As discussed in Part II of this series, getting buy-in from internal and external stakeholders is a critical component to the success of a biometrics identity management (IdM) solution. What is equally important is the setup and deployment method of your chosen biometrics solution.
While biometrics is quickly gaining ground because of its convenience and effectiveness, there are no definitive best practices to follow when it comes to storing the biometric data. Should it be stored locally or in the cloud? What is allowed based on your company’s security/operating policies? What levels of assurance are required?
It’s important to note there is no single, right answer. Each option has its own unique pros and cons that you will have to navigate, and ultimately, you must take into consideration your company’s operational infrastructure and policies to determine which method is right for you. Below is a quick comparison of hosted vs. on-device/on-site.
Security is often the main concern that drives hosting biometrics data on-device/on-site. Some companies and consumers are leery of the cloud because they view it as being especially vulnerable to unauthorized access by third parties (hackers, etc.). In addition, some companies have restrictive infrastructure and protocols that limit the ability to take a cloud-based approach.
In order to quell some potential security fears of biometric data breaches and potentially boost consumer adoption, some providers prefer to store biometric capabilities on each user’s mobile device or computer, which is the approach PayPal supports.
However, the drawback to this data storage method is its inability to support authentication across multiple devices. While localized biometrics stored on the device provides a 1-to-1 authentication at the device level, it does not support the ability for the biometric to be enrolled on multiple devices or support the ability to compare biometrics across a population for fraud prevention.
Technically, any data that is not stored on-site is “in the cloud,” but not all cloud solutions are public. In fact, we’ve seen this to be one of the biggest misconceptions out there regarding the term “cloud”. Privately hosted cloud storage means the data lives in a secure, fully owned data center with limited, controlled access. We recently wrote a blog on the topic of cloud solutions, in which we cleared up some falsehoods and explored some of the benefits of cloud solutions.
Cloud-based biometric data storage allows you to address IdM needs across multiple devices and channels. Solutions can perform both 1:1 (one-to-one) and 1:N (one-to-many) authentication to guarantee the claimed identity belongs to the person providing it and that those unique identity elements (such as a biometric print) are not also connected to other identities. In addition, this data can be used across multiple channels, including a customer’s desktop, smartphone and tablet, and when a consumer upgrades to a new phone, there is no need to re-enroll.
Furthermore, this storage method enables users to share risk insights across organizations and industries. For example, at LexisNexis we offer customers the ability to flag known fraudulent voices that have previously enrolled in the biometric system. This allows organizations to share ‘known bads’ since criminals are bound to stretch across industries and organizations.
Regardless of the modality (fingerprint, voiceprint, etc.), or storage method you decide to use, successful adoption of biometrics requires detailed, up-front planning and a solid 360˚ view of your needs and objectives, as well as the expectations of your customers. For more information on implementing biometrics into your IdM workflows, click here to download our recent white paper.
LexisNexis understands identity and authentication workflows and can help you design a holistic solution that addresses enrollment, infrastructure and integration needs along with the technical aspects to create a solution that is best suited to your business goals. Have additional questions about whether a biometric solution is right for your company, or how it can best fit within your unique environment? Contact us.