However how much use that is is debatable – if the fingerprint or fingerprint image has been compromised then revoking the template and replacing it with another won’t help. And ultimately a person only has a limited number of fingers – potentially revocation could lead to someone being excluded from the system entirely, annoying if it’s a pay by touch system, somewhat more than annoying if it’s a government program.
Attendee views on biometrics were mixed. Maxine Most of Acuity in her presentation demolished a number of what she said were myths about biometrics – that it’s still a technology in development, that consumers are resistant, that they fix identity and limit choice, that public policy is adequate protection for user and that biometrics are private and personal rather than public and personal.
Andrew Whitcombe of Consult Hyperion, in the panel discussion, warned that consumer attitudes to biometrics would change radically as soon as something went wrong – no-one will take kindly to being landed with liability for fraud because their fingerprint had been stolen. For that reason, he felt that biometrics were not a great solution for commercial applications and were better kept for government schemes.
The chances are that things will go wrong too. While the public perception of the reliability of biometrics is influenced by Hollywood movies like Minority Report where the technology works fast and perfectly, many have an accuracy rating of less than 85%. Nearly one in five transactions fail. Only iris recognition makes it into the 90s% and even with that 3% or more of transactions fail.
Perhaps I’m naive (and I don’t watch Tom Cruise movies) but as someone who has watched the biometrics industry from the outside for around 10 years now (I even have a dim recollection of signature verification working with a GEC smart card back in the late 80s), I cannot see how that is adequate. Things don’t seem to have improved much over the years either. And compare 15% failure with 10 -135 failure, as quoted with regards to the document verification scanning system.
Is it even better than nothing? What do you think?