Biometrics: When will the industry come to its senses?

With public confidence in IT security at times appearing to crumble in the face of recent security blunders, the wonder of biometrics seems to have disappeared, or at least been marginalised.

This mysterious vanishing act, however, was not caused because the technology itself has bombed. Biometrics uses a person's irises, thumbprints, voice and even facial features as unique identifiers, and these are near impossible to forge. Data generated by these features serves as a form of authentication either used as an entry to systems or as a part of the Public Key Infrastructure (PKI). It can work well.

Most biometric applications in use today are in the areas of law enforcement or financial services, all of which seek to prevent fraud or theft by requiring positive identification. But why no full-scale business implementation?

Industry pundits say the delay in implementation in Europe is caused by several factors. Chris Cherrington, analyst at Frost and Sullivan, said biometrics has suffered from an image problem. "Businesses have traditionally seen biometrics as an expensive and complicated technology. It is also seen as a future technology which is not ready for an immediate uptake," he said.

However Neil Barrett, technical director at security consultancy IRM, who has worked closely with Customs & Excise, Inland Revenue and the police, claims the technology is immature for full scale business deployment

He said: "There are few biometric technologies suitable for business applications and none of them are accurate yet. Also, vendors have not brought affordable products to the market, therefore replacing PIN code access devices with biometrics readers will be costly."

Standards bodies can often act as new technology fire starters. BioAPI is the biometrics industry's main standards body, boasting an impressive membership including Barclays Bank, Compaq, HP, NSA and Unisys. But vendors still say the standards are immature.

Joseph Atick, CEO of biometrics company Visionics, which specialises in face recognition, said establishing a vendor-independent body, such as BioAPI, was a major move forward.

"There have been too many efforts in the biometrics industry with standardisation," he said. "However, BioAPI is now the most widely adopted and it governs how biometrics can communicate with applications and sensors to perform verification and identification, which will accelerate the growth of the industry itself."

But confusion does not only exist in the regulatory field. Experts claim IT managers are confused which biometric application would be suitable for what purpose. Graham Welch, UK VP of authentication specialist RSA Security, reckons biometrics is not one-size-fits-all technology.

He said: "Biometrics will not be an answer to all corporate security problems. It will be mainly used for systems access - either to computers or buildings. Biometrics, such as fingerprints, can also function as an authentication part of PKI to protect your private keys when sending an encrypted message."

European experts still seem unsure which part of the human body will be utilised most for biometrics. Will it be a voice command which allows instant access to a building or an iris scan installed at an ATM machine? Frost and Sullivan discovered in a recently published study titled 'The Biometrics Identification Market' that fingerprints will be the most commonly used technology because fingerprint data can be easily stored inside a smart chip.

One of the authors of the study, Chris Cherrington, said: "Fingerprint technology will be most commonly deployed because of its user-friendliness. Fingerprint records have been known to man for hundreds of years. Iris scans are seen as intrusive but can work as a high security application for military or police."

But despite efforts to bring technology developments forward, biometrics is still seen as hostile and alienating. A study published this week by security consultancy Barron McCann found the majority of UK companies prefer passwords and encryption over biometrics - 92 per cent of IT managers interviewed said passwords provide the best protection from hackers and data theft in terms of user-friendliness. This is despite security experts constantly reminding us how insecure passwords are in comparison to technologies such as biometrics.

The London Borough of Newham is examining biometrics as a possibility for home access for elderly residents. Bob Lack, a security specialist working with the Newham Borough in public safety, told silicon.com that the majority of end users find biometric technology intimidating: "People can get very intimated by machines recording, analysing and storing information about their body. They are worried about what will happen when things go wrong."

Some industry insiders are keen to convince us the next big thing in biometrics is voice recognition. RSA Security's Welch thinks it is a technology that could really cut into telecommunications-related applications like phone banking. He said: "Voice-based applications are intrinsic to mobile computing because the phone itself functions as a reader. This can be user-friendly but sadly, this type of technology is still long way ahead of practical implementations."

And that seems to be the consensus. If pundits are to be believed, the heyday of biometrics is still a long way off. The price of adopting the technology and cultural attitudes towards it remain barriers.