As security threats grow more and more sophisticated (thanks in part to AI), organizations across all industries are considering ways to enhance the systems in place to raise red flags in suspicious circumstances, such as identity verification. Traditional methods of ID verification, including passwords, fobs or keycards, especially when they’re not used in a layered scheme, may fall short. But biometrics like facial recognition can help fill that gap, argues Aware’s Mohamed Lazzouni, and not just for financial services organizations.
Editor’s note: The author of this article, Mohamed Lazzouni, is chief technology officer of Aware, an identity verification and biometrics provider.
Biometric data, which refers to physical characteristics that can be used to unmistakably identify a person (including information like facial or iris images, voiceprints or fingerprints) continues to grow in consumer acceptance in both the public and private sectors, according to a survey we conducted. In fact, nearly half of all consumers told us they would be more likely to sign up for a new product or service if biometric identification were offered, the consensus being that most users want the utmost in convenience and security.
While many in industries like financial services, which are highly regulated, may be familiar with using biometrics, that’s far from the only industry where these tools have been successfully applied.
Financial services/AML
Finserv firms face stringent anti-money laundering (AML) regulations and requirements, such as FINRA’s AML rules. Criminals use several common methods to launder funds, such as smurfing, when a money launderer who seeks to evade scrutiny does so by breaking up large transactions into a set of smaller transactions that are below the reporting threshold and/or deposited into different accounts. Biometric authentication can help firms verify the identity of individuals and detect suspicious activities, thereby supporting compliance and risk management efforts.
Smurfs, as they are called, often use fake IDs to set up a number of accounts at one or more banks, under a variety of names and aliases. However, if biometric identity verification were required for each and every account creation or transaction attempt, it becomes much easier to detect when a person is exhibiting an abnormal activity pattern and issue a warning.
Fintechs and neobanks dealing in cryptocurrency face especially significant laundering threats. Since cryptocurrencies provide a high degree of anonymity that is often unattainable in the traditional financial system, these platforms are especially attractive to criminals looking to launder money from their illegal activities. In fact, illicit addresses sent nearly $23.8 billion worth of cryptocurrency in 2022, a 68% increase over 2021. In response, new regulations are now requiring these organizations to adopt more rigorous measures that deter crypto laundering, which may include biometrics.
Can Regulators Keep Up With Innovation?
Disruptive technologies like AI, cryptocurrency, biometrics and blockchain have taken the world by storm, but fintech regulations have struggled to keep pace. While technological advancement is often propelled by the private sector — such as big tech, startups and venture capital funding — regulatory change is constrained by lengthy and convoluted legislative processes.
Read moreGambling and casinos
Several European countries have implemented voluntary self-exclusion programs for people who are dealing with gambling addiction. In some countries, these programs require participants to submit a facial image so casinos can detect when they are attempting to enter the casino.
These programs are gaining traction outside of Europe as well. Massachusetts, for example, has a voluntary self-exclusion program, which can include preventing consumers from entering casino gaming areas and placing sports wagers — or both.
Government
Many small and mid-sized defense contractors must comply with ever-growing security requirements from the Department of Defense. Certain federal contractors may no longer be eligible to receive a government contract if they do not have a beefed-up, fully modernized security system in place, particularly to protect physical areas considered highly sensitive and confidential.
Physical access control (PAC), the process of securing who can or should enter a facility, has traditionally relied on fobs and keycards to control the ability of people to enter a protected area. But of course, these are not foolproof systems, as physical items can be lost, stolen or borrowed, potentially allowing physical access to those who shouldn’t be permitted.
With accuracy rates improving, according to NIST, biometric authentication can add another layer of security by backing up existing systems, helping organizations flag suspicious activities and support compliance and risk management efforts.
Biometric regulation
No U.S. federal laws currently govern the use of facial recognition technology, which has led states, cities and counties to regulate it in their own ways, most often to guide law enforcement use of the technology. Any law enforcement agency considering deploying facial recognition needs to consider if it is legal in their jurisdiction.