Card, mobile credential, payment and security
Researchers lump products, providers together missing the mark
As campuses have embraced electronic distribution of financial aid and banking services tied to campus cards, have students been forced to pay more for the convenience? The U.S. PIRG Education Fund says ‘yes,’ suggesting that college students have been unfairly targeted for extra fees to the financial benefit of both banks and universities.
In a June 2012 report entitled “The Campus Debit Card Trap: Are Bank Partnerships Fair to Students?” the U.S. PIRG asserts that university and bank partnerships to offer financial products to students are unfair and should be curtailed. The researchers explore both student ID cards and student loan disbursements that are tied to a bank account, debit card or reloadable prepaid card.
The report states that nearly 900 schools with more than nine million students nationwide have partnerships with banks or other financial firms. These include 32 of the 50 largest public four-year universities, 26 of the 50 largest community colleges and six of the 20 largest private not-for-profit schools. In total, these banking partnerships reach 42% of the student population.
Though the U.S. PIRG contends that universities and financial services companies make a lot of money from these partnerships, not all parties agree.
Most financial institutions working with campus card programs describe long-term relationship building with young, soon-to-be professionals as the driver for these programs. Short-term profit windfalls simply don’t exist, according to representatives from these institutions.
Wells Fargo has relationships with 40 colleges and universities across the country and views college partnerships as a way to teach new users about financial services products. “[We] are being introduced to students, many of who are looking for their first financial institution. We serve their needs, and hopefully they’ll be lifelong customers and build healthy financial habits,” says Richele J. Messick, spokesperson for Wells Fargo.
Most of Wells Fargo’s university partnerships are connected to student ID card services rather than dedicated exclusively to financial aid delivery.
The U.S. PIRG report states that when student ID services become connected to financial options such as open-loop debit cards, it “may mean that a bank/financial aid firm has taken over the process of issuing IDs at the school.”
Wells Fargo contends that this is not the reality of the relationship and that the banking aspect of a student ID is optional. “The student is the one who has the choice,” says Messick. “You don’t have to link a campus ID to a Wells Fargo account.” When the student opts not to turn on the banking feature of an ID, the ID card still contains all the other campus services, but it just doesn’t also function as a debit card.
The main crux of the U.S. PIRG report focuses around fees related to these types of cards as well as debit cards related to student loan disbursements. The report says that universities are increasingly moving to debit cards as a way to give students their loan money, but by using cards as a form of disbursement, students are at risk of incurring fees.
PIRG sees this as a problem when the dollars in question comes from taxpayer-provided grants and federal loans. U.S. PIRG says this money is designed to go to lower income students who can’t afford the fees tied to these accounts.
For a federally funded student loan to be disbursed via a payment card, the Department of Education stipulates that this is possible “as long as the issuing bank provides conveniently located fee-free ATMs.”
The U.S. PIRG report contends that “convenient” and “fee-free” ATMs still cause problems when lines get too long or cash runs out.
It cites that Higher One, a financial aid disbursement firm with agreements at around 520 schools, has 600 ATMs in service. At peak disbursement times, students queue up in long lines to access their money free of charge, and demand can be greater than the supply of money, forcing some to incur fees of up to $5 because they end up using out-of-network ATMs to get their loan funds.
In the case of Higher One’s ATM position, Shoba Lemoine, spokesperson for Higher One, points out that the company’s debit card isn’t the only disbursement option for students. “Once a school contracts with Higher One to help it disburse refunds to its undergraduate population, the students work with Higher One to select how they want their refund.”
With a Higher One account, students may have their refunds sent to them in one of three ways: direct deposit via ACH to any bank of their choice, a paper check by mail or into an optional Higher One OneAccount checking account. “They must actively choose to open this account,” says Lemoine.
“It is absolutely the student’s choice how they want to receive their refund and they will never be charged to receive it, per Title IV requirements. They can also change their preference at any time at no cost to them. This simply gives the student more choice in how they receive their refunds from their school.”
Lemoine says that a student has the option to choose to open a OneAccount FDIC insured checking account for their loan disbursement. Higher One offers this account through its banking partner, and it has no monthly fee and no minimum balance. Students must activate the account themselves and opt to have the loan money deposited into the account. “Approximately 50 percent of students do not choose to open a OneAccount to have their refunds deposited there,” says Lemoine.
In contrast to the report’s portrayal of the students waiting 50 deep in line at a single fee-free ATM on a campus, most providers boast large ATM networks to support student accounts. U.S. Bank has 23,000 ATMs across the country, Wells Fargo has more than 12,000, and both Blackboard and Sallie Mae offer more than 43,000 surcharge-free ATMs via membership in the Allpoint Network.
Blackboard, a long time player in the closed-loop off-campus market with their BbOne offering, launched their financial aid delivery product called BlackboardPay in 2010. The company’s more recent entry gave them a different perspective on financial aid delivery, says Jeff Staples, vice president of market development for Blackboard.
“We committed to deliver a product that best helped students gain access to their Title IV funds,” says Staples. “We looked at the market and asked how we could best serve both the campus and the student … and not at the expense of one over the other.”
Blackboard points to the prepaid platforms from Money Network and Discover as “new tools” they were able to call upon in the creation of the BlackboardPay. These tools provide features they say are not typically found in older debit solutions. According to Staples, BlackboardPay doesn’t charge a PIN debit fee, there is no possibility of overdraft and there are no minimum balance or monthly service fees for active cardholders. Students can access the funds at no cost at more than 7 million Discover merchants, any of the more than 43,000 surcharge-free Allpoint ATMs and via the Money Network Check to any payee including free check-cashing privileges at more than 3,800 Wal-Marts nationwide.
“Seeking technical compliance with Title IV with a few hundred ATMs isn’t really the same as serving the students’ needs with more than 40,000 ATMs plus ATMs deployed on campus,” Staples said.”We think the campus and students deserve the best offering and fee schedule available, not something that’s simply better than average.”
Compelling students to opt for these branded debit cards is another unfair practice, cites the U.S. PIRG report because it opens up students, “already vulnerable as consumers in this area,” to the risk of incurring extra fees, such as hefty overdraft fees and PIN swipe fees.
This may be a young student’s first experience with a financial institution, and the report says that confusing fee structures for these accounts can cost students a lot of money in “hidden” fees.
Most providers of these services take offense to the concept that fees are hidden. Virtually all providers list fees online and provide documentation of fees at multiple points in the process. Financial accounts, like other services, are not free and have fees associated with them. Even “fee-free” accounts have fees for out-of-the-norm activities or improper usage.
“Higher One is not a bank, so cannot speak for those banks named and examined in the study, but Higher One’s offerings do adhere to the fundamental principles discussed by U.S. PIRG in its study, including: 1) providing students with choices, 2) being transparent about how accounts are structured, and 3) enabling colleges and universities to comply with the Department of Education’s standing regulations as they relate to the electronic disbursement of Title IV funds to students,” says Miles Lasater, COO of Higher One in an e-mail statement.
The unfair fees described in the U.S. PIRG’s report are not unlike fees paid by traditional consumers for traditional banking accounts. Virtually all accounts charge for using foreign ATMs and for overdrafting an account. Many banks also charge traditional customers monthly fees for checking accounts. Some banks mitigate those fees for students by offering them accounts with lower fees than the institution’s traditional checking account.
At $3 a month, Wells Fargo’s college checking account is less than its next cheapest account, Value Checking, which costs $9 a month, or $7 for online only statements. Other checking packages that combine savings and debit can cost $12 a month, or $10 for online only statements. The college account includes many benefits of other checking packages, such as checking, savings, a debit card, online bill pay, mobile banking and text account alerts. “Our college offer is a great deal for college students. It’s designed with them in mind,” says Messick.
Higher One’s entry-level checking account has no minimum balance requirements and no monthly fees. It doesn’t require a background check. “Many students find this appealing,” says Lemoine.
Higher One OneAccount customers get a Debit MasterCard, which has a 50-cent fee for PIN-based transactions. “We encourage students to choose free signature-based transactions at the point of sale because they are protected with the MasterCard Zero Liability policy against fraudulent purchases and they are more cost-effective for Higher One. So this fee is avoidable and many students never incur it,” says Lemoine.
Still it is this fee that has caused a great deal of the negative attention to the Higher One offering, and some suggest this has led to the harsh view on student financial account products in general.
“We know that the last thing that a student needs to do is to accumulate more debt,” says Lasater. “We therefore provide financial literacy programs and options so that students can learn how to avoid incurring any fees at all. In short, when it comes to the $1 trillion in student debt that is currently outstanding, we look to be part of the solution in helping students manage their money wisely.”
General purpose reloadable (GPR) cards, commonly called prepaid cards, are a rapidly growing product for campus card and financial aid delivery applications. According to the Federal Reserve, they are also the fastest growing electronic payment method in the U.S. The PIRG reports takes a harsh view of prepaid citing the lack of government regulation and protections.
Describing the prepaid card industry as unregulated, the report cites “no real consumer protections by federal law” and “no protections to limit your liability.”
To the contrary however, bank-issued prepaid products are often treated with the same protections as other payment offerings. Several issuers of prepaid products mentioned in the report, suggest that painting prepaid cards with such as broad stroke is irresponsible and misleading. According to one provider, “it is true that prepaid industry is not regulated in the same way as credit and debit, but as a bank, all our prepaid users are protected in the same way as other card customers.”
Prepaid debit offers great tools as long as the platform is designed with the consumer in mind, says Blackboard’s Staples. “BlackboardPay accounts are FDIC insured and feature an extremely compelling fee schedule,” he adds. “It is a very consumer-friendly iteration of prepaid debit.”
A number of parties – service providers, campuses, associations and publications – have both publicly and privately called into question the accuracy of the PIRG report. Perhaps the most frequently heard compliant was that the report seems to lump all student-facing financial services together. According to a statement issued by the National Association of College and University Business Officers, “the U.S. PIRG report conflates the student aid refund process with debit-linked college and university campus cards.”
In reality, these are very different products. They are marketed differently to students, entered into with different drivers from the institution’s perspective, and priced differently for users.
NACUBO goes on to say the report, “fails to adequately recognize that students have a choice in deciding where and how to manage personal banking and financial transactions and that campus cards are offered by campuses for service, convenience, and security.”
It is difficult to argue that efforts to contain tuition costs require the streamlining of administrative services. This is the fundamental reason that campuses first began to explore electronic delivery of financial aid. According to NACUBO, “the (PIRG) report misleads readers to believe that campuses profit by providing electronic refunds of student financial aid dollars.” Most interviewed for this article agreed that cost savings can be achieved via these services. But they stressed that few campuses create new revenue streams.
Despite the questions surrounding the report’s accuracy, it has already spawned dozens of media reports, legislative rumblings and at least one lawsuit.
U.S. Sen. Dick Durbin, D-Ill., said he “will be working in Washington to put an end to the unreasonable practices highlighted in this (PIRG) report.” The measures he intends to take were not specified in Dubin’s press release.
A lawsuit has been filed, and timing makes it appear to be at least in part a result of the report. A California resident and college student claims financial services provider Higher One “deceptively assessed bank fees” and that the “plaintiff and other Higher One account holders nationwide, were deceived into using a Higher One account in order to access their college financial aid money…then subsequently charged unfair and improperly disclosed bank fees.”
This is not the first time student-facing financial services have come under fire. Most agree it will not be the last. For many professionals that live and breathe these services on a daily basis, it is just unfortunate that some well-intended researchers missed the mark on a number of very fundamental concepts … creating the current stir.
Dates: November 6-8, 2012
Location: Paris, France
Venue: Paris Nord Villepinte Exhibition Centre
URL: http://www.cartes.com
Description: CARTES is the world’s leading Smart Technologies event dedicated to security, payment, identification and mobility. Each year, it brings together 430 exhibitors, 79% of whom come from outside France, 20,000 visitors and 1,300 congress participants to explore the industry’s latest trends and innovations.
Dates: September 18-20, 2012
Location: Tampa, Florida
Venue: Tampa Convention Center
URL: http://www.biometricconference.com/
Description: The 2012 Biometric Consortium Conference and Technology Expo, presented by AFCEA, NIST and NSA, will address the important role that biometrics plays in identification and verification of individuals for government and commercial applications worldwide.
The Conference will be two and a half days of presentations, seminars and panel discussions with the participation of internationally recognized experts in biometric technologies, system and application developers, IT business strategists, and government and commercial officers. The 2012 Conference and Expo focuses on biometric technologies for homeland security, identity management, border crossing, electronic commerce, and other applications.
Dates: March 5-7, 2012
Location: Las Vegas, Nevada
Venue: Mirage Hotel
URL: Click here
Description: CARTES in North America will combine a high level conference program with international experts and a comprehensive exhibition featuring the most representative companies in card manufacturing, payment solutions, identification solutions and digital security.
Mobile devices are poised to become the ID credential of the future. In a recent video interview, Blackboard Transact president David Marr shared his views on mobile platforms in higher ed and the impacts on campus card offices. CR80News’ Chris Corum discussed the topic with Marr as well in a podcast.
He describes the mobile device as “the virtual front door of the institution,” but he stresses that you can’t just leave that door propped open. “The credential that is the key to opening that door will reside in the campus card office,” he says.
When it comes to service delivery on the modern campus, Marr explains, “geographic boundaries of a campus are no longer the primary driver, mobile devices and applications have blurred these boundaries.”
He suggests that campus card administrators get immersed in the conversations about mobile on their campus. “Let IT know that campus card solution providers are moving the credential to the phone,” he says, “I am confident that will get their attention.”
In the video, Marr highlights several exciting mobile initiatives underway at campuses across the country including Stanford University and University of Washington.
To listen to the podcast, click the play button below:
HID, Arizona State pilot multiple handsets, carriers and apps on campus
As the Fall semester geared up at Arizona State University, something revolutionary was happening in one of the residence halls. Select students living in Palo Verde Main were no longer using their Sun Card to gain access. Instead they were using cell phones.
Compared to most residences, Palo Verde Main was already considered advanced in access control circles. For six years, contactless technology in the student ID card had granted access to the building. But in August, a group of students and staff became the first in the country to use smart phones equipped with near field communication (NFC) technology instead of keys or cards.
ASU worked with HID Global on the pilot. The company’s contactless iCLASS technology powers the student ID known as the Sun Card and HID readers secure residences, offices and labs throughout the Tempe campus.
Though the pilot came together rapidly, the spark for it was years in the making. “Three-years ago I began to notice a lot of press around NFC,” says Laura Ploughe, director of Business Applications and Fiscal Control for University Business Services at Arizona State University. “I mentioned it to my HID rep and about a week later he sent me news clip from ASSA ABLOY hospitality with a photo showing a phone opening a door.”
It was an “aha” moment. She realized the phone was the ubiquitous device that would really change things. “I stuck the news clip on my wall with a pushpin and it has been there ever since,” she says.
At a trade show this spring, Ploughe saw a demonstration of HID’s new iCLASS line based on its Secure Identity Object concept. Called iCLASS SE, short for Secure Identity Object-enabled, it allows the access credential to be stored on cards, fobs, phones and other devices. “It was a dream come true,” she explains. “I could see live what was under that pushpin on my wall.”
Ploughe told her contacts at HID that she would love to be involved if they needed a pilot location. “Never in my life did I think they’d say yes,” she laughs. But by early summer, agreements were in place and planning commenced.
“I thought we’d take a 24-week timeline for a pilot,” says Ploughe. “But the timeline was shortened when we began talking to stakeholders.”
Ploughe works in University Business Services. Among other things, the division oversees the Sun Card program and the Electric Door Access and Surveillance program. She approached her colleagues in University Housing for support, as they would be crucial to the success of the pilot.
“We looked at where it would best fit in the school calendar,” she says. “Housing agreed to participate but wanted to do it during early move-in to ensure there was no disruption to student learning.” That dictated an August launch, so a single discussion shortened the original timeline from 24 weeks to just eight weeks.
On Aug. 1 the hardware and equipment for the pilot was installed. Internal communications were sent to stakeholders including the police department and facilities to make sure they weren’t alarmed when news spread that cell phones were opening residence hall doors.
The following week HID Global staff trained campus technicians and the lock maintenance group.
On Aug. 10 new phones were given to the students and staff participating in the pilot. In all 32 participants – 27 students and five staff – were provided NFC-equipped phones to use as they lived life in and around Palo Verde Main.
The hall was not selected by accident. It houses many of ASU’s engineering students, individuals with an obvious technical acuity. “We picked Community Assistants (resident assistants) because they have single rooms and are both responsive and responsible,” says Ploughe.
As for the staff participants, Ploughe explains, “we wanted a couple of people from facilities to be able to test the system and we also chose staff from the residence hall to assist with technical support.”
“Because this was a pilot, we decided it would be good to have multiple brands of smart phones,” explains Deb Spitler, HID Global ‘s VP of HID Connect. Participants were outfitted with one of three handsets: RIM’s BlackBerry Bold 9650, Samsung’s Android (multiple models) or Apple’s iPhone 4G.
Handsets with embedded NFC functionality are not widely available so the pilot relied on microSD cards and sleeves for the NFC functionality. Three separate carriers – AT&T, Verizon Wireless and T-Mobile – were used for mobile services.
Two separate apps were used to carry the electronic credentials. The BlackBerry and iPhone users ran ASSA ABLOY’s Mobile Keys Application while Android users ran a mobile access application from HID.
Each participant received a fully provisioned phone with unlimited voice and text service. At the outset, the hope was to use the students’ existing smart phones. “We surveyed them to find out if they had a phone that we could enable with a microSD card,” explains Spitler. “There was a very small number that actually had a workable handset … well over half had a basic phone and not a smart phone.”
So the school and HID put new smart phones into all their hands. Because participants would keep the handset after the trial, Spitler says, they matched the mobile carrier and handset model to the individual’s current service. In that way, they could transition their new smart phone to their current carrier post pilot.
“We hoped this would help to engage them and show them that their participation and input to the pilot was important to us,” says Spitler.
ASU already had HID iCLASS readers across the campus and at key points in Palo Verde Main. But to accept the new NFC keys, readers needed to be upgraded to accept the company’s Secure Identity Object credentials. At six entrances, iCLASS SE readers replaced the existing contactless readers. Four new locations were also enabled with the SE units.
Additionally, four individual rooms within the residence hall were equipped with an offline door lock from ASSA ABLOY’s Sargent line. These locks require the use of a PIN in addition to the credential on the phone.
To gain access, students present keys, cards or phones at as many as four separate points within the residence hall. A main entrance, a courtyard entrance, a wing door and finally a room door each are secured. Most of the students still required the key to gain ultimate entry to their room, but four participants used the phone at all entry points thanks to the Sargent locks.
“When a student approaches a door they click the icon on the smart phone to launch the app and then present it to the door,” explains Ploughe. For the pilot, the countdown was set to 30 seconds before the application closes.
“The sweet spot was different on each phone,” she says, referring to the ideal physical place on the phone to hold next to the reader for optimal use. “We put a Sparky emblem (ASU’s mascot) on back of each phone to make it easy and convenient.”
At the midpoint of the pilot, an initial survey of participants revealed promising results. Key questions pertained to training and support on devices, functionality of the application and comparison to the card in terms of convenience and speed. Other questions asked for suggestions to improve the current functionality and ideas for additional applications.
At the conclusion of the pilot, a second survey was conducted to address changes in perceptions over time. Have you changed your mind on things? Are you more or less happy with the functionality? Would you like to see the functionality continue to be supported on campus?
Results of these surveys will be released during a panel discussion on Monday, Sept. 19 at the ASIS conference in Orlando. Look for additional details here next week on the survey results.
The pilot concluded on Sept. 6. At press time, ASU was reviewing the survey data to determine next steps.
For Spitler, the pilot was a lesson in reality meeting new technology. “It enabled us to explore how people use mobile credentials and NFC in the real world,” she says.
That is the real value of a pilot. It forces stakeholders to forget their preconceptions of a technology and address how people actually live and work.
As Spitler points out, this is why it was great to have a number of different devices, readers and apps. “It gave us different feelings and that is what a pilot is all about,” she adds.
“It’s my hope that we do a secondary pilot,” says Ploughe. “Ideally I would like the smart phone to be the tool for everything. Lots of people are driving a mobile app to smart phones but there is some risk.”
She hopes that one outcome of these pilots and this user directed research is the establishment of some best practices. “Take care of the risk,” she explains, “and we can open up other applications.”
Ultimately, for ASU it’s all about student success. “The key is engaging them the way they want to be engaged – the same way they do with their friends and with the same tool that connects them socially,” explains Ploughe. “It means that we provide our services to students with devices like this or we have failed in helping them be successful.”
Wireless locks from ASSA ABLOY’s Aperio line can now be used within Keri Systems’ Doors.NET physical security offering. Customers can mix and match the Aperio wireless readers and the Keri TCP/IP-based NXT readers to get the ideal functionality at each door.
Aperio brings a cost-effective way to connect additional openings to an existing electronic access control system. It communicates wirelessly using 802.15.4 and supports HID iCLASS credentials. More than 40 access control companies have adopted the technology globally.
“We are very excited that Keri Systems is the first to integrate our two wireless technologies – Aperio and WiFi,” said Martin Huddart, vice president for Electronic Access Control at ASSA ABLOY Door Security Solutions. “The combination of their Doors.NET software and NXT hardware platform with ASSA ABLOY’s complete range of wireless solutions offers customers the flexibility and performance they need.”
Students at Louisiana Tech University are using their campus card and Tech Express account at local merchants thanks to CBORD’s UGryd. The cards have been used for on-campus purchasing since the mid-1990s but this is the first foray into the community.
The article cites expansion of the physical campus closer to downtown as one reason for rising student interest in the off campus card use.
Lisa Cole, comptroller for Louisiana Tech, told the News Star that initial phase of the program would include more than 25 merchants, a record for a UGryd launch. Merchants receive a POS terminal, daily settlement via ACH, online access to real-time transaction activity and end-of-month statements.
CBORD describes UGryd as a PCI-compliant transaction-processing host for off-campus programs. It enables real-time transaction processing over secure connections between universities and merchants, eliminating the need for phone lines, modem banks and excess hardware on campus.
So zombies might not be the typical badge holders on campus but as the campus game known as Humans vs. Zombies spreads we may see a new use for the student ID. This week at Case Western Reserve University in Cleveland, zombie students tried to tag human students to turn them into zombies, while humans defended themselves with nerf dart guns.
Participants sign up online to play and receive a ‘human’ ID card. When a zombie tags a human, he claims his victim’s ID number and logs the kill online. The human then becomes a zombie and can join the hunt.
One zombie told a reporter for the Plain Dealer, “It’s a lot of fun … you meet people from every major and talk to people you would have never talked to.” And a faculty member added, “This school has a reputation of people sitting in their rooms doing chemistry homework so to see someone running around campus at full speed is good.”
Humans vs. Zombies first started at Goucher College in Baltimore but is now played on campuses around the world.
While the human ID at Case Western is not the official campus card, could this be the next application for our campus card system providers?
Read more about the Case Western battle here
Read more about the game, its rules and software support
Some scoff at the idea of emerging biometrics, saying that the identification technology as a whole is still emerging. In reality, however, fingerprints have been used to identify criminals for nearly a century and around the world biometrics are used to gain access to buildings, get cash at ATMs and authenticate online transactions.
The days when biometric scanners were merely props in James Bond movies are gone. The North American market appears to be on the precipice of a change. Use cases for secure authentication are everywhere, and the technology foundations to enable biometrics have matured.
Re:ID editors spoke with a group of industry leaders to get their thoughts on what's coming in the biometric market. The individuals deploy and look at biometric systems every day and the emerging trends they identified were remarkably consistent. They include the rise of two formerly outlying modalities and the coalescence of biometrics and mobile devices for two distinct applications.
Trend: Vascular biometrics gets under your skinVein pattern biometrics is a modality that is garnering a lot of interest, says Rick Lazarick, chief scientist at the identity labs for CSC. Some large-scale test results show that both finger vein and palm vein biometrics are extremely accurate, he says, and possess some really important convenience attributes.
The modality is being used in ATMs throughout Japan as well as in Brazil and Poland. "The ATM implementations show that they have the capability to be used in large scale and mainstream applications," Lazarick says.
The Japanese ATMs use three-factor authentication for transactions–card, PIN and a vascular biometric, says Walter Hamilton, a senior consultant at ID Technology Partners and chairman of the International Biometrics and Identification Association.
The technology is starting to show up in North America as well. The Port of Halifax in Nova Scotia is using vascular technology for physical access control and Baycare Health System in Tampa, Fla. is using it for patient identification, Hamilton says.
"It works well, and based on independent testing, I see the technology being just as accurate as fingerprint for one-to-one matching," Hamilton says. "I also see the general population having fewer challenges submitting a good sample of their vein pattern in comparison to the problem some people have with fingerprints."
Some individuals have difficulty with enrolling a usable fingerprint sample, Hamilton says. Very fine fingerprints are tough to pick up and others may have damaged their fingerprints making it difficult to get an image and then match later.
Vein pattern biometrics use light to map the vascular pattern underneath the skin so the surface doesn't matter. Failure-to-enroll rates for vein pattern technologies are very low, Hamilton says.
Test results have shown that the technology is very reliable, adds Lazarick. "Many times vascular outperforms iris," he says.
It can also be viewed as a privacy-enabling technology compared to fingerprints, iris and facial, Hamilton says. Fingerprints leave a residue that can be lifted off a surface and potentially replicated.
"Some people doubt (fingerprint biometrics') ability for credentialing because there's a chance someone may copy a fingerprint from a glass," Hamilton says.
Since vein pattern records the pattern beneath the surface it's virtually impossible to covertly observe. "Unions and certain segments that would object to fingerprints would not object to vein pattern," Hamilton says.
Vascular is also touted as the hygienic biometric, Hamilton says. Typically with this technology a user places his hand or finger on a guide above the scanner whereas with contact scanners there is the possibility of germ transfer between users.
But there still are challenges vascular technologies will have to overcome, Hamilton says. Fujitsu and Hitachi are the two main vein recognition providers and each uses its own proprietary algorithm for matching. This means templates from a Hitachi scanner cannot be read by a Fujitsu scanner and vice versa.
This may change, however, as the National Institute for Standards and Technology is working on a standard for vein recognition. But, Hamilton explains, the work is in the early stages.
Trend: Iris gets a second lookIris is the other modality that seems to be on the cusp of widespread deployment, says Bryan Ichikawa, vice president of identity solutions at Unisys. "Long distance iris recognition opens up whole new worlds and works very well," he says.
The U.S. Department of Homeland Security contracted Unisys to test the different long distance iris products last year. The test, says Ichikawa, showed that iris solutions from multiple vendors could be used for one implementation.
Long distance iris systems from Sarnoff and AOptix show tremendous promise, Lazarick says. "They are close to having something pretty phenomenal," he says.
"Mainstream iris adoption has already begun," says Dale Bastian, VP of Sales – Biometrics, AOptix Technologies. "There are many large scale, production and final stage testing deployments underway that demonstrate that important end-users have fully accepted the modality."
In the Middle East iris is being used for immigration applications and to track individuals expelled from the country, Hamilton says. Airports are also considering using iris for employee access control to secure areas.
"The data from real-world, large scale deployments will demonstrate that iris offers significant advantages over other modalities for appropriate applications," adds Bastian.
The real innovation that is bringing iris to the forefront is its newfound flexibility. In the past, iris capture required a user to precisely and purposefully place the eye in front of a camera. Newer solutions enable the images to be captured from long range, while the subject is in motion and even without his knowledge.
"Longer distance identification means that an officer no longer has to be close to a subject to identify him so there can be a larger safety buffer," explains Mark Clifton, Sarnoff's acting president and CEO. "Distance enables identification in large venues, perimeter control and discrete applications."
Additionally, Clifton explains that longer distance also enables one system to capture both the iris image and face image simultaneously, providing multiple modalities to improve accuracy, speed and ease of use.
Iris nullifies a lot of the hygienic concerns that people have with fingerprints. It also has the potential, like it or not, to be used for non-intrusive or surreptitious identification as shown by a recent announced deployment in northern Mexico.
Trend: Biometrics going mobileWhat may bring biometrics to the masses is its use in smart phones and mobile devices. These devices are being used more frequently for higher-value transactions and steps need to be taken to so they can be better secured. PINs and pattern-based applications exist but many argue they don't offer the level of security that biometrics can provide.
Traditionally the topic of biometrics and handsets has centered on hardware, most often the integration of fingerprint sensors into the phone. Globally a variety of handsets have launched with built-in sensors, and early this year LG released the first model with U.S. availability.
But it is software not hardware-centric biometrics that has the industry buzzing these days. Using the tools already built into phones, a range of biometric authentication is possible.
Adding biometrics to mobile devices could be relatively easy, says Cathy Tilton, vice president of standards and emerging technology at Daon. "The obvious (modalities) are face and voice," she says. "The devices already have cameras and microphones."
Adding iris to the mix wouldn't be much of a stretch either, adds Lazarick. "Without an additional infrastructure you could fuse them," he says. "As the functionality of these devices increases, the security of the transactions will more and more demand identity verification."
There is also the opportunity for multi-modal application via mobile devices. In a multi-modal environment, the system would take a score from a voice pattern, facial image and perhaps an iris image to determine if the individual is authorized to use the device or conduct the transaction, Lazarick says.
Getting acclimated to use the mobile device for biometric verification may be the biggest challenge. Because it is a one-to-one match, however, many of the issues that exist with large-scale one-to-many matches don't apply.
Because you are matching against a single known template, the captured image does not need to be as precise as it would to isolate a match from thousands or millions of templates in a one-to-many environment. "It's all manageable if you get used to using the device," Lazarick says.
And for most smart phones these features could be added with a software application and no additional hardware. "To coin a phrase, ‘there's an app for that,'" Hamilton says.
Enabling biometrics on mobile devices will take away the need for people to verify identity at fixed locations, says Ichikawa. A credential could be stored on the mobile device and confirmed via facial recognition iris, fingerprint or voice. "Once you create a level of mobility, you don't have to authenticate at fixed points," he says. "You can now identify them anywhere."
Trend: Law enforcement takes biometrics from the station to the streetsThe next trend again matches biometrics with mobile devices, but this time leaves the realm of the consumer world for that of law enforcement. The days of being arrested and having your fingerprint placed on an inkpad and rolled onto paper are already history for many police departments. Paper-based collection has been replaced by electronic scanners in the station. But what's coming next is the extension of the capability to the street, says Tilton.
Mobile biometrics devices have been used by the military in Iraq and Afghanistan for years to identify insurgents and make sure only authorized individuals enter restricted areas. The devices are also becoming popular to confirm access to U.S. ports with the Transportation Worker Identification Credential.
While many of the devices used by military officials are dedicated for those purposes, there are different peripherals that can be added to the iPhone and other mobile devices so it can be used to check biometrics, Hamilton says. Most of these are aimed at law enforcement applications to enable officers to enroll and check biometrics in the field.
BI2 Technologies has a sleeve that works with the iPhone and can capture face, fingerprint and iris, Hamilton says. A number of law enforcement agencies are already using the system, he says.
At the same time companies providing systems to the military are releasing updated products with increased functionality. Analysts predict that these dedicated devices will be used for both military and law enforcement applications while add-ons build biometric functionality into other mobile devices such as smart phones.
While biometrics have been teetering on the edge of mass adoption for years in North America, the momentum may finally exist for widespread adoption.
Interestingly, the trends identified for this article suggest that it may be different modalities and use cases that ultimately provide the spark.
In the past, facial images and fingerprints were the modalities of choice, and most looked to physical security and one-to-many identification as the applications to drive adoption.
While these modalities and applications are certainly still important and even dominant, it may be this newer generation–call it Biometrics 2.0–that finally gives Sisyphus his much needed break from pushing the biometric rock up that adoption mountain.
Hitachi's VeinID finger vein scanners have been deployed since 2004 by major banks in Japan and more recently Poland," says Lew Iadarola, VeinID sales manager for Hitachi Security Solutions. "Some South American banks are conducting trials as well."
"In total we have more than 100,000 embedded modules in ATMs, time and attendance readers and other devices," says Iadarola. Another 100,000 of the company's USB-connected logical access readers have also been deployed for authentication to various networks and applications, he notes.
According to Iadarola, one of the largest use cases in the U.S. is with Konica Minolta's bizhub multi-function printers. The finger vein scanner secures document output in government, military and health care environments. Additionally, Japanese telecom giant KDDI has deployed more than 10,000 VeinID scanners for employee logon.
Rather than using the biometric to identify an unknown individual from a population, Iadarola sees vascular technology as ideal for operational biometrics. "Use the vein pattern to ensure the individual is who they claim to be and only then initiate the service, access or transaction," he says.
"Our focus with VeinID is one-to-one matching on a smart card or device," he explains. This comes from the company's historical preference to enhance privacy in public facing applications.
Many of our large customers preferred to minimize the liability that comes with handling personally identifiable information by performing match-on-card transactions rather than storing information in a database, he says. Government Integrators and end-users worldwide did not want to use the same technologies used and stored in databases by law enforcement.
"Some people want to buy a coke, rent a car, and pick up their prescriptions without providing something personally identifiable," he concludes. "People prefer to verify identity and walk away leaving nothing behind."
Sarnoff Corp., a subsidiary of SRI, is a leader in long distance iris recognition technology. The company offers two models in its Iris On the Move (IOM) line: a walk-thru gate called the IOM PassPort and a small mountable unit called the IOM Glance.
"Sarnoff revolutionized iris recognition by providing longer distance, higher speed, and higher throughput than traditional systems," says Mark Clifton, Sarnoff's acting president and CEO. "We have improved upon systems that require you to be uncomfortably close," he explains, "and have enabled recognition up to 3 meters in distance while walking at a natural pace. Because of that we can process up to 30 people per minute."
The initial adopters include airports, banks, stadiums, construction sites, he explains, "any place where you have need to get people in and out very quickly."
AOptix Technologies, a Campbell, Calif.-based iris innovator, launched its first "iris at a distance" product, the InSight VM, early in 2009. "It puts the advanced adaptive optics technology of the original InSight into a new form factor appropriate for access control, immigration control and eGate applications," says Dale Bastian, VP of Sales – Biometrics, AOptix.
Immigration control is a key application being addressed by the InSight line. "We recently completed three highly successful proof-of-concept studies in the Middle East where the adoption of iris recognition for enrollment of deportation subjects and the screening on in-bound travelers is underway," he explains. "They demonstrate extraordinary results on key criteria including failure-to-acquire and failure-to-enroll rates, average time of capture and accuracy."
Leading the adoption of iris are national identity programs following closely behind immigration applications, Bastian says. He suggests that governments around the globe are evaluating iris recognition technology, which could lead to cooperation between governments to share methodologies creating more secure immigration and travel environments.
Animetrics is offering facial recognition for Android, Windows Mobile and RIM (Blackberry) operating systems. Using the phone's embedded camera, a facial image patterns is generated at the point of access and compared to the enrolled pattern to grant or deny access.
On the voice front, PerSay, a spinoff from Verint Systems, SecuriMobile, Palo Alto, Calif., VoiceVault in the UK and Germany's VoiceSafe all offer voice biometric solutions to secure mobile devices and transactions.
Other companies are using mobile biometrics to add an additional factor to out of band authentication solutions.
PhoneFactor, Overland Park, Kan., uses the phone as the second authentication factor, ‘something you have.' They also use voice pattern biometrics via the phone to add the third factor, ‘something you are,' to the authentication process.
When a user authenticates to a PhoneFactor-enabled site, he enters his username and password. The PhoneFactor technology calls the user's pre-supplied phone number. The user answers the phone and hits the #-key to affirm the transaction and only then is the online access granted. Additionally, a secret passphrase can be required for voice pattern recognition to further increase security.
