– by Ted Oorbals, CEO, Biocryptology & Alex Lim, Senior Business Development Manager, AccelerAsia
We’ve all gone through the process of having to change our passwords for “security reasons.” Along with strings of special characters, numbers, capital letters mandated by most systems, we promptly forget the password. Rinse and repeat.
The solution many use to solve this problem is to simply write down their passwords and usernames in a “safe place”. This could be on a piece of paper in their wallet, or a document with a list of passwords on a secret folder on their PC. But wallets can be stolen and PCs can be hacked, and now they’ve given a hacker every username and password they have, all in one convenient place. Back to square one.
Customer service issues
We live in an era in which our digital data can be far more powerful than anything inside our wallets. In spite of this, the current identification/authentication process is limited to sets of usernames and passwords, which were developed nearly 60 years ago.
Two-factor authentication (2FA) protocols work better, but they still trace their reliability back to sets of usernames and passwords. This means that if your “master” username & password or your OTP token is exposed to someone else, identity theft and hacking can happen instantaneously.
The inconvenience and risk of identity theft or fraud are pain points not just to end users. According to a study done by User Interface Engineering (uie.com), major e-commerce sites found that 45% of all customers had multiple registrations on the system.
When dealing with a forgotten password, users also call customer service, incurring time and money costs to the businesses. For the average major e-commerce site, there are more than 10,000 customer service calls per year, of which more than 3.000 are login-issue-related calls per year. This results in more than $60,000 spent on calls related to login issues, on top of lost purchases.
An unbeatable advantage
As long as access relies on information you need to memorise or an object you need to possess, there is a risk of something going wrong. But if your access relies on who you are as an individual, it can never be taken away, and is entirely unique. This is where biometrics come in. The market is ready: according to an Oxford University Research Report, 93% of consumers are willing to replace usernames and passwords with biometric identity verification.
Among the most popular biometrics access solutions are two devised by tech giants: Google and Apple (Apple TouchID/FaceID or Android FingerPrint).
Although such methods may seem like ideal long-term solutions, they possess two crucial disadvantages: they are device-specific – for example, Apple TouchID, wouldn’t work for Android users – and more importantly, they are merely a complementary method to yet another linked set of “master” usernames & passwords. This means that if your master usernames and passwords get hacked, your fingerprint data is useless.
The need of the hour is a biometrics-enabled authentication service that is device and platform agnostic, and applicable across the ecosystem.
Lack of reliability and expertise are two of the key reasons information security remains the soft underbelly of the enterprise.
Only the large enterprises are able to afford a comprehensive approach to security, with in-house teams capable of managing end-to-end protection and with competencies to deal with any scenario or contingency. Most enterprises – especially in e-commerce and retail – have to rely on external vendors to manage much of their security. This is aggravated by the many regulations that are difficult to keep track of, from GDPR in Europe to PDPA in Singapore, as well as other specific compliance dependencies in various local jurisdictions.
Add to this the fact that while everyone wants to use biometric data, nobody really wants to be responsible for storing such personally-sensitive information and be exposed to breaches and data theft.
Also, certain APIs are based on facial recognition, which may not be foolproof and has proven to be unreliable, often registering more false negatives than false positives in identification, causing delay and inconvenience to users. The ideal solution is one that is biometric-agnostic, which can add (or remove) layers of security – such as iris scans or fingerprint, in combination or just one at a time – and not dependent on a single point of failure or data source.
Building a biometrics ecosystem
Biocryptology offers the possibility of solving the above problems, by providing value for users and enterprises in that it’s an ecosystem product – a single platform can be used to help authenticate both online and offline access. The app becomes an extension of your identity; its ability to do this is backed by its exceptionally stringent security practices, encrypting all the user data under its stewardship and storing it in multiple locations.
Biocryptology’s “secret sauce” lies in the proprietary security architecture embedded in its app; no other existing platform allows “one identity to rule them all.” The company is building partnerships with big platforms, hosting providers, and large enterprises (banks, insurers, etc.), enabling up to tens of millions of users to be a part of the ecosystem and access services directly via their biometrics identification; it has the potential to become the global standard for secure access control.
When it comes to physical access, on the user side, it can help a typical end-user gain access to their private property such as a car or a home, or can be used to ensure only authorized users access certain devices or files. The system is also perfectly suited for corporate use, providing access to office buildings, IT equipment, and computer files, and even integrating with time & attendance systems.
On the online front, users can access platforms and websites, or securely access cloud storage, all while preventing unwanted third-parties from accessing their account and sensitive data. Apart from being a convenient way to log in to websites and platforms, the app can be used while banking or shopping online.
The inherent flexibility of the biocryptology app enables it leverage the biometric capabilities of the device it is on – whether from Apple, Android, or others – and use it as a key to “unlock” a whole host of other websites and applications. In addition to the applications mentioned above, biocryptology can thus be adapted to many other situations, such as:
- Medical environments (hospitals, medical dossiers, blood banks).
- Hotels, rental properties, and car rentals (booking, payment, check in, check out).
- Temping agencies (providing worker identity confirmation).
- Schools and other education facilities.
- Entertainment subscriptions: TV streaming, gaming.
- Postage and package delivery.
- Loyalty programs.
If you’d like to safeguard sensitive user data from theft and fraud, or would like to join the Trusted Identity Alliance led by biocryptology – or simply know more about biometrics as a security mechanism for your organisation – let’s have a chat.