Biometrics and the Fight against Criminals (Guide 2024)

Nowadays, computers, smartphones and wearables have built-in facial identification features (like FaceID or fingerprint recognition). This means that almost anyone can now verify their identity in a matter of seconds. So, thanks to biometrics, the world of identity verification is undergoing a revolutionary transformation.   

Moreover, biometric verification is considered to be one of the most secure methods of verifying user identity. This is due to its high level of accuracy and ability to ensure the verified person’s presence.

Still, the challenge of fraud is mounting. According to Cybersecurity Ventures, global cybercrime will amount to 10.5 trillion USD per year by 2025. Therefore, it’s crucial for businesses to verify user identities accurately—and biometric technologies are answering the call. According to Statista, the global biometric authentication and identification market is expected to reach almost 100 billion USD by 2027.

So, what exactly are biometrics and how do they influence KYC (know your customer) and AML (anti-money laundering)?

What is biometric verification?

Biometric verification is the process of identifying a person by assessing one or more of their unique physical  characteristics (e.g. fingerprints, iris or retina, voice, face).

Biometrics are used as a form of identification everywhere, from transactions to security because of its full-proof advantages. Biometrics are preferable to passwords because they’re easier to use and provide greater privacy and security. Reliable biometric solutions, such as Liveness Detection, also ensure that the individuals providing their identity document and biometric data are real people who are present during verification.

Suggested read: Liveness Detection: Choosing a Solution That Won’t Let Fraudsters in

Biometric verification vs biometric authentication

Biometric verification is the process of cross-referencing a person’s biometrics with their identity document (i.e. passport). Biometric verification is usually conducted during onboarding (registering for a service for the first time).

Biometric authentication is the process of validating a person’s biometrics using data previously collected during the biometric verification process. Biometric authentication is used when clients reuse a service they’ve already registered for.

*These terms are often used interchangeably, however.

Suggested read: Identification, Verification, and Authentication—What’s the Difference?

Types of biometrics

Biometrics are roughly split into two categories of identifiers: physical and behavioral.

Physical identifiers are fixed human characteristics, such as:

• Face recognition—a technology which identifies and measures a human face. It is an increasingly popular approach among online services, often used on smartphones.
• Fingerprint scan—a technology which recognizes and verifies a fingerprint of an individual. It is the most common type of biometric authentication, which is  also deployed on smartphones.
• Voice recognition—a technology which identifies a person based on their unique voiceprint. It is used by telephone-based and digital service portals to authenticate customers.
• Retinal scan—a biometric technique using a flashing UV light which passes through the person’s retina blood vessels and creates an image code.It is considered to be 20,000 times more accurate than fingerprints, and is commonly employed for medical purposes.
• Iris recognition—captures the iris pattern in the human eye. It’s considered one of the most accurate types of biometric identification, and is faster and less intrusive than a retinal scan. 
• DNA scan—uses genetic material to identify a person; commonly used by law enforcement to identify suspects.

Case study: Mining Platform NiceHash Lowers Security Incidents by 80% with Sumsub

Behavioral identifiers are patterns in the ways that individuals perform particular tasks—patterns in walking, speaking, etc. 

Behavioral identifiers in biometric verification are new to the public and are usually combined with other methods of authentication. The advantage of behavioral identifiers is that they are highly customizable, and can be adjusted to the preferences of your business. For example, companies can use:

• Physical movements to confirm a person’s identity. For example, a person may be asked to pronounce several words or move their head in a full circle.
• Signatures to identify a person and the authenticity of their documents. Signatures are quite common at retail checkouts and in banks where customers already expect to be asked to sign their name.

Biometric verification systems

There are two types of biometric verification systems, depending on where data is stored:

1. Cloud-based (stores data on the cloud);
2. On-premise system (stores data in a physical location where the biometric verification device is set).

During onboarding, a sample of the client’s biometrics (i.e. fingerprint or voice) is saved in a database. When the client wants to access the system, this sample is used as a reference for biometric authentication. If the new record matches the one in the database, then authentication is successful. To make biometric data more accessible and portable, it’s saved in the cloud. Cloud technologies are already widely used, and their security has substantially improved over the years.

Biometric fraud: can biometrics be fooled?

When it comes to fooling facial biometrics, the oldest trick in the book is to wear a mask. Criminals use silicone masks, printed photographs of other people, or even life-size mannequins to access someone’s account. This kind of fraud is known as face spoofing.

The second method is a bit more advanced. It involves fraudsters hacking into cameras and injecting pre-recorded videos or hacking the server itself and editing uploaded biometric data. This method is referred to as bypassing.

Check out this article to learn about the other tricks fraudsters use, and how we can protect ourselves from them: Masks, Animated Pictures, Deepfakes…—Learn How Fraudsters Can Bypass Your Facial Biometrics

Are biometrics reliable for businesses and their clients?

Biometrics are considered to be one of the most accurate and reliable authentication methods. They’re much more accurate and secure than using passwords and 2-factor authentication.

By collecting an individual’s fingerprints, voice, and facial characteristics for future reference, lots of time and costs can be saved on verification. At the same time, companies have to be aware of the way they distribute such sensitive information and learn to protect it. 

Therefore, it’s critical that reliable biometric verification solutions are used, such as advanced Liveness technology.

Liveness detection analyzes a person’s biometric data using machine-learning algorithms. Most often, it’s associated with facial biometrics, but it can combine more than one biometric check. 

Thanks to machine learning, this technology can detect a person’s biometrics and presence during verification with over 99% accuracy, detecting deepfakes, inserted videos, 3D masks, and other presentation attacks through image-processing, face-mapping and motion detection.

Liveness can be used in many ways, from payment fraud prevention to confirmation of risky user actions, such as cash withdrawals. One of the most important uses of Liveness is conducting the “Know Your Customer” (KYC) procedure as part of anti-money laundering (AML) compliance.

Today KYC and AML regulations demand a high level of confidence in the security measures businesses use, which is why biometric Liveness detection is part of almost every identity verification solution on the market.

FAQ

• What is biometric verification?

  Biometric verification identifies a person by assessing their individual characteristics ( fingerprints, iris or retina patterns, voice, face, etc.).

• What are the main types of biometrics?

  There are physical and behavioral identifiers. Physical identifiers include:

  • Voice recognition
  • Fingerprint
  • DNA
  • Photo/video

  Behavioral identifiers include:

  • Physical movements
  • Typing style/signature

• How can biometrics be used to verify and protect identity?

  A biometric identification system verifies the identity of customers by using their unique biometric characteristics (like fingerprints, earshape, voice, etc.)

• What is meant by biometric authentication?

  Biometric authentication is the process of validating a person against their biometric data, which were already saved during the verification process. Unlike biometric verification, which is done during onboarding, biometric authentication is used when a client is already registered to use the service.

• What technologies does biometric authentication use?

  There are different types of biometric technologies on the market. The most popular include fingerprint identification and voice recognition, etc.

• How reliable is biometric authentication?

  Biometric authentication is considered to be extremely reliable and more secure than passwords. Certified biometric solutions ensure that the individual presenting their biometrics is a real person and that they are present during the verification.

• Can biometric authentication be fooled?

  Fraudsters attempt to use various methods to fool biometrics—from phishing to deepfakes. However, it is almost inconceivable to trick an advanced biometric system, such as a liveness detection technology.