Biometric authentication has been around for centuries primarily for government, defense and law enforcement purposes. However, widespread consumer acceptance and adoption is only a decade old with Apple’s introduction of Touch ID in 2013 using fingerprint technology to unlock devices and the authorization of certain transactions. Far ahead of its competition, Apple reported only 3 years later that 89% of customers with Touch ID enabled devices had set up the functionality.
Four years later in 2017, Apple augmented Touch ID with Face ID, the first broad consumer-benefiting use of facial recognition technology. While there were concerns expressed about security and privacy, Face ID consumer adoption was rapid. Consumers quickly embraced the new-to-them technology because they easily saw the benefits.
Apple’s example illustrates the premise that when benefits lead the way (not necessarily the cool factor of the technology), consumers are readily open to use biometrics. Apple’s use of this technology is for the sole purpose of the customer’s benefit and security. Increased satisfaction breeds increased loyalty and sales. Face ID is not used to sell more ‘things,’ it is used to provide secure access method for customers’ device and create a positive reaction from the customer.
Fast forward to the present where all of the major digital commerce sites are pursuing authentication via biometrics of the users’ choice moving towards a ‘passwordless‘ world. It’s clear that biometric authentication is a technology that’s going to become very pervasive in the future. As with any new advancements in technology, it’s important to consider the disruptions as part of the process. How companies implement the change will greatly impact consumer acceptance and the level of disruption experienced.
The recent controversy surrounding the use of biometrics by the IRS to authenticate individuals is a good example of what not to do. The only focus was the IRS benefit of authenticating individuals. Although fraud prevention is valuable to all, the IRS never concentrated on that message. There was never an outreach to individuals with full transparency of why and how the information would be used. It was only after the requirement was rolled out, that the IRS and the vendor communicated to the public. Additionally, facial recognition including the matching against existing databases and the retention of that information by a third-party for a government entity felt creepy and ‘big-brother’ like to many. Here is where specific technology nuances can make a difference in public perception.
Unlike facial recognition, facial comparison technology can authenticate an individual without the need to look at or create databases to retain the information. Facial comparison is a point-in-time action of comparing a picture-form government issued ID and a “selfie” which can detect ‘liveness’ of an individual. The ‘liveness’ feature prevents fraudulent efforts to use static pictures to represent an individual.
This significant difference between the two technologies can go a long way to getting individuals comfortable with biometric uses. Apple did not use Face ID to create a database of faces. Face ID is simply used to unlock devices and to make purchases. The individual is in complete control over the set up; not all features such as purchases need to be enabled to use other features like unlocking devices.
Businesses, in almost all industries, have substantial reasons for deploying biometric technology. With the proliferation of data breaches, it should be assumed that what was previously unique data identifiers are out in the world and are available for fraudulent activities. There are also substantial reasons for individuals to be comfortable with the use of biometrics to expedite many of life’s processes and protect them from identity theft. Businesses have an obligation to promote and construct procedures that focus on the consumer experience by doing 3 things.
One: Start with the consumer experience and work backwards.
If businesses solve an individual’s problem, they are more likely to figure out how to solve their own issues. Individuals want a straightforward way to prove they are who they say they are without too much extra work. The increased need for multiple passwords for security will lead the way for greater acceptance of biometrics as an identifier. Businesses should position biometrics to individuals as a time-saver, memory-saver and a security measure. Technologists should work with communication professionals to easily and simply explain how the use of biometric authentication can accomplish all of those functions.
Two: Provide Full Transparency
Businesses need to be completely transparent with consumers when using biometrics. The need for retention of information, and uses of the information should be communicated with the individual’s needs being the maximum consideration and the businesses needs to receive the minimum deliberation. Yes, the use of biometrics can reduce fraudulent activities that would save the businesses significant money, but the messaging should be around how identity theft can be reduced for an individual.
Businesses should be completely upfront when answering questions like
- Who, internally, will have access to the data?
- Will an individual’s biometric data be shared with 3rd parties such as law enforcement or government entities?
- Will biometric data be used for activities other than the original purpose?
Not answering those questions, will lead to mistrust. If there is a consumer beneficial reason for the answers, then trust that the explanation will be well received. Businesses should not hope that no one will notice.
Third: Provide the Individual with Full Control
Businesses need to give all control to the individual. Biometrics are their identity data. They should have full control of how and when it is used. They should be able to revoke it at any time. Just like Apple’s example, functionality should be broken into pieces that allow an individual to accept the use of biometric data in steps. It cannot be an all or nothing proposition for features. Additionally, there will always be laggards who take an exceptionally long time to feel comfortable with advanced technologies. Businesses need to give those individuals a way to conduct business that mitigates the business concerns but doesn’t disenfranchise those that prefer dealing with company personnel directly to authenticate themselves.
There are varying prognostications about consumer acceptance of biometric technologies, but several cases prove that when given the right circumstances individuals can readily and rapidly become comfortable and when given the wrong situations become leery of some of the same types of technology. Businesses can achieve their goal of managing risk and maintain individual trust by understanding the complexities of biometric technology and proactively communicating the benefits to individuals.