- Email: [email protected]
FIDO puts biometrics at heart of web payments security
FEATURE/NEWS as a form of identification that is extremely difficult to falsify. However, subtle differences in handwriting can go unnoticed without sophisticated means of scrutinising the information. AI can be used to solve this obstacle. The technology can take into account timing and pressure, as well as the slant of different letters and the order of operations; in essence, all the subtle writing habits that an individual demonstrates.
“It’s difficult to predict how this field will change in the coming years, particularly considering the speed at which this technology is advancing. But as organisations prioritise the security of their customers, there are undoubtedly more sophisticated AI-fuelled biometric safeguards on the horizon” These analysis techniques can also be applied to keystrokes. AI can learn a person’s typing habits and determine if someone is trying to impersonate them. Identifying factors like typing accuracy, speed, hand-dominance and pressure can all be analysed to create a means of drawing attention to anomalies to the established patterns. Equally, one major benefit of AI in biometrics is that it allows for constant ...News continued from page 3
standards
FIDO puts biometrics at heart of web payments security
T
he FIDO Alliance – whose global mission is to replace passwords with biometric and related security – has joined forces with the payment card industry body EMVCo and the World Wide Web Consortium (W3C) to create a single interoperable system for making digital payments. The new initiative will likely put biometric security at the heart of the massive web payments market: digital commerce is worth over $3 trillion a year, according to McKinsey’s ‘Global Payments 2018’ report, and mobile commerce and online payments is the “domi10
Biometric Technology Today
monitoring. So while a person’s typing behaviour might change over time, AI tools are able to continuously study the individual’s habits and account for gradual changes, allowing the technology to build a broad typing profile of a user. This in turn allows the system to verify that the person editing a document or filling out information requests is consistently who they say they are. In saying this, it’s very difficult to predict how this field will change in the coming years, particularly considering the speed at which this technology is advancing. But as organisations prioritise the security of their customers, there are undoubtedly more sophisticated AI-fuelled biometric safeguards on the horizon.
About the author Nikolas Kairinos is the CEO and founder of Fountech.ai (https://www.fountech.ai), which specialises in the development and delivery of advanced AI solutions for businesses and organisations. Nikolas also has over 20 years’ experience supporting software startups around the world as an entrepreneur, investor and advisor, and has co-founded numerous AI companies.
2.
3.
4.
5.
References
percent-of-businesses-could-reduce-fraudrisk-if-certain-about-customers-identity-300587192.html. ‘Global Card Fraud Losses Reach $16.31 Billion — Will Exceed $35 Billion in 2020 According to The Nilson Report’. Nilson, 4 August 2015. Accessed April 2019. https://www.businesswire.com/ news/home/20150804007054/en/ Global-Card-Fraud-Losses-Reach-16.31Billion. ‘Facial Recognition Market Worth 7.76 Billion USD by 2022’. MarketsandMarkets, 13 November 2017. Accessed April 2019. https://www. prnewswire.com/news-releases/facial-recognition-market-worth-776-billion-usdby-2022-657221323.html. ‘NIST Evaluation Shows Advance in Face Recognition Software’s Capabilities’. NIST, 30 November 2018. Accessed April 2019. https://www.nist.gov/news-events/ news/2018/11/nist-evaluation-showsadvance-face-recognition-softwares-capabilities. ‘Mastercard Identity Check: Facial Recognition Biometrics’. Accessed April 2019. https://newsroom.mastercard.com/ videos/mastercard-identity-check-facialrecognition-biometrics/. ‘Millennials Driving Demand for AI and Biometrics Security’. Vocalink, 5 December 2017. Accessed April 2019. https://connect.vocalink.com/2017/ december/millennials-driving-demand-forai-and-biometrics-security/.
1. ‘84 percent of businesses could reduce fraud risk if certain about customers’ identity: Experian 2018 Global Fraud and Identity Report’. Experian, 24 January 2018. Accessed April 2019. https:// www.prnewswire.com/news-releases/84-
6.
nant force driving strong digital commerce growth” it says. The FIDO Alliance is urging its member organisations to join the new Web Payment Security Interest Group initiative. FIDO firms include biometric industry stalwarts like Nok Nok Labs, IDEMIA, HID, BIO-key, Fingerprints and Next Biometrics, as well as global tech giants including Google, Amazon and Microsoft. The FIDO Alliance, W3C and EMVCo describe the Payment Group as “a vision for web payment security and interoperability” whose remit is to merge existing technical standards to improve the interoperability and convenience of web payments. W3C CEO Jeff Jaffe pointed to the ongoing “transformation of the payments industry” and said: “This will continue in unpredictable ways as the web adds new services such as streaming video, real-time communications and augmented reality. The Web Payment Security Interest Group will help ensure that new payment models for these services will have security as a fundamental requirement.”
FIDO Alliance director Brett McDowell said: “FIDO standards for simpler, stronger authentication can help secure user interactions. We are pleased to be working with our payment industry partners on how FIDO authentication and authenticator metadata can support their transaction authorisation goals. This interest group will help to streamline co-ordination and requirements sharing with EMVCo and W3C.” Karteek Patel, chair of EMVCo’s Executive Committee, added: “FIDO Alliance, W3C and EMVCo develop complementary technologies that can enhance the security and convenience of web payments. This group has been created to better understand and shape the future of secure web-based payments, and ensure alignment on the work of the three technical bodies.” The Interest Group complements existing specification-level discussions around EMV’s Secure Remote Commerce (SRC) and 3-D Secure (3DS) systems, FIDO Alliance’s FIDO2 specifications, and W3C’s Web Authentication and Payment Request APIs. The Group will also
May 2019
NEWS provide the foundation for collaboration around future technical specifications. As well as formulating a vision for web payment security, its charter includes developing use cases, providing gap analysis, and identifying new standardisation opportunities for each of the three organisations. The technical work involved will be carried out by member organisations. For more information about joining the Web Payment Security Interest Group, visit http:// www.w3.org/securepay/. The FIDO Alliance’s mission is to change the nature of authentication with open standards that are more secure than passwords. In September 2018, it launched a Biometric Component Certification Programme which verifies that biometric systems meet recognised standards for recognition performance and presentation attack detection (PAD) and are fit for commercial use.
automotive market
Subaru showcases how biometrics can cut car deaths
J
apanese car maker Subaru has been showcasing and winning plaudits for new vehicle models that use facial recognition technology to check the driver is not tired or distracted – a major cause of traffic accidents and deaths. The latest Subaru 2020 Outback SUV, launched last month at the New York Auto Show, includes a new DriverFocus ‘distraction mitigation’ system which uses a dedicated infrared camera and facial recognition technology to identify signs of driver fatigue or distraction, and provide audio and visual warnings to alert the driver and passengers. According to US Government figures, nearly 3,500 people in the US were killed in crashes involving distracted drivers in 2016. Worldwide, close to 1.25 million people are killed in road crashes annually, with the US Government estimating that over 90% of crashes are caused by human error – including distraction and fatigue, driving too fast, misjudging other drivers’ behaviour and alcohol. Last month, Subaru’s Ascent and Forester car models were also named among the ‘10 Best Family Cars of 2019’ by Parents Magazine, based on their safety, convenience and value. The Forester includes the DriverFocus face recognition system, and both models offer AI safety systems such as automatic pre-collision braking, lane departure and sway warning technology. The attention and awards given to Subaru highlight the role that biometric systems
May 2019
Subaru 2020 Outback: dedicated facial recognition technology identifies driver fatigue or distraction.
increasingly play in the development of ‘smart’ and eventually driverless vehicles. Parents editor-in-chief Liz Vaccariello emphasised the importance of AI-based safety in its top 10 choice. “In developing this list, we wanted to evaluate what’s important to families at a level that exceeds other car rankings,” she said. “This meant understanding the fundamental features needed in a vehicle, while keeping safety top of mind.” Subaru US president and chief operating officer Thomas J Doll said: “The Parents 2019 accolade underscores our commitment to providing customers with vehicles made to the highest standards of safety.”
racial bias
US study: better image quality could cut face system bias
A
research team from the Florida Institute of Technology and the University of Notre Dame have shed new light on the controversy surrounding the racial bias detected in face recognition technology. In their paper ‘Characterizing the Variability in Face Recognition Accuracy Relative to Race’, published last month, the researchers explore why inequalities in face recognition accuracy occur, and what could be done to mitigate them. Their findings suggest that facial recognition systems may be improving, but that quality of images is a major issue. The five researchers – Krishnapriya K S, Kushal Vangara, Michael C King, Vitor Albiero and Kevin Bowyer – tested the face recognition accuracy between African-American and Caucasian image cohorts of the MORPH dataset using four face matchers – two commercial matchers, COTS-A and COTS-B, and two CNN (convolutional neural network) systems, VGG and ResNet. They report that, for all four matchers, the African-American image cohort had a higher false match rate and lower false non-match rate. They also found that ROC curves compare
verification rates at the same false match rate, but that the different cohorts achieve the same false match rate at different thresholds. “This means that ROC comparisons are not relevant to operational scenarios that use a fixed decision threshold,” they report. The researchers add: “Using ICAO compliance as a standard of image quality, we find that the initial image cohorts have unequal rates of good-quality images.” In their conclusion, the authors suggest that image quality is a key issue, stating: “We find no good evidence for a difference in the face detection or failure-to-enrol rate between the AfricanAmerican and Caucasian cohorts. We find the African-American image cohort is disadvantaged on FMR and advantaged on FNMR compared to the Caucasian image cohort. Across a set of two COTS matchers and two well-known CNN matchers, two matchers have a better ROC for the Caucasian cohort and two have a better ROC for the African-American cohort.” They add: “The more important point is that ROC curves are not an appropriate way to compare face recognition accuracy across demographic cohorts. When ICAO compliance is used to select subsets of the images that are more equal on image quality, we find that the low-similarity tail of the genuine distribution is reduced for both cohorts.” Tackling the question of why their results are at odds with those of previous works, they state: “Our results obtained using the COTS-A and VGG matchers broadly agree with previous works. Our results obtained with the COTS-B and ResNet matchers show that the pattern of ROC results seen in previous works is not general across all matchers. “At least two factors may be involved. One is that COTS-B and ResNet are newer matchers than those used in previous works, and face recognition technology has improved over time. A second factor is that previous works did not identify accuracy differences at the level of the impostor and genuine distributions. If previous works had identified the pattern of the AfricanAmerican cohort having higher FMR combined with lower FNMR, it may have suggested that the ROC for the African-American cohort could in principle be better or worse. More fundamentally, ROC curve comparisons are not an appropriate way to compare accuracy across demographic cohorts for an operational scenario that uses a fixed decision threshold.” They conclude: “Examination of the distributions of scores for elements of the ICAO compliance check suggests that the distribution of image brightness scores is a big, perhaps the main, factor. At this time, we can only speculate on why the African-American image cohort has a larger fraction of poorly-lit images. One speculation is Continued on page 12...
Biometric Technology Today
11
“It’s difficult to predict how this field will change in the coming years, particularly considering the speed at which this technology is advancing. But as organisations prioritise the security of their customers, there are undoubtedly more sophisticated AI-fuelled biometric safeguards on the horizon” These analysis techniques can also be applied to keystrokes. AI can learn a person’s typing habits and determine if someone is trying to impersonate them. Identifying factors like typing accuracy, speed, hand-dominance and pressure can all be analysed to create a means of drawing attention to anomalies to the established patterns. Equally, one major benefit of AI in biometrics is that it allows for constant ...News continued from page 3
standards
FIDO puts biometrics at heart of web payments security
T
he FIDO Alliance – whose global mission is to replace passwords with biometric and related security – has joined forces with the payment card industry body EMVCo and the World Wide Web Consortium (W3C) to create a single interoperable system for making digital payments. The new initiative will likely put biometric security at the heart of the massive web payments market: digital commerce is worth over $3 trillion a year, according to McKinsey’s ‘Global Payments 2018’ report, and mobile commerce and online payments is the “domi10
Biometric Technology Today
monitoring. So while a person’s typing behaviour might change over time, AI tools are able to continuously study the individual’s habits and account for gradual changes, allowing the technology to build a broad typing profile of a user. This in turn allows the system to verify that the person editing a document or filling out information requests is consistently who they say they are. In saying this, it’s very difficult to predict how this field will change in the coming years, particularly considering the speed at which this technology is advancing. But as organisations prioritise the security of their customers, there are undoubtedly more sophisticated AI-fuelled biometric safeguards on the horizon.
About the author Nikolas Kairinos is the CEO and founder of Fountech.ai (https://www.fountech.ai), which specialises in the development and delivery of advanced AI solutions for businesses and organisations. Nikolas also has over 20 years’ experience supporting software startups around the world as an entrepreneur, investor and advisor, and has co-founded numerous AI companies.
2.
3.
4.
5.
References
percent-of-businesses-could-reduce-fraudrisk-if-certain-about-customers-identity-300587192.html. ‘Global Card Fraud Losses Reach $16.31 Billion — Will Exceed $35 Billion in 2020 According to The Nilson Report’. Nilson, 4 August 2015. Accessed April 2019. https://www.businesswire.com/ news/home/20150804007054/en/ Global-Card-Fraud-Losses-Reach-16.31Billion. ‘Facial Recognition Market Worth 7.76 Billion USD by 2022’. MarketsandMarkets, 13 November 2017. Accessed April 2019. https://www. prnewswire.com/news-releases/facial-recognition-market-worth-776-billion-usdby-2022-657221323.html. ‘NIST Evaluation Shows Advance in Face Recognition Software’s Capabilities’. NIST, 30 November 2018. Accessed April 2019. https://www.nist.gov/news-events/ news/2018/11/nist-evaluation-showsadvance-face-recognition-softwares-capabilities. ‘Mastercard Identity Check: Facial Recognition Biometrics’. Accessed April 2019. https://newsroom.mastercard.com/ videos/mastercard-identity-check-facialrecognition-biometrics/. ‘Millennials Driving Demand for AI and Biometrics Security’. Vocalink, 5 December 2017. Accessed April 2019. https://connect.vocalink.com/2017/ december/millennials-driving-demand-forai-and-biometrics-security/.
1. ‘84 percent of businesses could reduce fraud risk if certain about customers’ identity: Experian 2018 Global Fraud and Identity Report’. Experian, 24 January 2018. Accessed April 2019. https:// www.prnewswire.com/news-releases/84-
6.
nant force driving strong digital commerce growth” it says. The FIDO Alliance is urging its member organisations to join the new Web Payment Security Interest Group initiative. FIDO firms include biometric industry stalwarts like Nok Nok Labs, IDEMIA, HID, BIO-key, Fingerprints and Next Biometrics, as well as global tech giants including Google, Amazon and Microsoft. The FIDO Alliance, W3C and EMVCo describe the Payment Group as “a vision for web payment security and interoperability” whose remit is to merge existing technical standards to improve the interoperability and convenience of web payments. W3C CEO Jeff Jaffe pointed to the ongoing “transformation of the payments industry” and said: “This will continue in unpredictable ways as the web adds new services such as streaming video, real-time communications and augmented reality. The Web Payment Security Interest Group will help ensure that new payment models for these services will have security as a fundamental requirement.”
FIDO Alliance director Brett McDowell said: “FIDO standards for simpler, stronger authentication can help secure user interactions. We are pleased to be working with our payment industry partners on how FIDO authentication and authenticator metadata can support their transaction authorisation goals. This interest group will help to streamline co-ordination and requirements sharing with EMVCo and W3C.” Karteek Patel, chair of EMVCo’s Executive Committee, added: “FIDO Alliance, W3C and EMVCo develop complementary technologies that can enhance the security and convenience of web payments. This group has been created to better understand and shape the future of secure web-based payments, and ensure alignment on the work of the three technical bodies.” The Interest Group complements existing specification-level discussions around EMV’s Secure Remote Commerce (SRC) and 3-D Secure (3DS) systems, FIDO Alliance’s FIDO2 specifications, and W3C’s Web Authentication and Payment Request APIs. The Group will also
May 2019
NEWS provide the foundation for collaboration around future technical specifications. As well as formulating a vision for web payment security, its charter includes developing use cases, providing gap analysis, and identifying new standardisation opportunities for each of the three organisations. The technical work involved will be carried out by member organisations. For more information about joining the Web Payment Security Interest Group, visit http:// www.w3.org/securepay/. The FIDO Alliance’s mission is to change the nature of authentication with open standards that are more secure than passwords. In September 2018, it launched a Biometric Component Certification Programme which verifies that biometric systems meet recognised standards for recognition performance and presentation attack detection (PAD) and are fit for commercial use.
automotive market
Subaru showcases how biometrics can cut car deaths
J
apanese car maker Subaru has been showcasing and winning plaudits for new vehicle models that use facial recognition technology to check the driver is not tired or distracted – a major cause of traffic accidents and deaths. The latest Subaru 2020 Outback SUV, launched last month at the New York Auto Show, includes a new DriverFocus ‘distraction mitigation’ system which uses a dedicated infrared camera and facial recognition technology to identify signs of driver fatigue or distraction, and provide audio and visual warnings to alert the driver and passengers. According to US Government figures, nearly 3,500 people in the US were killed in crashes involving distracted drivers in 2016. Worldwide, close to 1.25 million people are killed in road crashes annually, with the US Government estimating that over 90% of crashes are caused by human error – including distraction and fatigue, driving too fast, misjudging other drivers’ behaviour and alcohol. Last month, Subaru’s Ascent and Forester car models were also named among the ‘10 Best Family Cars of 2019’ by Parents Magazine, based on their safety, convenience and value. The Forester includes the DriverFocus face recognition system, and both models offer AI safety systems such as automatic pre-collision braking, lane departure and sway warning technology. The attention and awards given to Subaru highlight the role that biometric systems
May 2019
Subaru 2020 Outback: dedicated facial recognition technology identifies driver fatigue or distraction.
increasingly play in the development of ‘smart’ and eventually driverless vehicles. Parents editor-in-chief Liz Vaccariello emphasised the importance of AI-based safety in its top 10 choice. “In developing this list, we wanted to evaluate what’s important to families at a level that exceeds other car rankings,” she said. “This meant understanding the fundamental features needed in a vehicle, while keeping safety top of mind.” Subaru US president and chief operating officer Thomas J Doll said: “The Parents 2019 accolade underscores our commitment to providing customers with vehicles made to the highest standards of safety.”
racial bias
US study: better image quality could cut face system bias
A
research team from the Florida Institute of Technology and the University of Notre Dame have shed new light on the controversy surrounding the racial bias detected in face recognition technology. In their paper ‘Characterizing the Variability in Face Recognition Accuracy Relative to Race’, published last month, the researchers explore why inequalities in face recognition accuracy occur, and what could be done to mitigate them. Their findings suggest that facial recognition systems may be improving, but that quality of images is a major issue. The five researchers – Krishnapriya K S, Kushal Vangara, Michael C King, Vitor Albiero and Kevin Bowyer – tested the face recognition accuracy between African-American and Caucasian image cohorts of the MORPH dataset using four face matchers – two commercial matchers, COTS-A and COTS-B, and two CNN (convolutional neural network) systems, VGG and ResNet. They report that, for all four matchers, the African-American image cohort had a higher false match rate and lower false non-match rate. They also found that ROC curves compare
verification rates at the same false match rate, but that the different cohorts achieve the same false match rate at different thresholds. “This means that ROC comparisons are not relevant to operational scenarios that use a fixed decision threshold,” they report. The researchers add: “Using ICAO compliance as a standard of image quality, we find that the initial image cohorts have unequal rates of good-quality images.” In their conclusion, the authors suggest that image quality is a key issue, stating: “We find no good evidence for a difference in the face detection or failure-to-enrol rate between the AfricanAmerican and Caucasian cohorts. We find the African-American image cohort is disadvantaged on FMR and advantaged on FNMR compared to the Caucasian image cohort. Across a set of two COTS matchers and two well-known CNN matchers, two matchers have a better ROC for the Caucasian cohort and two have a better ROC for the African-American cohort.” They add: “The more important point is that ROC curves are not an appropriate way to compare face recognition accuracy across demographic cohorts. When ICAO compliance is used to select subsets of the images that are more equal on image quality, we find that the low-similarity tail of the genuine distribution is reduced for both cohorts.” Tackling the question of why their results are at odds with those of previous works, they state: “Our results obtained using the COTS-A and VGG matchers broadly agree with previous works. Our results obtained with the COTS-B and ResNet matchers show that the pattern of ROC results seen in previous works is not general across all matchers. “At least two factors may be involved. One is that COTS-B and ResNet are newer matchers than those used in previous works, and face recognition technology has improved over time. A second factor is that previous works did not identify accuracy differences at the level of the impostor and genuine distributions. If previous works had identified the pattern of the AfricanAmerican cohort having higher FMR combined with lower FNMR, it may have suggested that the ROC for the African-American cohort could in principle be better or worse. More fundamentally, ROC curve comparisons are not an appropriate way to compare accuracy across demographic cohorts for an operational scenario that uses a fixed decision threshold.” They conclude: “Examination of the distributions of scores for elements of the ICAO compliance check suggests that the distribution of image brightness scores is a big, perhaps the main, factor. At this time, we can only speculate on why the African-American image cohort has a larger fraction of poorly-lit images. One speculation is Continued on page 12...
Biometric Technology Today
11