printer friendly version

Online fingerprint verification

Nick van der Merwe expounds on the benefits of fingerprint biometrics.

The recent announcement by the Department of Home Affairs (DHA) to allow real-time identity verification has been met with mixed reactions.

This announcement came after months of successfully using fingerprint biometrics at the branch offices of the DHA for ID book and passport applications, as well as the successful completion of a pilot involving various banks.

According to Dr Nick van der Merwe, director of Ideco Technologies and chairman of SABS SC71Q biometrics standards workgroup, biometric verification is the only way to definitively confirm the identity of a person.

“The DHA has been using fingerprint biometrics since the 1950s and since the mid-nineties thousands of South African companies use these systems every day. In fact more than 2 million employees in the country use their fingerprints on a daily basis to access their offices and clock for work, and we have not experienced a single case of compromised privacy, stolen biometric identity or fraudulent use of biometric identity in cases where our solutions have been used. Ideco also operates the SAPS criminal record verification system for employee background screening, using a system based on fingerprints.”

Biometrics provides a much higher form of security than documents like the DHA’s green ID book. These books are forged regularly by swapping photos, printing whole fraudulent books or even getting one fraudulently issued by corrupt officials. Such fraudulent ID books are often used to open bank accounts, obtain credit, etc at a huge cost to the economy each year.

The basic characteristics of fingers do not change over time, and each person’s fingerprints are unique. What makes a fingerprint unique is not necessarily the pattern of ridges on the fingerprint image, but all the points where ridges start, stop or split. Biometric readers have the ability to identify these points (called minutia) and store them as a reference (called a template). Once this is done, the image is deleted and it is physically impossible to recreate the original image – the fingerprint – from these points. What can be done, however, is to match another set of points to this reference set, making it possible to verify the identity of the customer. Unlike other authentication mechanisms, biometrics cannot easily be lost, stolen or forgotten, and also cannot easily be shared.

“This has enormous benefits to all legitimate customers of the banks as identity fraud will be stopped in its tracks,” Van der Merwe continues. “It would be impossible for fraudsters to hijack your identity and trade with your bank account. For high-risk situations, there are readers that offer fake finger detection, so using a fake finger or dead finger will be useless as these readers can detect if the finger is not real.”

Although a person’s fingerprint template is regarded as personal information, there is little privacy risk in using it, assuming that due care is taken in the secure storage, transmission and usage of that template. The Electronic Communications and Transactions (ECT) Act makes specific provision for an advanced electronic signature, and biometric authentication will play an integral part in this process. In terms of privacy, the Protection of Personal Information (PoPI) Bill provides a legal framework for the protection and use of private information. In terms of information security the relationship works both ways – on the one hand biometrics is a secure and accurate authentication mechanism – and conversely tools such as encryption are used to secure the biometric data. Within the standards environment specific attention has been paid to the security aspects of identity management and privacy, including biometrics, specifically in the work done by Working Group 5 of ISO/IEC JTC1 SC27.

“You can, however, learn considerably more about an individual’s private life from their credit card details and social networking sites such as Facebook than you can from a fingerprint template,” says Van der Merwe. Once fingerprint verification is fully integrated into the banking system, in credit card machines, ATMs and even as part of online banking using personal biometric devices, no one else can have access to your account.

Share this article:

Further reading: