"Mission: Impossible" showcases Tom Cruise in a fast-paced espionage thriller. Like all good spy flicks, the movie features the latest in high-tech innovations - in this case, biometrics.
Though Cruise's character coolly outwits biometric technologies such as eye scanning, voice verification, and computerized finger imaging, the reality is that biometrics is emerging as a fast, virtually foolproof means of personal identification.
Financial institutions can make extensive use of biometrics to reduce fraud, enhance security, and lower administrative costs in numerous areas, including automated teller machine and credit card transactions, background checks, systems and facility access, personnel management, and computer security.
Understanding biometrics is essential for financial services industry professionals. Before integrating this brave new world of personal identification information into the everyday operations of a financial institution, however, managers need to address consumer and legal concerns to help guarantee public acceptance.
In layman's terms, biometrics is the science of measuring a unique physical characteristic of a person and comparing that characteristic with a comprehensive data base for identification purposes. Fingerprints, long used by law enforcement, are the best-known example of biometrics in action.
As technology improves and becomes more economically viable, new biometric applications can be used when someone needs a quick, reliable identification.
For example, eye scanning, once seen only in Hollywood movies, now comes in two varieties: 1) retina scanning, which scans the blood-vessel pattern of the retina, the innermost part of the eye; and (2) iris recognition, which uses video technology to scan the iris, the colored part of the eye surrounding the pupil.
Both the iris and the retina contain many more "discriminators," or identification points, than a standard fingerprint. Hand geometry, which takes 90 measurements of a person's hand, were part of security efforts at the Olympiad in Atlanta. Other biometric techniques include signature recognition, vein measurement, thermal recognition of facial areas, and voice verification.
Even paper-and-ink fingerprints are being replaced by computerized finger imaging. For example, in South Africa, finger imaging is being used with ATMs to identify senior citizens when they come to collect their monthly pension payments.
This process starts with placing a finger on a scanner similar to those at a supermarket checkout counter. In seconds, the electronic fingerprint is converted into a computer code and compared against a data base entry. Once the identity is confirmed, fresh banknotes issue from the biometrically equipped ATMs, which the Financial Times described as "the most sophisticated cash dispensers in the world."
The American financial services industry has begun to deploy finger- imaging systems. In an effort to combat fraud, which cost credit card companies an estimated $1.3 billion in 1995 alone, both MasterCard and Visa have started pilot finger-imaging programs.
Under the MasterCard system, "finger minutiae" - the unique identifying data extracted from a person's fingerprint - would be stored in the card itself. When a customer uses his card, he would scan in at the store and his finger image would be compared against information recorded in his card.
In January 1996, Charles Schwab & Co., the nation's largest discount securities broker, installed finger-imaging systems at its headquarters to facilitate security checks on its staff By 1997, the Purdue Employees Federal Credit Union of Indiana will use finger imaging to identify customers.
Recently, several large retailers, including Home Depot, have examined signature verification systems as a way to reduce fraud. The idea is that to the extent a person's handwriting is unique, an on-line writing device at the checkout line could instantly compare the customer's signature with one in a data base.
Similarly, Chase Manhattan Corp. has just begun using voice verification systems to identify customers. And Bank of Boston uses a hand geometry system to help control personnel access to sensitive facilities.
In an international development that could revolutionize ATM transactions, Oki Electric, a leading vendor of ATMs, has teamed up with two New Jersey companies, IriScan and Sensar, to incorporate iris- recognition technology into Japanese ATMs by late this year.
Don Richards, IriScan's director of program development, said the ATM cardholder will first be "enrolled" at his bank. Instead of making up a personal identification number, he will gaze into a scanner similar to a camera that will record his iris pattern and convert it to a digitized code on the magnetic strip of his ATM card.
The next time he needs fast cash, a camera installed in the ATM kiosk will read his iris pattern and match it with the code on his card instantly.
Although it is premature to identify which biometric technologies eventually will win out in the marketplace and become the financial services industry standard, it is not too early to predict that biometrics will be used extensively for personal identification.
Aside from weighing the technical performance, security features, and cost options of various biometric technologies, management also must consider psychological aspects to determine what the public will accept.
As "rugged individualists," Americans might disapprove of technology that they perceive as too invasive of their privacy. With some forms of biometric applications, for example, information about a person's health and medical history may also be incidentally obtained.
"Examination of the iris and retina provides important diagnostic clues about a person's health - the retina more so," said Dr. F.P. Nasrallah, an assistant professor of ophthalmology at George Washington University.
"If I see certain lesions on the retina, I can become suspicious that the patient has AIDS, diabetes, or high blood pressure, for example," he said.
Providing the neighborhood bank with a Social Security number and a password is accepted by nearly all of us, but forking over a retina pattern or computerized fingerprint to an international credit card company might seem too Orwellian for comfort.
An effective customer educational program and a "user-friendly" system incorporating input from focus groups can help allay fears and misperceptions.
Before adopting biometrics, management should coordinate with counsel to determine what, if any, legal concerns are implicated by these new technologies. Although it is being used for governmental purposes, biometrics - as used by financial institutions - is based on private sector activities.
Whereas the consumer voluntarily consents to give identification information to a private sector institution, federal courts generally turn a blind eye.
Similarly, though traditional common-law privacy torts and state statutes might provide for some kind of consumer right in the biometric realm, such a conclusion seems speculative at best. Nonetheless, before embarking on biometrics, financial institutions would be well served to thoroughly research the relevant law.
In addition to teaching consumers about the benefits of biometrics, financial institutions might want to promise their customers that biometric identification information will be for the institution's use only and will not be given or sold to any third parties.
For example, language to this effect could be featured prominently in the customer's ATM or credit card agreement. Similarly, the institution could include an explanation of what identification information it might have to disclose to law enforcement, and under what circumstances.
As biometrics becomes more commonly used for personal identification in financial services, national and state policymakers, regulatory agencies, and the courts all will begin to identify potential problem areas with this new technology and issue comprehensive guidelines for biometric applications.
Financial services industry professionals can help this process from the start by taking a farsighted approach to biometrics as not just a mere technical and security issue, but as a public relations and legal concern as well.
Financial institutions are now eyeball to eyeball with a new, exciting technology that can improve customer service and reduce fraud. Now is not the time to blink.
Mr. Woodward is executive editor of Law and Policy in International Business Journal at Georgetown's Law Center.
