Lest we paint a too-rosy picture of biometrics security, it is important to examine the pros and cons of the technology. Biometrics is no different from other security solutions; in short, it has its own inherent weaknesses.
Bruce Schneier, chief technology officer and co-founder of Internet securities surveillance company Counterpane Internet Security Inc., and author of such books as Secrets and Lies, says he preaches risk management. Whether a bank chooses a particular device depends on its needs. "They have to understand what the technology does and doesn't do and make a decision," he says.
Biometrics are great, Schneier says, because they are difficult to forge. A person's fingerprint or retina is unique. Even if a crook cuts off someone's finger to bypass biometrics security, scanning devices can tell if the finger is on a living person.
However, Schneier poses the question, "What happens after the biometric is digitized? When your biometric is lost, that's it. Your thumbprint isn't like a digital certificate that can be issued again. You lose it for life."
Schneier says the way biometrics can be most successful is if a "trusted path" is used. "This is an internal system-not the Internet and not an ATM network."
He cites an announcement by Virgin Atlantic and British Airways in which frequent fliers will be checked in with iris recognition technology at London's Heathrow Airport. This experiment in biometrics will be very successful, claims Schneier, because it will be on a closed, closely-monitored system.
"Biometrics should never be the only security method," Schneier cautions. "It has to be used in conjunction with something else."