Advancements in online or digital identification, like biometric authentication, are making it harder for fraudsters to perpetrate crimes. However, clever bad actors still find ways around traditional security methods. Deepfakes, for example, are increasingly popular with bad guys or are a growing threat because photos of people are readily accessible online. In some cases, their voices are also publicly available through YouTube videos, Instagram Stories, and other social media sites. Cobbling these likenesses together with socially engineered credentials can yield quite the treasure trove of personal information for fraudsters.
Luckily, traditional biometric authentication methods like iris scanning and fingerprint recognition have given way to more sophisticated systems that include face match, voice match, and liveness detection: multimodal biometrics.
What are multimodal biometrics and how do they work?
Multimodal biometrics leverage multiple forms of biometric authentication to identify individuals. By combining various, tough-to-spoof forms of identity verification, firms can create a more robust approach to account security.
Multimodal biometrics may incorporate any number of different biometric characteristics. A mobile app may layer voice biometrics and facial recognition to improve security that is negatively impacting the customer experience. To successfully launch biometric authentication capabilities, organizations should partner with a reputable vendor that offers a biometric solution that offers enterprise level security and scalability. Then, deploy biometric authentication to customers during account enrollment. After enrolling their biometrics, when the account holder logs in, they will be prompted to take a selfie or record a pass phrase, as examples, and those items will be compared to their biometric template on file.
Biometric modalities each have their own advantages and disadvantages and include:
Fingerprint recognition: Uniquely patterned ridges and valleys on our fingertips provide a distinctive identifier. While highly accurate, issues like poor-quality images can pose challenges.
Face recognition: Facial recognition technology uses multiple images stored on either a personal device or in a larger database or cloud. The facial recognition system analyzes the image using stored images and finds a match. Despite its popularity, especially with the rise of smartphones, facial recognition is subject to changes in lighting, aging, or accessories like glasses or even makeup.
Iris recognition: This high-precision modality leverages the intricate patterns in the iris. However, it may be challenging to acquire high-quality images.
Voice recognition: Account holders record their voice at setup, such as during an initial interaction with a voice assistant, which uses algorithms to create biometric templates. That engine develops an “enrollment” voice template, or a “voiceprint” from the recorded sample that is then matched to future login voice captures. While highly convenient, voice biometrics can be affected by noise or changes in the user's voice due to illness.
Behavioral biometrics: Behavioral biometrics platforms use customers’ digital activity, as well as their approach to online logins to create a behavioral signature that can stand up to fraudsters. As with many biometric modalities, there are privacy concerns to gathering data from online behavior.
Liveness detection: Compares a selfie or voice capture to an indexed photo or voiceprint to assure the submission is coming from a live subject and not AI-produced or altered, and is considered a more spoof-proof authentication. Liveness detection methods are handy for mobile authentication.
Active liveness - Active liveness detection requires the user to read, understand and follow certain instructions to conduct a liveness test—a barrier to access and a distraction in the user experience.
Passive liveness - Passive liveness detection uses biometric data that already exists to verify that the user is a live person, not a picture of a live person, a person wearing a mask, an AI-generated bot, deepfake, or any other impersonation. The passive approach simultaneously checks for liveness during face and voice capture, an additional security check that is imperceptible to fraudsters and more convenient for customers. Instead of creating friction, passive detection eliminates it.
The keys to robust multimodal systems lie in balance. Organizations must select platforms or modalities that complement the limitations of other modalities.
Multimodal biometrics offer security, convenience to traditional identity authentication processes
Biometric authentication is helpful for businesses that wish to improve their know your customer (KYC) processes. This modern process reduces the headaches associated with traditional multifactor authentication methods that use PINs, passcodes, and KBA, or securely reduce their reliance on weak or onerous, typically password-based login practices. Device rebinding, high-risk transaction security, and account self-services are just a few examples of how biometric authentication is reshaping customer identity authentication throughout the customer relationship lifecycle.
Biometrics offer a stronger, more secure defense against conventional fraud. Yet, organizations must understand that bad actors have access to the same advancements in AI and voice or thumbprint or liveness detection technologies.
The good news is that, for example, speech-recognition technology integrates well with other forms of identity verification, such as liveness detection. Liveness detection can help ensure a platform is authenticating a live user rather than a deepfake video or voice sample. Combining different forms of biometrics this way helps improve identity authentication by layering hard-to-crack safeguards on top of one another in a way that does not inconvenience the user.
Implementing multimodal authentication requires careful consideration for the operating environment
Implementing multimodal authentication involves assessing numerous factors, including security requirements, and integrating with an organization’s current tech stack. Important aspects include user enrollment processes, backend infrastructure, and security considerations. The technical complexity of combining different modalities and the issues of standards, interoperability, scalability, and cost are also important considerations.
In high-security environments like airports or government buildings, for example, multimodal biometrics bolster access control and physical security. Financial services firms leverage multimodal authentication to secure transactions, reduce fraud and enhance the customer experience. In the healthcare sector, tightened security protocols improve patient identification accuracy and privacy while streamlining workflows.
Whatever the use case, finding a solution that provides low-friction integration, security, and compatibility with current tech stacks will likely be atop buyers’ priority lists.
Future trends and emerging technologies
One challenge facing even robust identity-authentication solutions like multimodal biometrics is bias. Algorithms aren’t biased themselves, but humans who control the data that goes into the machines can introduce bias into the training process. A facial recognition system trained on images with demographics that aren’t proportional to the actual population can have trouble matching faces of underrepresented demographics. As biometrics become more and more used, and more diversity is captured and included in the databases available, bias becomes less of an obstacle.
All of these factors may lead to higher error rates, slower response times or an increase in false positives, which may label well-meaning people as potentially fraudulent.
The future of biometrics involves rethinking how model developers train their algorithms. Organizations building biometric authentication tools must ensure they train algorithms in various environments and with training data sets that best approximate real-world conditions. To help users get the best experience possible, identity authentication platforms should also include detailed instructions about how to capture the biometric information necessary to authenticate their identities.
Incorporating multimodal biometrics leads to improved identity authentication accuracy and enhanced security by reducing false acceptance and good rejection rates. Multimodal systems are also more resilient to spoof attacks, thanks to their complexity. They add convenience for users by reducing reliance on a single modality and circumventing issues like non-enrollment.
And, perhaps most importantly, multimodal biometrics illustrate how the future of identity verification, through decentralized identities and continuous authentication, can be built.
To learn more about how Mitek enables the future of authentication: