FEATURE
Fingerprinting Plays Key Role in Biometrics Boom

Fingerprinting is an authentication technique that has helped law enforcement officials identify potential criminals for decades, but recently it has started to gain wider usage. The technique is emerging as the most popular form of biometrics, and much of the budding interest is coming from government agencies looking to enhance physical security, such as access to buildings. Corporations are also making a move toward using fingerprinting technology to provide more reliable identification of employees, business partners and customers.

In 2004, fingerprinting accounted for US$367 million of the $1.2 billion biometric companies generated in worldwide revenue, according to market research firm International Biometric Group. This time-tested technique has gained popularity because it is the most mature biometric system. As use has expanded beyond law enforcement, pricing has dropped. "A fingerprint scanner costs only $50 to $100," according to David Ostlund, a consultant with International Biometric Group.

Strengthening Weak Links

In the IT space, low-priced fingerprinting systems represent a potential solution to a number of problems. Companies need to supplement password systems, which can be easily compromised, and fingerprinting represents a stronger security check.

Fingerprinting also has the potential to lower IT costs. "Currently, companies pay help desk personnel a lot of money to handle support calls, and many problems arise when users have problems with or forget their passwords," said Gerry Gebel a senior analyst with the Burton Group. "Fingerprinting offers companies an easier-to-maintain authentication system."

As a result, the technology has started to be used in a few niche markets to ensure that only the right individuals access certain services. Financial services represents an area where new security options are often readily adopted. These firms need to be certain that employees and customers are who they claim to be when they undertake various transactions. Firms such as Fidelity Investments have started to use fingerprinting devices for user identification.

Potential Uses Abound

Health care providers are also starting to rely on fingerprinting when they check in new patients. By forcing patients to enter their fingerprints into biometrics scanners before they receive services, health care companies can cut down on the number of individuals who fraudulently use other individuals' insurance cards. Fingerprinting can also come in handy before hospitalized patients undergo treatment. A quick check of patients' fingerprints will make it clear to nurses and doctors that patients are properly identified as they are about to undergo various surgical procedures.

Vendors are also finding more uses for fingerprinting technology. As employees have become more mobile, notebook theft has become a vexing problem. Fingerprint scanning is emerging as one way to make sure that mobile devices do not fall into the wrong hands. Last year, for example, IBM (NYSE: IBM) outfitted its ThinkPad systems with fingerprinting capabilities so thieves cannot boot up the system.

Corporations also want to safeguard PCs -- not only the devices themselves but often the data that resides on them. In response, Microsoft Corp. (Nasdaq: MSFT) has begun incorporating fingerprint scanning into PC keyboards.

"Recently, there has been a big push by cellular carriers to use fingerprinting to enhance handset security," said Erik Michielsen, a director at market research firm ABI Research. Authentec Inc. has helped Korea Telecom and Japan NTT DoCoMo (NYSE: DCM) incorporated its fingerprint sensor into their wireless handsets, so users do not have to worry about their phones being hijacked.

An Orwellian Omen

While fingerprint use has expanded, there are still a few hurdles that need to be cleared before it becomes a common security check. First, there's the human challenge: Many users are concerned about privacy issues. To some, biometric evaluations still seem too intrusive, too Big Brother-like, for them to accept. In addition, some users understand that no security system is 100 percent effective, including fingerprinting systems, and they become concerned about false positives.

Fingerprinting authentication success rates are quite high -- in the upper 90 percent range -- but that can also mean that sometimes legitimate users may not be allowed access to needed resources. Because of these concerns, fingerprinting deployment can require involvement from human resources specialists, lawyers and top management as well as the IT department.

Deploying a fingerprinting system is not easy. To date, fingerprint identification devices have been designed in autonomous fashion, so it is difficult -- some say impossible -- to connect devices from different manufacturers. "Companies find that fingerprinting hardware is not very expensive, but the required systems integration work can become quite costly," Burton Group's Gebel told TechNewsWorld.

Can Be High-Maintenance

Support for fingerprinting has to be woven into operating systems, applications, and other security systems, such as password systems. Large firms find that many biometric tools are designed to run on Microsoft's Windows operating system and become frustrated with the often onerous integration tasks required to link these items to their existing Unix and mainframe back-end systems.

The ongoing maintenance of biometric devices can often be expensive because few IT technicians are familiar with them. Since it's more complicated than traditional security checks, fingerprinting adds overhead to servers and networks. Transferring a user's biometrics template over a network and storing it is much more costly than transmitting and storing that same user's password data.

Analysts view these as short-term rather than long-term roadblocks. Already, vendors have begun a handful of initiatives in order to create standards so users can mix and match biometric systems. None of the standards are complete yet, but a few should gain market traction in the next few years. And Microsoft has stated that its upcoming Longhorn OS will include an integrated biometrics suite that should simplify integration and maintenance, and many third parties have said they plan to back the initiative.

"In the next few years, fingerprinting will continue to find only niche use in corporations, but eventually its advantages compared to traditional security mechanisms will lead to widespread use," ABI Research's Michielsen concluded.