phpa...
ndia2010biometricsconferencehighstakesexamstoloyaltycards-12672795325078-phpa...ndia2010biometricsconferencehighstakesexamstoloyaltycards-12672795325078-phpa...
ndia2010biometricsconferencehighstakesexamstoloyaltycards-12672795325078-phpa...James Fisher
 
Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009wegdam
 
Biometrics Based Authentication AKASH
Biometrics Based Authentication AKASHBiometrics Based Authentication AKASH
Biometrics Based Authentication AKASHAkash Deep Maurya
 
facerecognitiontechnology-131025121934-phpapp01.pdf
facerecognitiontechnology-131025121934-phpapp01.pdffacerecognitiontechnology-131025121934-phpapp01.pdf
facerecognitiontechnology-131025121934-phpapp01.pdfPoooi2
 
Face recognition technology - BEST PPT
Face recognition technology - BEST PPTFace recognition technology - BEST PPT
Face recognition technology - BEST PPTSiddharth Modi
 
Industry and Regulatory Insights Using Applied Science
Industry and Regulatory Insights Using Applied ScienceIndustry and Regulatory Insights Using Applied Science
Industry and Regulatory Insights Using Applied ScienceSven Von Dem Knesebeck
 
Linas Eriksonas, Market for mobile biometrics
Linas Eriksonas, Market for mobile biometricsLinas Eriksonas, Market for mobile biometrics
Linas Eriksonas, Market for mobile biometricsLinas Eriksonas
 
Biometrics Presentation By Sachin Yadav (S/W Engineer)
Biometrics Presentation By Sachin Yadav (S/W Engineer)Biometrics Presentation By Sachin Yadav (S/W Engineer)
Biometrics Presentation By Sachin Yadav (S/W Engineer)sachin yadav
 
NEC Public Safety | Digital Identity for Banks
NEC Public Safety | Digital Identity for BanksNEC Public Safety | Digital Identity for Banks
NEC Public Safety | Digital Identity for BanksNEC Public Safety
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceBankingdotcom
 
Csop 2011 Al Raymond
Csop 2011 Al RaymondCsop 2011 Al Raymond
Csop 2011 Al Raymondspencerharry
 
Digital analytics on a shoestring an experience from the startup world
Digital analytics on a shoestring an experience from the startup worldDigital analytics on a shoestring an experience from the startup world
Digital analytics on a shoestring an experience from the startup worldXavier Sansó
 
Moving beyond passwords - Consumer attitudes on online authentication
Moving beyond passwords - Consumer attitudes on online authenticationMoving beyond passwords - Consumer attitudes on online authentication
Moving beyond passwords - Consumer attitudes on online authenticationBee_Ware
 
Remote Audit: During and Beyond Covid-19
Remote Audit: During and Beyond Covid-19Remote Audit: During and Beyond Covid-19
Remote Audit: During and Beyond Covid-19Vinod Kashyap
 

Ähnlich wie 2010 Biometrics Conf: Biometrics, From High-Stakes Exams To Loyalty Cards (20)

ndia2010biometricsconferencehighstakesexamstoloyaltycards-12672795325078-phpa...
ndia2010biometricsconferencehighstakesexamstoloyaltycards-12672795325078-phpa...ndia2010biometricsconferencehighstakesexamstoloyaltycards-12672795325078-phpa...
ndia2010biometricsconferencehighstakesexamstoloyaltycards-12672795325078-phpa...
 
Facial Recognition Technology
Facial Recognition TechnologyFacial Recognition Technology
Facial Recognition Technology
 
Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009
 
Biometrics Based Authentication AKASH
Biometrics Based Authentication AKASHBiometrics Based Authentication AKASH
Biometrics Based Authentication AKASH
 
Voice recognition
Voice recognitionVoice recognition
Voice recognition
 
facerecognitiontechnology-131025121934-phpapp01.pdf
facerecognitiontechnology-131025121934-phpapp01.pdffacerecognitiontechnology-131025121934-phpapp01.pdf
facerecognitiontechnology-131025121934-phpapp01.pdf
 
Face recognition technology - BEST PPT
Face recognition technology - BEST PPTFace recognition technology - BEST PPT
Face recognition technology - BEST PPT
 
Industry and Regulatory Insights Using Applied Science
Industry and Regulatory Insights Using Applied ScienceIndustry and Regulatory Insights Using Applied Science
Industry and Regulatory Insights Using Applied Science
 
Identity in the Internet Age
Identity in the Internet Age Identity in the Internet Age
Identity in the Internet Age
 
Linas Eriksonas, Market for mobile biometrics
Linas Eriksonas, Market for mobile biometricsLinas Eriksonas, Market for mobile biometrics
Linas Eriksonas, Market for mobile biometrics
 
Biometrics Presentation By Sachin Yadav (S/W Engineer)
Biometrics Presentation By Sachin Yadav (S/W Engineer)Biometrics Presentation By Sachin Yadav (S/W Engineer)
Biometrics Presentation By Sachin Yadav (S/W Engineer)
 
NEC Public Safety | Digital Identity for Banks
NEC Public Safety | Digital Identity for BanksNEC Public Safety | Digital Identity for Banks
NEC Public Safety | Digital Identity for Banks
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Multi factor authentication issa0415-x9
Multi factor authentication issa0415-x9Multi factor authentication issa0415-x9
Multi factor authentication issa0415-x9
 
Csop 2011 Al Raymond
Csop 2011 Al RaymondCsop 2011 Al Raymond
Csop 2011 Al Raymond
 
Digital analytics on a shoestring an experience from the startup world
Digital analytics on a shoestring an experience from the startup worldDigital analytics on a shoestring an experience from the startup world
Digital analytics on a shoestring an experience from the startup world
 
Xavier Sanso
Xavier SansoXavier Sanso
Xavier Sanso
 
Moving beyond passwords - Consumer attitudes on online authentication
Moving beyond passwords - Consumer attitudes on online authenticationMoving beyond passwords - Consumer attitudes on online authentication
Moving beyond passwords - Consumer attitudes on online authentication
 
Remote Audit: During and Beyond Covid-19
Remote Audit: During and Beyond Covid-19Remote Audit: During and Beyond Covid-19
Remote Audit: During and Beyond Covid-19
 
Cover page
Cover pageCover page
Cover page
 

2010 Biometrics Conf: Biometrics, From High-Stakes Exams To Loyalty Cards

  • 1. Private Sector Uses of Biometrics: From High Stakes Testing to Loyalty High-Stakes Cards Prepared for the P d f th National Defense Industrial Association Biometrics Conference January 21, 2010
  • 2. Private Sector Use of Biometrics: From High- Stakes Testing to Loyalty Cards  High-Stakes Testing: Preventing Fraud in the GMAT® Exam g g g  Advances in Employee Access Control, Time & Attendance Tracking  Biometrics to Secure Data at Data Level: Protect Every Mouse Click  Consumer Authentication/Identification  Biometrics in Banking  Biometrics at Retail Point of Sale  Biometrics in the Hands of Consumers 2
  • 3. High-Stakes Testing: Preventing Fraud in the GMAT® High Stakes  Scores used by 1900+ schools in 70 countries  Delivered in 110 countries to approximately 250,000 people annually  2003: 6 individuals impersonated 185 business school applicants  Exam fraud = fraud on the schools using scores. Unethical applicant gets in, honest applicant left out  2006: Began biometric fingerprints  Process:  First time test taker provides print at test center check in. check-in.  Upon returning from break, new fingerprint compared to original, 1:1  If person re-tests, new print compared to original, 1:1  If no match, manual investigation. 3
  • 4. High-Stakes Testing: Preventing Fraud in the GMAT® High Stakes  Yet, technical challenge with fingerprint  Legal challenge: Strong cultural sensitivity to fingerprints, based on Nazis, Nazis Stasi/secret police. police  In Europe, right to privacy is “fundamental human right,” basis of civil society, democracy  Embedded in national constitutions, European and EU law constitutions  Data collection, use and transfer out of EU highly regulated  Overriding EU law, plus national laws, with independent data protection authorities (“DPAs”) with varying powers th iti (“DPA ”) ith i  DPAs provide check on private and public sectors  Fingerprints rejected by some European authorities  2009: Shift to Fujitsu palm vein biometric 4
  • 5. High-Stakes Testing: Preventing Fraud in the GMAT®  Palm vein system designed to meet challenges:  1:N matching on the horizon  “No trace”: User leaves no trace on device and no surreptitious collection  No image stored for later use  Unique algorithm to prevent interoperability  July 2009: France’s authority, the “CNIL,” approved GMAT’s collection, 1:N matching, and transfer of data into central database in the US  Most other EU countries expected to follow  Palm vein implemented in over 100 countries 5
  • 6. Biometrics for Employee Access, Time, Attendance  Gl b l Rainmakers: I i Recognition S t Global R i k Iris R iti System  High throughput while person in motion (up to 50 people/minute)  Ex: Large US bank using for employee building/logon access  Quick efficient system for 1:N  Less public resistance than w/fingerprint © Global   Aurora: Face Recognition System Rainmakers, Inc. Rainmakers Inc  Solved lighting problem using infra-red  Almost 100 clients, 940 sites in UK and Middle East: e.g., construction industry, colleges, airport operators using for 1:1  Ex: Engineering company using for employee access, time/attendance, with data passed to timesheet and p y payroll systems y  Ex: Colleges using to track students’ attendance Ex: Employee access through turnstiles 6
  • 7. Securing Data at the Data Level: bioLock  bioLock: Only SAP certified biometric system  Secures HR, financial, health, research and other data at the data level, mitigating fraud and ID theft level  Protect any mouse click  Swipe fingerprint on keyboard or mouse for 1:N identification for:  Initial computer log on  To view or edit particular data, e.g., employee/customer health info, financial records  For standard workflow approvals, e.g., manager approval of budget  To authorize a transaction, e.g., authorize wire transfer 7
  • 8. Securing Data at the Data Level: bioLock  Blocks access for those not authorized  Logs every attempt, identifies anyone in the system  Reduce or eliminate reliance on passwords, risks of phishing  Strong solution for Sarbanes-Oxley financial controls and HIPAA compliance  Current users of bioLock include:  Major EU bank, other banks  European and US energy companies  European hospitals  California state universities, city governments 8
  • 9. Biometrics for Customer Authentication/ID  National Australia Bank: Voice Recognition  35 million customers. Significant losses from fraud, e.g., phishing, trojans, “man in the middle” trojans, ID theft  2009: launched voice recognition for phone banking  Starting w/customers who cannot remember PIN code:  Previously, manual, time-consuming process. Ask 5 pre-selected questions.  Answers to questions now available on Facebook (e.g., high school mascot). Expansion of social networking leading to expansion of fraud, ID theft  Now, 85-90% of these customers enroll in voice recognition for 1:1 authentication. th ti ti  VR enrollment is manual process, repeating info for print creation 9
  • 10. Biometrics for Customer Authentication/ID  National Australia Bank:  Post-enrollment, customer calls automated system: if no PIN, put into VR system  Customer says NAB known ID number and DOB  System matches what is said for accuracy: correct NAB ID and DOB?  And matches whether voice print matches that NAB ID and DOB p  50K enrolled customers; exploring offering to all customers  Better customer experience than 5 questions; saves staff time/costs  With other security improvements, substantial reduction in fraud losses improvements  Several Japanese Banks: Palm Vein on ATMs 10
  • 11. Biometrics for Customer Authentication/ID  EasySecure, Netherlands: Fingerprints at Retail Point of Sale  Fingerprint system authenticates customers, allows access, charges to account or as loyalty card  Manual enrollment process, web-based application  Allows 1:1 or 1:N matching  Post-enrollment, customer scans fingerprint, system checks against central database to authenticate or identify, approves or denies  Ex: At fitness centers, swimming pools, fingerprint allows access according to subscription  E C Ex: Camping store sets up customer account tied t fingerprint; allows i t t t t ti d to fi i t ll charges via fingerprint from family  Ex: As loyalty card, fingerprint tracks purchases or points  No image retained; image retention generally now allowed in NL or Belgium 11
  • 12. Biometrics in the Hands of Consumers: Face Recognition Applied to Photos R iti A li d t Ph t  Apple® iPhoto ® “Faces,” Adobe ® PhotoShop ®, other p photo-sharing web sites g p p g group photos by faces y  Consumer’s photos added to photo site  Site software applies FR biometric technology to all p photos, grouping together p ,g p g g photos of p p with the people same faces  Consumer adds names to each group of faces  Convenient tool for consumers – easy to create y albums for friends, family  Possibly millions of biometric FR templates stored on web-servers through sites 12
  • 13. Conclusion  Biometric use spreading rapidly in private sector – employees and also employees, retail and consumer applications  Increased convenience, more accurate information, reduces employer admin costs  But, what recourse if biometric data/ID stolen? How is data being used, by whom?  Privacy and legal questions: In the US, not aware of any specific oversight or laws that apply to biometrics (except Illinois)  Europe and US legal regimes share several common goals: fully inform consumers, give them choices, abide by their choices  Europe: Strong rules and limits around biometric data use  US: Goals met sporadically, case by case. Some disclosure and choice, determined by company. Do consumers fully understand? Limits on biometric use?  As growth continues, when a major problem arises, regulation likely 13 © 2010 Katherine Harman‐Stokes. All rights reserved.
  • 14. Kathy Harman-Stokes, J.D., Certified Information Privacy Professional Kathy is an attorney and consultant on US and international data privacy laws, advising a broad range  of clients on privacy laws, focusing on biometric laws. She advises her clients on, among other things,  legal issues arising from the use of biometrics in specific countries, how systems should be designed to  l li ii f h f bi i i ifi i h h ld b d i d comply with international laws and where and how biometric data may be transferred. For 6 years, she  was the Associate General Counsel and a corporate officer at the company that owns the GMAT exam,  a high stakes test used for graduate business school admission worldwide. Kathy oversaw legal  compliance efforts for the GMAT’s collection of fingerprints and palm vein biometric data in 110  countries, and held discussions with EU data protection authorities concerning biometrics and other  sensitive data. Before her work with the GMAT, she was an attorney at Hogan & Hartson LLP in  Washington DC and McLean Virginia, specializing in litigation, employment and intellectual property  matters. She attended the University of Virginia School of Law, and is an IAPP Certified Information  Privacy Professional*. y *The Virginia State Bar has no procedure for approving certifying organizations. Apple® and iPhoto® are registered trademarks of Apple, Inc. Adobe® and Photoshop® are registered  trademarks of Adobe Systems Incorporated. GMAT and the Graduate Management Admission Council® are trademarks of Adobe Systems Incorporated GMAT® and the Graduate Management Admission Council  are   registered trademarks of the Graduate Management Admission Council®.  14 © 2010 Katherine Harman‐Stokes. All rights reserved.