Businesses and governments across the globe are looking for ways to improve the user identity verification process. Biometric authentication is a security method that’s being increasingly used to verify user identities. Biometric authentication methods help restrict unauthorised access to bank accounts, residential buildings, hardware devices, and software apps, among others.
Biometric authentication methods use physical and behavioural characteristics to verify the identity of an individual. Fingerprint scans, iris scans, face scans (facial recognition), vein scans, voice scans (voice recognition), and DNA tests are a few biometric authentication techniques used to verify a person’s identity.
The use of this technology, however, remains a topic of debate. While many people say that authenticating their identities via biometrics is easier than remembering passwords or security keys, others consider it an invasion of their privacy.
We surveyed over 1,000 people in the UK, ages 18 and above, to understand how comfortable they are sharing their biometric data and if they have any suggestions to improve its usage. Let’s dive into the survey findings to get a clear picture of the public’s perception, especially around the use and storage of biometric data by private companies (other than healthcare providers). You can read the complete survey methodology at the bottom of the page.
Types of biometric authentication methods
There are many different types of biometric authentication techniques. In this section, we’ll discuss the more common ones.
- Fingerprint scan: This authentication method involves scanning a user’s fingerprint and matching it against a registered list of fingerprint data to verify the user’s identity. Fingerprint scanning is a common and widely used biometric authentication technique. More than half of our survey respondents ( 57% ) say they’re comfortable sharing their fingerprint data with private companies. Of the 47% who say they have willingly shared biometric data with a private company, the majority (93%) have used fingerprint technology.
- Face scan: A facial recognition system captures and compares the features and measurements of a human’s face against a database of facial data. Per our survey findings, 82% of respondents have provided facial data to private firms, but only 40% are comfortable doing so.
- Voice scan: Voice scans authenticate a person’s identity based on voice modalities such as pitch and intensity. These are compared against an existing database of voice samples. 58% of our survey respondents have used the voice biometric authentication technology.
- Hand scan: Hand scans identify individuals from the shape of their hands and use measurements such as the height, width, angle, and deviation of fingers for identity verification. A third of our survey respondents ( 33%) have provided their hand scan data to private companies.
- Iris scan: In this method, the unique pattern of an individual’s eye is used for identity authentication. Per our survey findings, 26% of respondents have used this biometric identification method, and 21% are comfortable providing their iris scan data to private companies.
- Vein scan: Vein scans use ultrasound waves to capture an image of the veins on a person’s palm, wrist, or arms for identification purposes. Vein pattern recognition is less commonly used; only 7% of our survey respondents have used this technique.
- DNA testing: DNA tests are mainly used in forensics and healthcare by government agencies. Considering the cost and time involved, this authentication method isn’t generally used for commercial purposes. Only 8% of our survey respondents are comfortable sharing their DNA info with private companies.
91% of respondents aren’t very comfortable with private companies using facial recognition data for personalised advertising
We asked people how comfortable they are with the use of facial recognition in different scenarios. In general, people are more comfortable when the technology is used for government work, such as passport control or police surveillance, than for commercial purposes, such as advertising or shopping recommendations.
Lack of choice when it comes to submitting biometric data for government processes such as visa applications could be a reason more people are comfortable sharing their data with public firms than with private companies. Our survey results also found that 85% of respondents think customers should have the right to opt-out of facial recognition technology used by private companies.
3 out of 4 survey respondents fear misuse of their biometric data
Biometric techniques, such as facial recognition, make authentication easier and quicker, but people have their concerns and doubts. These authentication methods require users to submit their biometric data to a company or an agency, and a majority of respondents expressed concern about this data being misused or stolen.
The concern is higher among the age groups 50 to 64 and 65 and above. One out of four respondents in the 18 to 24 and 25 to 34 age groups “highly trust” trust tech companies to properly use and safeguard their biometric data. On the contrary, none in the 65 and above age group and only 10% in the 50 to 64 age group feel that way.
People in the 65 and above age group are also of the opinion (100%) that private firms shouldn’t be allowed to share their biometric data with other companies without their express consent.
77% of respondents say private companies’ use of biometric data should be regulated by law
Unlike passwords, if biometric data is stolen or breached, it cannot be changed to a new one. This is one of the key concerns about biometric data breaches.
Let’s discuss the example of Suprema, a biometric authentication service provider that became the target of one of the biggest biometric data breaches in the UK. Nearly 28 million biometric records, including customers’ fingerprint and facial recognition data collected by Suprema, were found on an unsecured, publicly accessible database in 2019. Such incidents highlight the need for stringent biometric data security regulations.
The majority of our survey respondents ( 77%) say private companies’ use of biometric data should be regulated by law. Some states in the US have passed laws to specifically prevent the unlawful collection, use, and storage of biometric information. Similarly, the General Data Protection Regulation (GDPR), passed by the European Union (EU), prohibits the collection and processing of biometric data without the consent of customers.
Data security software helps protect users’ biometric data from identity thefts
Following government regulations is one way to ensure users’ biometric credentials aren’t misused, lost, or stolen. Another way is investing in a data security software solution.
Data security software tools encrypt biometric data and make it inaccessible to unauthorised users. They have strong access control mechanisms to prevent data thefts or misuse. These tools help keep your biometric data safe from prying eyes and possible hackers.
*Survey methodology
Data for the GetApp Biometric Technology and Password Management UK Survey 2021 was collected in January 2021. The sample comes from an online survey of 1,011 respondents who live in the UK. The respondents were of the age groups 18 to 25 years, 26 to 34 years, 35 to 49 years, 50 to 64 years, and 65 and above years.