Breadcrumb navigation

True or False?
Top Biometrics Myths Busted

From deep fake differentiation to hacking accessibility to biometric practicalities, find out why these common misconceptions aren’t true.

Spies lifting prints from martini glasses. Villains removing people’s eyeballs. Heroes unlocking doors with downed enemies’ palms. Since biometrics entered the scene, we’ve been entertained with the wildest creations of writers’ imaginations – although it’s now pervasive in everyday life, from unlocking phones to making payments, it’s still far from being understood.

To help bring an end to the myths, we’ve called in the experts.

Myth #1:
Face recognition doesn’t work in the long term because a person’s features change as they age.

The reality:
“The sophisticated algorithms, e.g. NEC’s NeoFace, are not affected by superficial changes in a person’s appearance, e.g. hair style/color, moustache or beard, wrinkles or even minor cosmetic surgery, because they look at the skeletal structure of the face, and use micro-measurements such as the distance between the eyes, ears or forehead and many more to uniquely identify a person. These measurements do not change with age after puberty.”
 ~ Christopher Lam, Vice President and Head of NEC Laboratories Singapore

Myth #2:
Face recognition technologies cannot differentiate between blood relatives who look similar or people who look alike.

The reality:
“State-of-the-art facial recognition systems use deep neural networks that are trained on very large-scale data. These allow them to recognize a face even under drastic variations in pose, lighting or other variations. So, modern systems would determine blood relatives such as siblings to be close in appearance, while being able to resolve fine distinctions between individuals that are not discernible to the human eye. In fact, the accuracy of face recognition systems has been tested to routinely surpass even trained human experts.”
~  Manmohan Chandraker, Department Head, Media Analytics, NEC Labs America

Myth #3:
Biometrics technologies can be easily fooled by deep fakes, static fingerprints, photos or even lifting the eyelid of a person as he/she is sleeping.

The reality:
“Biometrics are defined as measuring something from the human body in order to authenticate that person. Thus, the onus is for the biometrics system to check that the measurement is coming from a live human body, and not from images or non-living tissue. This is called ‘liveness detection’. Some systems have this, but some do not. Hence, customers should ask their vendors if they have liveness detection, and not assume it is there.”
~ Dr Terence Sim, Associate Professor; Vice Dean, Communications NUS; Second Vice President, International Association of Pattern Recognition; Editor-in-Chief, International Journal of Pattern Recognition and Artificial Intelligence

“There are several defenses that accompany face recognition systems. This includes liveness detection, which can flag inputs displayed through print-outs, screens, cut-outs or even high-quality 3D masks. A variety of approaches are used for it, some of which illuminate the input with a hidden pattern to determine its authenticity, while others use the power of deep learning to identify spoofs. Secure facial authentication also protects against attacks based on input patterns designed to trip up the system. Just like anti-virus software, such security measures are constantly upgraded to defend against ever-improving adversaries.”
~  Manmohan Chandraker, Department Head, Media Analytics, NEC Labs America

“Biometrics are a form of lock. Just as not all locks are equal, not all biometrics algorithms are of the same quality. They’re only as good as the algorithm that supports it. A good one would include ‘liveness detection capabilities’ that fight spoofs such as photos, videos or even 3D masks. If it is poorly designed and doesn’t have the latest ‘liveness detection’ technology, there is a potential risk of spoofing!  It is easy to fool it just by using your photo from your Facebook or LinkedIn account, or even your WhatsApp profile.”
~ Walter Lee, Evangelist and Head of Public Safety Consulting at NEC Asia Pacific

Myth #4: Biometrics take longer to process than other forms of authentication.

The reality:
“Verification speeds depend on the type of biometrics used. Face recognition is fastest, taking only micro-seconds, while fingerprint authentication requires about one second. Still, it is way faster (and safer) than say, typing in a password and waiting for the system to give you the go-ahead.”
~ Helen Chua, Senior Sales Director, Public Safety Business at NEC Asia Pacific

Myth #5: They are expensive and aren’t cost-effective in the long run.

The reality:
 “The real question is whether businesses like banks can afford not to adopt biometrics. In a recent survey by a global financial services giant, half the respondents said they would consider leaving their bank if it didn’t offer biometric authentication services. This just goes to show how much consumers have already embraced the technology.

The benefits snowball over time and reduce the cost of doing business. To onboard new employees or customers, even for banks' electronic Know Your Customer (eKYC), all they'll need is a selfie and their ID card. Once that’s done, you can imagine how much faster and more convenient it'll be for consumers. The banks will benefit too, as they'll require fewer branches and people. On top of that, they can reduce processing time and manual paperwork by seamlessly integrating with the backend, in turn increasing operating efficiency, reducing human errors and delivering a better customer experience. It’s a win-win for all.”
~ Helen Chua, Senior Sales Director, Public Safety Business at NEC Asia Pacific

Myth #6: Biometric authentication is an invasion of privacy.

The reality:
“By definition, biometric data is considered personal data (under PDPA, and most other privacy laws), and hence ought to be governed by privacy laws. The real issue is thus changing people's perception, and enforcement of violations of privacy laws.”
~ Dr Terence Sim, Associate Professor; Vice Dean, Communications NUS; Second Vice President, International Association of Pattern Recognition; Editor-in-Chief, International Journal of Pattern Recognition and Artificial Intelligence

“Facial appearance is one of the most personal aspects of human identity. Privacy is central to the design and implementation of responsible face recognition solutions. Consumer images are protected by a variety of privacy laws such as GDPR, CCPA and APPI in nations across the world. Facial authentication does not directly use images.  Instead, it uses machine-interpretable features that represent images with a hundred-odd numbers, which may be stored and transmitted with encryption similar to credit card transactions. Techniques such as differential privacy, which the US government uses for its census, are also being developed to provide face-based solutions with a guarantee against leaks of private information.”
~  Manmohan Chandraker, Department Head, Media Analytics, NEC Labs America

Myth #7: Hackers can steal people’s face details or fingerprints once they’ve hacked into a database

The reality:
“To mitigate such concerns which is sometimes referred to as "presentation attacks", good biometric identification and authentication systems will include layers of security such as ‘liveness detection’, presentation attack detection, encryption techniques on the biometric template (the encrypted, mathematical representation of an individual’s biometric data) and PKI, etc.  This is much more secure than PINs and passwords that can be easily stolen and used by hackers."
~ Walter Lee, Evangelist and Head of Public Safety Consulting at NEC Asia Pacific

Myth #8: Cloud biometrics are less vulnerable to external threats.

The reality:
“This is a general security issue that has nothing to do with biometrics.”
~ Dr Terence Sim, Associate Professor; Vice Dean, Communications NUS; Second Vice President, International Association of Pattern Recognition; Editor-in-Chief, International Journal of Pattern Recognition and Artificial Intelligence

“Cloud biometrics are the most convenient (and preferred) way for both institutions and consumers as they enable administrators to grant and revoke permissions, and allow users to authenticate their identities anywhere, on any device. The risk occurs during data transmission, as data needs to be transferred across the network to be verified. This is why it needs to be encrypted, so that even if it is compromised, hackers won’t be able to read it without the API key or access token.” 
~ Christopher Lam, Vice President and Head of NEC Laboratories Singapore

The opinions expressed in this article are those of the authors. They do not purport to reflect the opinions or views of NEC, unless otherwise stated.