- Email: [email protected]
Biometrics market: where are we now?
FEATURE
Biometrics market: where are we now? Both before and after London’s Biometrics 2006 show, many who will man the stands or scour the floor for the latest developments will, once again, find themselves reflecting upon their relationship with the biometrics market and how this has evolved since the last show or, indeed, how this will develop before the next show. Twelve months have whizzed by and the usual questions will come to the fore: Where are we now? Do we all still want the same things as we last recalled? And, probably most importantly, where are we heading? This article presents a personal view from Alan Wong, a biometric consultant at Steria. During a graduate roundtable meeting with senior management for a large systems integrator I received my first piece of professional advice: “Ladies and gents, you are in an exciting industry. Things that were new and promising a year ago are extinct today and what is new and promising today was unimaginable a year ago. However, this is not what our clients want. They want certainty. They are not interested in taking risks unless there are substantial rewards. So, I want you to know that my aim, and yours, is simple. We are here to make IT simple, easy and, most importantly, boring.” Over the past 12 months, the market for biometric technologies has continued to shift and reinvent itself. Most integrators now deal with “Identity Management” instead of biometrics, the client is becoming increasingly educated in the technologies and not just learning from integrators and, as the requirements roll out, vendors are becoming progressively more market led in their offerings. This short review will examine the changes within the biometrics market over the last year in terms of two key elements:
the end users of the technology and the suppliers and their offerings.
Who are our customers and what do they want? From a systems integrator and technology vendor’s point of view the number of clients is increasing and the types of customers is broadening. Traditionally, biometric systems sat within the criminal justice space and the only major buyers were police forces or law enforcement related organisations. With the advent of US-VISIT and US government-led biometric passport legislation, this situation changed, and, for many Governments, this was the initial catalyst for their engagement in the world of biometrics. Within the UK, for example, over the last 12 months, the eBorders and ID Cards projects have remained prominent opportunities involving biometric technology. However, more recent developments include the Government’s increased interest in biometrics for Visa enrolment, the initiatives suggesting consolidation of biometrics data within European Union’s (EU) supranational
systems and the building interest in connecting the UK to the Schengen II system, which contains an element of biometric technology. (Note: As far as European systems are concerned, the EURODAC system for the management of asylum seekers still remains the largest fullyoperational biometric implementation, and was developed by Steria and HP.)
The UK Government As many previous commentators have pointed out, the biometrics industry expects the usage of biometric technology to be taken up widely in National Government before eventually filtering through to the private sector. Indeed, current projections for the UK’s National Identity Register (NIR) include a “Gold Standard” identity authentication system that the public sector will provide to the private sector. Through its involvement in biometric related procurements via several departments, the UK central government is becoming an increasingly sophisticated client. Its requirements to date have been for proof of concept systems to test performance of biometric technology or variants of such studies and, from these, it has managed to gain real life deployment experience and knowledge. In recent procurements, UKvisas made a step change with procurements for fully functional operational systems. However, this does not mean that there will be no more testing – the Identity and Passport Service (IPS) has indicated that it will look to procure a biometric trial system in late 2007. In addition to the above, it has also been noted that over the last 12 months, the UK Government has moved beyond just wanting to make biometric technology work, but it has also showed interest in interoperability and technology future proofing.
The private sector The last 12 months has also shown increased interest from the private sector, specifically in areas where the increased security has had the potential to enable cost savings. The
7 Biometric Technology Today • September 2006
FEATURE delays associated with ID cards and such like has forced many vendors and integrators to refocus by offering an opportunity to smooth revenue streams through developing opportunities in banking, entertainment, transport and retail. For example, there have been biometric projects in Disneyland (fingerprints), HSBC (face), ABN Amro (voice), supermarkets (fingerprints), airports (face, iris) and several casinos (face) within the UK. For these opportunities, suppliers have had to place additional focus on Return On Investment (ROI) and the Value Proposition, perhaps by highlighting increased throughput or convenience. Google’s takeover of Neven Vision has also sparked interest and has highlighted the ways in which biometric technology can be used in novel ways to open up new markets.
Privacy In both the private and the public sector, intrusion into privacy has continued to be of great importance and of concern to the public. In the case of ID Cards, the Information Commissioner expressed concerns over scope creep. Disagreements between the US and Europe were also evident when European courts judged that it was illegal to meet US demands for the transferral of information about transatlantic air passengers. To counter public fears regarding privacy, it is envisaged that the procedures, public authorities and technologies to uphold data protection laws will become increasingly prominent. One solution would be to use biometrics technologies to improve authentication and ‘logging in’ systems that provide access to sensitive data.
The suppliers and their offerings? The most unusual activity over the last 12 months when compared to previous few years is probably the mergers and acquisitions that have taken place between ‘biometric’ companies. Specifically of particular interest to most will be the amalgamation of Identix, Viisage, Iridian and SecuritMetrics into a single organisation. The new vendor will be the first ‘face, finger and iris’ biometric company. The role of suppliers within the supply chain is also changing in some cases. With limited success, a number of vendors are choosing to potentially increase margins and go direct to end user clients instead of using 8
the more traditional approach of partnerships with systems integrators. With increased client sophistication and the growing support infrastructure of expanding vendors, this approach can be expected to become more common for smaller and less complex projects.
Fingerprinting The UK Passport Service’s original 10,000 person biometrics trial was one of the first major systems to start using easier-tocapture slaps instead of rolled prints. This preference for convenience with slap prints for civilian applications has continued. The US-VISIT program has shown an interest in replacing its current capture process with slap technology and vendors have responded accordingly with the major scanner manufacturers supporting slaps in latest products. Additionally, the US has been key in driving through standardisation with its support for BioAPI 2.0 and its treatment of slap prints. Further standardisation efforts have come about through the increasing role of NIST Fingerprint Image Quality (NFIQ) for fingerprint quality checking and the Common Biometric Exchange File Format (CBEFF). A number of vendors are using subsurface technologies to overcome traditional fingerprint capture problems that occur with poorly conditioned fingers and provide improved spoof detection. Unfortunately, this technology currently only features in single print scanners, although there are talks of incorporating it into ‘higher end’ slap scanners. Lastly, the available resolution of scanners has, once again, been pushed higher. 1000 dpi fingerprint scanners are increasingly common, thus enabling the capture of higher quality images.
Iris recognition The iris recognition market continues to be dominated by Iridian Technologies, despite the maturity of its patent. Iridian’s head start in bringing its technology to market has made the emerging alternatives look interesting, but seemingly not yet commercially viable. SecuriMetrics’ portable unit continues to be one of the only commercially available ‘all-in-one’ portable iris enrolment and verification/identification units. Iridian’s portable PDA solution is not yet commercially available, but it is fairly safe
to assume that its products in this area will receive a boost in the near future or be merged with the SecuriMetrics’ offerings, as both SecuriMetrics and Iridian now belong to the same holding group. Lastly, in line with other biometrics, ICAO has recommended standardisation for interoperability of iris technology. This has come in the shape of a recommendation for standardised iris templates. In the past, this recommendation has been academic since Iridian was the only vendor for iris technology, but this has changed with the introduction of market competition.
Facial recognition In the last year or so, the facial recognition market has seen the introduction of several pieces of key technology designed to tackle traditional drawbacks. Within the 2D space, a major change has been with the increasing use of near-infrared lighting to control ambient lighting. Several 3D technologies have also become more prominent and have proven to perform better than traditional 2D systems in some areas. With the use of high-resolution cameras, skin texture analysis is also being used to improve recognition performance. Further, vendors are also developing hardware based techniques to reduce specular reflection in image capture and incorporating their recognition technology into mobile phones or using mobile phones as a capture device to client-server based recognition systems. Lastly, the form factor of facial recognition equipment is evolving. Vendors are moving beyond focusing only on algorithm performance and turning their attention to the capture devices used. For example, some vendors are building camera units with integrated lighting specifically designed for facial recognition and are also considering further integrated feedback mechanisms to ease user enrolments and verifications. The amalgamation of these different improvements is helping to iron out many of the problems that have traditionally dogged face recognition. The emergence of effective facial surveillance solutions are also becoming increasingly plausible.
Other biometrics The other biometric technologies that have increased their profile within the industry are voice (‘speaker’ recognition), and vein (palm and finger). The vein technologies count as
Biometric Technology Today • September 2006
SURVEY their main strengths, difficulty to spoof and contactless enrolment and verification. Voice technology is making an increasing impact by enabling the automation of password resets over the phone and improving authorisation security. The key strengths of speaker recognition are in its ability to conduct enrolments and verifications without specialist equipment and its lack of negative connotations, such as those (perhaps unfairly) currently associated with fingerprints for criminality, and iris for discomfort. A number of voice vendors will improve their European presence for the 2006 to end of 2007 period so it would be sensible to expect increased activity in this space within Europe over the coming 12 months.
Conclusions As the industry continues to mature and consolidate, the likelihood of smaller vendors merging with others increases. The shape of the supply side of the market is also expected to continue to change. In the last year, the roles of end users, integrators and technology vendors have, in some cases, changed subtly whilst the technologies have, predictably, improved. Over the next few months, one of the challenges that will face suppliers will be the need to produce systems that are acceptable to the private sector and the public sector, whilst also delivering a compelling ROI. Solution creators will need to be creative with their designs, making the most of latest developments, and controlling performance using not only robust system design and
Biometrics in healthcare This month’s survey will focus on the growing use of biometrics in health care applications. It will consider healthcare applications in which biometrics have been deployed successfully and review relevant case studies. In addition it will address challenges facing implementation of biometrics in health care applications. While the public’s attention is primarily focused on the use of biometrics in homeland security and critical infrastructure applications, biometric technologies, such as fingerprint, iris recognition and hand geometry, have gained traction in health care applications. From an application perspective, biometrics can: • combat fraud and abuse in health care entitlements programmes; • protect and help in the management of confidential medical records; • identify patients; and • secure medical facilities and equipment. The most high-profile of these applications is the use of biometrics to prevent fraud and abuse. The National Health Care Anti-Fraud Association (NHCAA) estimates that, in the United
Biometric Technology Today • September 2006
States alone, at least US$51 billion, or 3%, of the nation’s annual health care outlay in calendar-year 2003 was lost to outright fraud. In addition, various law enforcement and government agencies believe the loss could be potentially US$170 billion, or 10% of the USA’s annual expenditure, each year. While conventional views of health care fraud and abuse focus on recipient fraud – which biometrics’ use in fraud prevention is typically focused on – provider fraud may in fact be equally as severe a problem. A percentage of health care providers commonly bill for services never rendered, a tactic known as phantom billing. Others bill for more expensive procedures or services than were actually performed – a process referred to as upcoding. Audit data authenticating users and monitoring services received can be utilized by funding sources, such as private insurers or the government, to
effective product selection methodology, but also effective strategies to deal with the issues associated with rapidly changing technology, ergonomics and human factors. Several important UK and central European Government contracts are likely to progress over the coming 12 months and these are expected to further catalyse the market into more innovation and change. For the moment, the biometrics industry fails to be “boring”, has started to find ‘fans’ in the private sector and appears to be diligently tackling problems that seemed unsolvable only a year ago. This article was provided by Alan Wong, biometrics consultant for Steria’s Identity Management and Intelligence Practice. For more information please email: [email protected]
verify health care visits, track treatments and services rendered – in order to help reduce fraudulent claims by providers. In addition, audit data can deter unauthorized users from attempting to infiltrate the system due to the fact that they will be leaving behind personal biometric data in the act of committing their crime. Both recipient and provider-based fraud impact insurers, providers, hospitals, and health care agencies. According to the NHCAA, whether fraudulent claims are submitted to insurers or government agencies, which are the initial targets of fraud, society will eventually bear the costs through higher insurance payments, higher taxes, and/or reduced benefits.
Medicaid Integrity Pilot In Texas, a biometric and smart card-based program to address recipient and provider fraud in the Medicaid system has been in operation since 2004. The Medicaid Integrity Pilot, or MIP, was initially designed to evaluate the performance and acceptance of fingerprint and smart card technologies for recipient authentication at the point of service. One of the main objectives of the MIP program was to reduce upcoding and phantom billing, the annual costs of which had been estimated in the hundreds of millions of dollars. After a multi-vendor pilot period spanning six counties, roughly 1000 providers, and approximately 200,000 participating clients, the MIP program 9
Biometrics market: where are we now? Both before and after London’s Biometrics 2006 show, many who will man the stands or scour the floor for the latest developments will, once again, find themselves reflecting upon their relationship with the biometrics market and how this has evolved since the last show or, indeed, how this will develop before the next show. Twelve months have whizzed by and the usual questions will come to the fore: Where are we now? Do we all still want the same things as we last recalled? And, probably most importantly, where are we heading? This article presents a personal view from Alan Wong, a biometric consultant at Steria. During a graduate roundtable meeting with senior management for a large systems integrator I received my first piece of professional advice: “Ladies and gents, you are in an exciting industry. Things that were new and promising a year ago are extinct today and what is new and promising today was unimaginable a year ago. However, this is not what our clients want. They want certainty. They are not interested in taking risks unless there are substantial rewards. So, I want you to know that my aim, and yours, is simple. We are here to make IT simple, easy and, most importantly, boring.” Over the past 12 months, the market for biometric technologies has continued to shift and reinvent itself. Most integrators now deal with “Identity Management” instead of biometrics, the client is becoming increasingly educated in the technologies and not just learning from integrators and, as the requirements roll out, vendors are becoming progressively more market led in their offerings. This short review will examine the changes within the biometrics market over the last year in terms of two key elements:
the end users of the technology and the suppliers and their offerings.
Who are our customers and what do they want? From a systems integrator and technology vendor’s point of view the number of clients is increasing and the types of customers is broadening. Traditionally, biometric systems sat within the criminal justice space and the only major buyers were police forces or law enforcement related organisations. With the advent of US-VISIT and US government-led biometric passport legislation, this situation changed, and, for many Governments, this was the initial catalyst for their engagement in the world of biometrics. Within the UK, for example, over the last 12 months, the eBorders and ID Cards projects have remained prominent opportunities involving biometric technology. However, more recent developments include the Government’s increased interest in biometrics for Visa enrolment, the initiatives suggesting consolidation of biometrics data within European Union’s (EU) supranational
systems and the building interest in connecting the UK to the Schengen II system, which contains an element of biometric technology. (Note: As far as European systems are concerned, the EURODAC system for the management of asylum seekers still remains the largest fullyoperational biometric implementation, and was developed by Steria and HP.)
The UK Government As many previous commentators have pointed out, the biometrics industry expects the usage of biometric technology to be taken up widely in National Government before eventually filtering through to the private sector. Indeed, current projections for the UK’s National Identity Register (NIR) include a “Gold Standard” identity authentication system that the public sector will provide to the private sector. Through its involvement in biometric related procurements via several departments, the UK central government is becoming an increasingly sophisticated client. Its requirements to date have been for proof of concept systems to test performance of biometric technology or variants of such studies and, from these, it has managed to gain real life deployment experience and knowledge. In recent procurements, UKvisas made a step change with procurements for fully functional operational systems. However, this does not mean that there will be no more testing – the Identity and Passport Service (IPS) has indicated that it will look to procure a biometric trial system in late 2007. In addition to the above, it has also been noted that over the last 12 months, the UK Government has moved beyond just wanting to make biometric technology work, but it has also showed interest in interoperability and technology future proofing.
The private sector The last 12 months has also shown increased interest from the private sector, specifically in areas where the increased security has had the potential to enable cost savings. The
7 Biometric Technology Today • September 2006
FEATURE delays associated with ID cards and such like has forced many vendors and integrators to refocus by offering an opportunity to smooth revenue streams through developing opportunities in banking, entertainment, transport and retail. For example, there have been biometric projects in Disneyland (fingerprints), HSBC (face), ABN Amro (voice), supermarkets (fingerprints), airports (face, iris) and several casinos (face) within the UK. For these opportunities, suppliers have had to place additional focus on Return On Investment (ROI) and the Value Proposition, perhaps by highlighting increased throughput or convenience. Google’s takeover of Neven Vision has also sparked interest and has highlighted the ways in which biometric technology can be used in novel ways to open up new markets.
Privacy In both the private and the public sector, intrusion into privacy has continued to be of great importance and of concern to the public. In the case of ID Cards, the Information Commissioner expressed concerns over scope creep. Disagreements between the US and Europe were also evident when European courts judged that it was illegal to meet US demands for the transferral of information about transatlantic air passengers. To counter public fears regarding privacy, it is envisaged that the procedures, public authorities and technologies to uphold data protection laws will become increasingly prominent. One solution would be to use biometrics technologies to improve authentication and ‘logging in’ systems that provide access to sensitive data.
The suppliers and their offerings? The most unusual activity over the last 12 months when compared to previous few years is probably the mergers and acquisitions that have taken place between ‘biometric’ companies. Specifically of particular interest to most will be the amalgamation of Identix, Viisage, Iridian and SecuritMetrics into a single organisation. The new vendor will be the first ‘face, finger and iris’ biometric company. The role of suppliers within the supply chain is also changing in some cases. With limited success, a number of vendors are choosing to potentially increase margins and go direct to end user clients instead of using 8
the more traditional approach of partnerships with systems integrators. With increased client sophistication and the growing support infrastructure of expanding vendors, this approach can be expected to become more common for smaller and less complex projects.
Fingerprinting The UK Passport Service’s original 10,000 person biometrics trial was one of the first major systems to start using easier-tocapture slaps instead of rolled prints. This preference for convenience with slap prints for civilian applications has continued. The US-VISIT program has shown an interest in replacing its current capture process with slap technology and vendors have responded accordingly with the major scanner manufacturers supporting slaps in latest products. Additionally, the US has been key in driving through standardisation with its support for BioAPI 2.0 and its treatment of slap prints. Further standardisation efforts have come about through the increasing role of NIST Fingerprint Image Quality (NFIQ) for fingerprint quality checking and the Common Biometric Exchange File Format (CBEFF). A number of vendors are using subsurface technologies to overcome traditional fingerprint capture problems that occur with poorly conditioned fingers and provide improved spoof detection. Unfortunately, this technology currently only features in single print scanners, although there are talks of incorporating it into ‘higher end’ slap scanners. Lastly, the available resolution of scanners has, once again, been pushed higher. 1000 dpi fingerprint scanners are increasingly common, thus enabling the capture of higher quality images.
Iris recognition The iris recognition market continues to be dominated by Iridian Technologies, despite the maturity of its patent. Iridian’s head start in bringing its technology to market has made the emerging alternatives look interesting, but seemingly not yet commercially viable. SecuriMetrics’ portable unit continues to be one of the only commercially available ‘all-in-one’ portable iris enrolment and verification/identification units. Iridian’s portable PDA solution is not yet commercially available, but it is fairly safe
to assume that its products in this area will receive a boost in the near future or be merged with the SecuriMetrics’ offerings, as both SecuriMetrics and Iridian now belong to the same holding group. Lastly, in line with other biometrics, ICAO has recommended standardisation for interoperability of iris technology. This has come in the shape of a recommendation for standardised iris templates. In the past, this recommendation has been academic since Iridian was the only vendor for iris technology, but this has changed with the introduction of market competition.
Facial recognition In the last year or so, the facial recognition market has seen the introduction of several pieces of key technology designed to tackle traditional drawbacks. Within the 2D space, a major change has been with the increasing use of near-infrared lighting to control ambient lighting. Several 3D technologies have also become more prominent and have proven to perform better than traditional 2D systems in some areas. With the use of high-resolution cameras, skin texture analysis is also being used to improve recognition performance. Further, vendors are also developing hardware based techniques to reduce specular reflection in image capture and incorporating their recognition technology into mobile phones or using mobile phones as a capture device to client-server based recognition systems. Lastly, the form factor of facial recognition equipment is evolving. Vendors are moving beyond focusing only on algorithm performance and turning their attention to the capture devices used. For example, some vendors are building camera units with integrated lighting specifically designed for facial recognition and are also considering further integrated feedback mechanisms to ease user enrolments and verifications. The amalgamation of these different improvements is helping to iron out many of the problems that have traditionally dogged face recognition. The emergence of effective facial surveillance solutions are also becoming increasingly plausible.
Other biometrics The other biometric technologies that have increased their profile within the industry are voice (‘speaker’ recognition), and vein (palm and finger). The vein technologies count as
Biometric Technology Today • September 2006
SURVEY their main strengths, difficulty to spoof and contactless enrolment and verification. Voice technology is making an increasing impact by enabling the automation of password resets over the phone and improving authorisation security. The key strengths of speaker recognition are in its ability to conduct enrolments and verifications without specialist equipment and its lack of negative connotations, such as those (perhaps unfairly) currently associated with fingerprints for criminality, and iris for discomfort. A number of voice vendors will improve their European presence for the 2006 to end of 2007 period so it would be sensible to expect increased activity in this space within Europe over the coming 12 months.
Conclusions As the industry continues to mature and consolidate, the likelihood of smaller vendors merging with others increases. The shape of the supply side of the market is also expected to continue to change. In the last year, the roles of end users, integrators and technology vendors have, in some cases, changed subtly whilst the technologies have, predictably, improved. Over the next few months, one of the challenges that will face suppliers will be the need to produce systems that are acceptable to the private sector and the public sector, whilst also delivering a compelling ROI. Solution creators will need to be creative with their designs, making the most of latest developments, and controlling performance using not only robust system design and
Biometrics in healthcare This month’s survey will focus on the growing use of biometrics in health care applications. It will consider healthcare applications in which biometrics have been deployed successfully and review relevant case studies. In addition it will address challenges facing implementation of biometrics in health care applications. While the public’s attention is primarily focused on the use of biometrics in homeland security and critical infrastructure applications, biometric technologies, such as fingerprint, iris recognition and hand geometry, have gained traction in health care applications. From an application perspective, biometrics can: • combat fraud and abuse in health care entitlements programmes; • protect and help in the management of confidential medical records; • identify patients; and • secure medical facilities and equipment. The most high-profile of these applications is the use of biometrics to prevent fraud and abuse. The National Health Care Anti-Fraud Association (NHCAA) estimates that, in the United
Biometric Technology Today • September 2006
States alone, at least US$51 billion, or 3%, of the nation’s annual health care outlay in calendar-year 2003 was lost to outright fraud. In addition, various law enforcement and government agencies believe the loss could be potentially US$170 billion, or 10% of the USA’s annual expenditure, each year. While conventional views of health care fraud and abuse focus on recipient fraud – which biometrics’ use in fraud prevention is typically focused on – provider fraud may in fact be equally as severe a problem. A percentage of health care providers commonly bill for services never rendered, a tactic known as phantom billing. Others bill for more expensive procedures or services than were actually performed – a process referred to as upcoding. Audit data authenticating users and monitoring services received can be utilized by funding sources, such as private insurers or the government, to
effective product selection methodology, but also effective strategies to deal with the issues associated with rapidly changing technology, ergonomics and human factors. Several important UK and central European Government contracts are likely to progress over the coming 12 months and these are expected to further catalyse the market into more innovation and change. For the moment, the biometrics industry fails to be “boring”, has started to find ‘fans’ in the private sector and appears to be diligently tackling problems that seemed unsolvable only a year ago. This article was provided by Alan Wong, biometrics consultant for Steria’s Identity Management and Intelligence Practice. For more information please email: [email protected]
verify health care visits, track treatments and services rendered – in order to help reduce fraudulent claims by providers. In addition, audit data can deter unauthorized users from attempting to infiltrate the system due to the fact that they will be leaving behind personal biometric data in the act of committing their crime. Both recipient and provider-based fraud impact insurers, providers, hospitals, and health care agencies. According to the NHCAA, whether fraudulent claims are submitted to insurers or government agencies, which are the initial targets of fraud, society will eventually bear the costs through higher insurance payments, higher taxes, and/or reduced benefits.
Medicaid Integrity Pilot In Texas, a biometric and smart card-based program to address recipient and provider fraud in the Medicaid system has been in operation since 2004. The Medicaid Integrity Pilot, or MIP, was initially designed to evaluate the performance and acceptance of fingerprint and smart card technologies for recipient authentication at the point of service. One of the main objectives of the MIP program was to reduce upcoding and phantom billing, the annual costs of which had been estimated in the hundreds of millions of dollars. After a multi-vendor pilot period spanning six counties, roughly 1000 providers, and approximately 200,000 participating clients, the MIP program 9