Over on another channel, I’ve occasionally written about biometric identification as it relates to privacy issues. Facial recognition matching software is an example of Minority Report technology that’s improved enough that the FTC considers mug shots to be a “personally identifiable information” (PII)–the equivalent of a social security number. On the other hand (or finger), fingerprint matching has been around much longer, had a lot of government involvement (FBI, NIST) over the years, and is considered a true PII. And yes, the fingerprint algorithms are far more accurate.
At the E-Commerce section of Startup Alley, Virginia-based TouchToPay was showing their fingerprint matching application. They are focused on using fingerprints as a biometric identifier for consumer payments and other financial transactions. In other words, no need for bulky credit cards or smart phones: you simply press down with one or more fingers, and TouchToPay searches against a database of numerically-encoded prints. If it matches, then the charge goes through. Their IP is in the encoding algorithms.
By the way, how good is the current state of the art? The National Institute of Standards and Technology (NIST) has for years been tracking how fingerprint matching vendors do against sample data sets. A quick peek of results from 2010 shows that the best can perform at, say, 99.6% accuracy with a false acceptance rate (FAR) at about .01%. Which means that out of 10,000 index fingers scanned, 9960 will be match correctly, 40 will be incorrectly rejected, and just 1 will be matched that shouldn’t have been. With real-world databases in the millions, these numbers are not nearly good enough.
After the show, I communicated (by email) with Co-founder and CEO, Hakan Yurt. As with all these biometric matching algorithms, you can always improve the false acceptance rate by tightening the algorithm’s parameters, but at the cost of rejecting more valid prints. One way out of this dilemma is to ask consumers to also provide a PIN number–the approach that ClickToPay takes. This improves security–keeps the FAR very low– but still with very good accuracy.
TouchToPay appears to have a workable and practical solution to the problem. We’ll be keeping an eye on them, this technology, and some of the privacy considerations of biometric identifiers.