by Cindy White
Cindy White, CMO at Mitek Systems, shines the spotlight on our new white paper that reveals how to fight biometric bias, featuring conversations with thought leaders Stephen Ritter and Alexey Khitrov.
If you follow me on LinkedIn, you know that #breakthebias is a hashtag I use liberally—so it is with pride and pleasure to announce the release of Mitek’s new white paper, “Biometrics and Bias: The Science of Inclusivity,” which is based on my recent conversation with colleagues Stephen Ritter, Chief Technology Officer of Mitek Systems and Alexey Khitrov, CEO and co-founder, ID R&D.
Stephen, Alexey, and I talked about why Multimodal Biometric Authentication (MBA) is at the vanguard of fighting fraud while enabling a smooth onboarding and continuous authentication of customers throughout the banking lifecycle, and how banks can use Mitek’s inclusive MBA technology to delight users with unbiased, convenient, and passwordless protection. Here are a few highlights from our conversation.
Cindy: Let’s unpack Multimodal Biometric Authentication and its ability to deliver unbiased, inclusive authentication. Firstly, how is it different from simpler methods like face biometrics, such as Apple FaceID, to unlock phones or gain access to apps?
Alexey: Face biometrics like Apple FaceID is a great technology, but it serves a specific purpose, and that’s convenience, not security. It’s consumer-grade technology with a backup PIN, allowing you to get into your phone if the biometrics are not available.
From a security perspective, a biometric is only as good as the “back door” option that the device allows. For example, if I know your PIN, I can replace your biometrics with mine on your phone. At that point, I have access to all of your apps and bank accounts. So, it’s not considered a best practice to use consumer-grade facial recognition or similar technologies to protect money.
To protect money, you want to use extremely precise biometrics methods that are rigorous and uniquely attached to specific accounts and apps. Multimodal biometrics is the best approach because it uses multiple sources of information about the person. The combination of voice and face is very effective because it uses two different modalities, two different types of information, and two unique data points you can collect at the same time.
We can then combine these data points into a single user experience. With one action, we can use facial recognition, voice biometrics, and voice and face liveness to determine an identity. That’s important because a good biometric must answer not one question, but two. First, is this the right person? Second, is this a real person, or is it someone trying to pose as me using a picture?
In this way, a multimodal approach can give us four-layered biometric protection with a single step. It’s a very simple but incredibly secure customer experience.
Cindy: How does MBA address key error- and bias-prone “surfaces” such as race, ethnicity, age, gender and transgenderism?
Alexey: Let me begin in general terms. For passive facial liveness, i.e. the ‘Is this a person?’ question, our technology went through ISO 317, aka privacy by design, certification. This is a formal process where white-hat hackers perform penetration testing. They attempt to penetrate the system with appearance-disguising techniques. Thousands of attacks were made on our system, but we maintained an impressive penetration rate of zero across the board. Penetration testing is a great way to test for structural bias within the system because, to pass, the system needs to have been designed unbiasedly from the start.
As part of the data collection, development, and testing process, we developed a type of heat map. Think of it as a kind of three-dimensional chess game that looks at multiple variables like age, gender, ethnic, and racial background. There are so many permutations on the three-dimensional chessboard. We make sure that the data we collect is comprehensive and diverse, and test the algorithms across all groups to ensure performance is equal and comparable.
Regarding correctly identifying transgender people, out of hundreds of millions of authentications performed, we did not experience even a single report of our system discriminating against this group. So it goes to show that the effort we’ve put into building an unbiased system that works in a multi-dimensional environment has been effective.
But to dive a bit deeper into this issue, when it comes to face recognition of transgender people (not liveness), it’s beneficial to keep in mind the question, ‘Are you a match or not?’ That’s the security piece. If someone drastically changes their appearance, the system should not identify it as a match. To avoid potential bias in this situation, we use a technique called a template merge. This is a model enrichment technique, in which every time a person successfully uses the biometric system, the underlying template is recalculated with the most recent face or voice sample.
In this way, the template is not static. It’s changing all the time. The template stays relevant to who the person is right now. So, just as a gender transition occurs over time, an individual’s biometric template will change with them, incrementally.
Cindy: As a result of the enormous uptake in digital banking throughout the pandemic—61 percent of consumers now interact digitally with their bank every week—customers now demand more frictionless banking experiences across the board. How does biometric authentication meet these expectations?
Steve: The pandemic has created a fascinating dynamic in the behavior of people. What began as an aversion toward touching things in order to prevent contracting the virus has now turned into a new, long-lasting behavior.
Specifically, when physical bank branches closed, most people were forced to use mobile check deposit. Before COVID-19, fewer than 20 percent of checks were deposited via mobile. But research shows that when a person is required to deposit checks virtually, i.e. through mobile deposit, by the third time they do it, there’s an 80 percent attachment rate to the new behavior. As a result, we have seen significant sustained growth in mobile check deposits, even after bank branches reopened.
So where do we go from here? With mobile banking now the norm, banks are looking to combine the best of in-branch and digital experiences. Starting with digital onboarding, the next step in the journey is to enable continuous authentication, where a customer’s credentials can log in on an ongoing basis. This is where biometric authentication comes into play. It gives us the path toward that passwordless, convenient, and frictionless experience everyone is looking for.
If done right, biometric authentication ends the push and pull between two opposing forces–convenience and security. In the past, if you wanted more convenient account access, it required more security. But add more security and you create more friction, which makes access less convenient.
One of the beautiful things about multimodal biometric authentication is that it’s a passive technology that allows for continuous authentication. That means the user is not asked to do anything extra or out of the ordinary. With MBA, convenience and improved security can be achieved with one solution.
To learn more about how Mitek’s biometric authentication capabilities can help your institution deliver inclusive, frictionless security, get your copy of our new white paper, “Biometrics and Bias: The Science of Inclusivity.”
About the contributors:
Stephen Ritter - CTO at Mitek Systems
In his role as Chief Technology Officer, Stephen Ritter drives the technical development of Mitek’s award-winning mobile deposit, mobile capture and identity verification solutions, and oversees the company’s computer vision and scientific team at Mitek. Stephen has more than 25 years of experience in machine learning, security, cloud and biometric technologies, and provides innovative sources of technical leadership & expertise.
Alexey Khitrov - Founder and President at ID R&D
ID R&D’s CEO and co-founder, Alexey Khitrov, has extensive first-hand C-level leadership experience with biometric companies, including one of the largest biometric firms in Europe. In the role, he successfully established a US subsidiary, pioneered new products and deployed award-winning solutions with prominent government and Fortune 500 financial institutions.