Matthew Cole, group executive vice president, public security & identity, Idemia discusses the changing security landscape, why biometrics offer the best security and identification option and more. Edited excerpts:
Ever since the pandemic, we have been living a hybrid life—office and home; digital and physical. In that context how is security changing? How do we ensure correct identity on digital platforms?
It’s always been our position that biometrics are the best form factor for authenticating someone’s identity. Passwords or remembering say, seven unique things about yourself and putting in combinations of those and so on for authentication are just not as strong as biometrics. Because only you can be you. No one else can imagine what your fingerprints are. We see biometrics having the best capability to secure not only the digital world, but also the physical world.
On platforms like the metaverse there’s already a problem of fakes and identifying the right people. How will biometrics work in the metaverse to verify avatars? How exactly will you authenticate a user or a brand or a product?
You can use biometrics as part of the transaction to create the credentials. In the metaverse this credential could be the attributes of the Avatar. And depending on the level of assurance you’re looking for them, that may be sufficient. But if you’re doing recurring or frequent transactions with that avatar then you could also do an authentication at the point of biometrics. You could do that through the digital devices the person is using and authenticating the biometrics with the person behind the avatar, either at the point of creation or at the point of the transaction.
How secure are biometrics? Can they be compromised?
Discover the stories of your interest
They are absolutely secure. We believe that with biometrics only you can be you. And there’s an incredibly high accuracy rate behind the use of biometrics for authentication.
Within biometrics, what is the most secure -fingerprints, iris, voice samples?
Our focus is on fingerprints, face and iris. And each has its merit depending on the use case. We see similar levels of performance accuracy across them, it really depends on the nature of the use case and the kind of experience that you’re trying to create.
How have the challenges for security professionals changed in the last couple of years?
Last couple of years have created this greater interaction between the physical and digital worlds. And that’s the same route our government customers and law enforcement customers have seen. They’ve seen an increasing demand with this kind of merging of physical and digital worlds. We see biometrics becoming even more important in terms of their applications because of those trends. So we’re seeing demand, and the needs of our customers increase in the same way that we’ve just seen our own needs increase.
In government documents — passports, driving licenses, there is a problem of fakes. How can this be checked?
Our guiding principle is to create documents that are easy to inspect, but hard to reproduce. We embed the latest innovations in terms of security design features that we can build into the physical documents so that they are difficult for someone who doesn’t know the formula behind those security features to be able to reproduce them. But trained people like Border Patrol agents are easily able to visually inspect them and see those security features because they know where to look.
With the next generation of identity documents there is integration of biometrics in the photo itself, in the system behind it, so that people are able to use the biometrics captured in the document with the person’s biometrics.
Like virtual or digital credit cards, governments are experimenting with virtual passports and driving licenses too? How will these be secured?
That’s the trend. We have active contracts with multiple countries, where we are doing digital identity documents. We’ve got some recent contracts where we have requirements to deliver digital passports as well.
One good example of where we progressed in terms of mobile identities in the US is driver’s licenses. Most Americans use driver’s licenses as their principal form of identity. We have been working with the states across the US to issue digital counterparts of the document. We recently entered into a partnership with Apple where we are storing those digital driver’s licenses in a state app. We’re also pushing them into the Apple Wallet so users could have their digital driver’s license in the Apple Wallet alongside their payment card.
Even air travelers in the US can use that mobile driver’s license to do frictionless authentication when they go through the security checkpoint. My personal view is that we’ll see a world where physical documents and digital documents will co-exist.
What are the changes you see in terms of tech advancements in security, authentication of people, and biometrics in the next 5 to 10 years.
Digital identity and digital companions to physical documents for sure will be one of the most prevalent trends. We’re seeing a lot of governments moving towards what we call federated identity, where you might be required to have access to a number of different services. And you may need to have credentials for each of those. But you don’t want to have multiple credentials. So you have a central credential. And then you leverage that central credential. Think about it as kind of a single sign-on for identity.
Despite all the technology and biometrics frauds do happen. Bank accounts get compromised or some other digital theft happens…
It’s a constant cat and mouse game of advancing technology in the same way the criminals or people seeking to do wrong are using increasingly innovative means to try and find those loopholes. Our customers need to win that race and keep ahead of the curve in terms of the security that we build into our systems. We think that having biometrics at the heart of that security is for sure the best means.
On digital platforms users fear their privacy is being compromised. They have to give away too much information on almost every platform. How can governments ensure personal data protection?
It’s an incredibly important topic. Almost every country around the world has either done something about it or is actively doing something about it. My personal view is that privacy is an incredibly important issue. I think, what we need to do as we create those regulations, we need to do them in a very methodical and thoughtful way. So that you can ensure privacy, but also, at the same time deliver exceptional experiences to consumers.