printer friendly version

Outsmart fakes

Many biometric readers claim to offer the ability to defend against fake fingerprints and to ensure only live prints, i.e. those attached to a human body are accepted, but not all deliver the goods. Here are five pointers on the concept of avoiding fingerprint spoofing in order to gain the best value for money from your biometric system.

1. Enrolment: True fake finger detection starts at the enrolment process. When recording or enrolling users’ fingerprint templates on the system, it is vital that the person tasked with managing the process is ethical, trustworthy and sufficiently certified or trained. An enrolment officer who allows users to enrol a rubber fingerprint is as dangerous as a network administrator who allows virus-ridden adult websites through the corporate firewall.

2. Optional fake finger detection: Not all biometric solutions offer lens based fake finger detection as standard. This is often a feature which needs to be specified at the proof-of-concept stage in a project to ensure that this optional functionality is included from the outset.

3. Finger and vein print combination: Fake finger detection doesn’t get much better than a device which offers vein and fingerprint biometrics in a hybrid reader as standard. A vein network can be read using unique reference points, which are virtually impossible to duplicate.

4. Fake ‘fake’ finger detection: Be cautious of vendors who offer rubber fingerprints as standard marketing gimmicks to enrol on biometric readers. Not only is this approach detrimental to the integrity and security of the identity industry, it is also a desperate measure to promote products which do not comply with international latent print best practice. Often the so-called ‘fake finger’ or ‘liveness’ detection on these products can be easily bypassed by holding a live finger on the edge of the sensor screen area to satisfy the capacitive circuitry and presenting a fake finger on the rest of the sensor screen.

5. International best practice: Vendors who dismiss the FBI standard as an irrelevant North American certification that does not apply to Europe or Africa are not only ill informed, but are also unscrupulous and unethical. The FBI standard is an internationally recognised minimum requirement for systems that are used in law enforcement and civilian identification.

If your biometric solution is FBI certified, it means that the electronic fingerprint record is an accurate representation of the actual latent fingerprint. Would you allow someone to record your name as Donald Duck on a database? If not then why allow them to inaccurately record your fingerprint on a biometric database. Worse still, if your bank uses fingerprint readers which do not comply with FBI standards, they may be opening themselves to widespread identity fraud and risk.

Also be extremely cautious of vendors who claim that their products are FBI certified when in reality only one or two of their product lines is certified and are not commercially available, while the reader model which they are offering you is not FBI certified.

Following these five rules will ensure that your choice of biometric reader makes it all the more difficult for those with nefarious intent to bypass the biometric processes you have in place to secure assets.

Share this article:

Further reading: