It’s been reported that business leaders have joined forces with Greater Manchester Mayor Andy Burnham to explore the potential use of new vein ID biometric technology that could be used in the region’s transport, education and healthcare services. The group, chaired by Mike Blackburn OBE, director of The Growth Company and Marketing Manchester, will examine the technology which uses the unique finger vein pattern to provide secure, identity-enabled transactions. The company behind the technology, FinGo, believes the biometric solution could connect people to key services in the region more seamlessly and securely. It was initially launched in the hospitality sector for payments, and has been adapted for identity purposes in recent months.
The full story can be found here: https://www.business-live.co.uk/economic-development/andy-burnham-business-leaders-explore-19463591
All too often, biometrics are seen as the panacea for solving the difficult task of accurately and securely identifying people with a seamless user experience. Yes, biometrics have a role to play, but they have important limitations, and if not deployed in the right way, they pose a significant risk. First of all, biometric identification is not 100% accurate — it relies on the probability of the facial or fingerprint scan, for example, belonging to the user, and operates with what is often a relatively high False Acceptance Rate (the chance that the user is not who the system thinks they are). Secondly, if a biometric scan is ever compromised, there is no method for a user to get a new fingerprint or facial scan — you can’t just change it like you do a password. Thirdly, and most importantly, the biometric design proposed for Manchester requires every individual’s biometric vein pattern to be stored in a central government system which will become a prime target for hackers. A much more secure way to leverage biometrics is to rely on fingerprint and facial scanning functionality now available on most smartphones combined with a modern authentication standard like WebAuthn which includes protection against phishing and other forms of identity theft.