I was recently asked which biometric technology I thought was most reliable. This is a relatively easy question to answer until I considered the wider issues of using it as a form of identification for access management and then trying to work out which technology is best.
Physical biometric identifiers are the distinctive and measurable characteristics used to identify individuals such as facial recognition, fingerprints, palm vein, iris and retina patterns etc.
The reliability of a technology tends to be the inverse of the social acceptance of that technology. Fingerprints are socially accepted with some resistance from those that associate them with criminal behaviour but they have a relatively high false positive or rejection rate. Which may be fine on a small access control system to a comms room but in an airport with thousands of passengers passing through on an hourly basis, a high percentage failure rate is unacceptable. Facial recognition is quite uncontroversial but equally has relatively high failure rates.
It is generally regarded that eye scans are the most reliable form of biometrics. However, technology such as iris and retina scanning appears to have more social resistance due to its perceived intrusive nature. For this reason iris scanning is now more prevalent than the deeper retina scan. The reliability of iris scanning was born out in a study carried out by the National Physics Laboratory some years ago, where is competed against six other technologies and won with the best false match and rejection ratios.
The problem is compounded by the fact that biometric systems provide “probabilistic results”. It is possible to get
variable results due to technical issues and degradation of data. Such as fingerprint damage for example. There is also evidence of ethnicity, age, sex and medical conditions affecting rejection rates. Having poorly installed and maintained systems combined with the deployment of biometric technology at airports and other high volume portals without understanding the biology of the population being screened could lead to long queues.
In conclusion, no single biometric trait has been identified as fully stable or
distinctive and biometric reading technology should only be deployed with this in mind. False positives and reject rates need to be considered in line with the number and biology of the users of the system.