The ability to accurately verify a person’s identity is of critical importance in today’s heightened security environment. Whether it is to prevent access to aircraft by terrorists, or to prevent check fraud at the cash register, businesses are testing and implementing new strategies and technologies to verify identity.
One of the emerging tools today is the increasing use of biometric identification technology. Biometrics is growing at a steady pace across marketplaces. Because biometric identification can be used in a large variety of applications, it is difficult to establish an all-encompassing definition. The most suitable definition of biometrics identification is the automated use of physiological or behavioral characteristics to determine or verify identity.
Physiological biometrics are based on measurements and data derived from direct measurement of a part of the human body. Fingerprint, iris-scan, hand geometry, and facial recognition are leading physiological biometrics.
Other biometrics are based on behavioral characteristics, or actions taken by a person. Behavioral biometrics are based on measurements and data derived from an action, and indirectly measure characteristics of the human body. Voice, keystroke, and signature are leading behavioral biometric technologies.
Biometrics with reduced commercial viability or are in exploratory stages include:
- DNA,
- Ear shape,
- Odor (human scent),
- Vein-scan (in back of hand or beneath palm),
- Finger geometry (shape and structure of finger or fingers),
- Nailbed (ridges in fingernails), and
- Gait recognition (manner of walking).
Applications for Biometric Technology
The potential uses of biometric technology are vast. Biometrics can be used anywhere keys, ID cards, PINs, or passwords are currently used today. In addition, biometrics may be used where there are poor, manual, or nonexistent means of authentication. Biometrics can be used in a broad range of applications.
Computer Security. In the world of computers, biometric software is available that allows users to log on to computers and local-area networks. Biometrics can also replace passwords required to access sensitive applications. A process called single sign-on (SSO) allows a single authentication to gain access to multiple applications or resources. The benefit of such a system is greater user convenience, by not having to manage multiple passwords while reducing the time needed to access key applications.
Internet Security. Considering the vast number of websites that require passwords, the value of transactions that take place through these sites, and the uncertainty involved in sending sensitive information over untrustworthy networks, it is clear that biometric identification has a great potential for securing Internet transactions.
Time and Attendance. Hourly employees in retail and other businesses are often required to punch a time card when arriving and leaving work, as well as for breaks. A widespread problem, known as buddy punching, involves employees punching time cards for their friends who might be late or absent altogether. Use of biometric identification would virtually eliminate this problem.
Access Control. One of the first commercial applications of biometric technology was in the area of access control. Finger or hand readers, as well as iris-scan technologies, are currently in use in a large number of physical settings, including over 150 airports in the United States.
Double Dipping. For years, public benefits disbursement programs have been plagued by people claiming benefits under multiple identities, a problem known as double dipping. Biometric systems can be designed to screen applicants to determine if they are already enrolled under a different name.
Because of the scale of the fraud problem, merchants are testing biometric technology to deliver secure, convenient ways to pay for purchases and cash checks with the touch of a finger.
Biometrics in Use Today
Current users of biometrics range from commercial applications to government. Following are just a few examples to illustrate the range of possibilities.
Virtual Academy Online (VAO) is a company that sells web-based schooling. A very important factor in off-campus on-line learning is the ability to ensure that the registered student is the person actually doing the work submitted for credit. VAO requires all students to have a biometric mouse or a similar access device containing his or her ideogram/signature, which can only be replicated by the original user.
The Royal Palm Middle School in north-central Phoenix, AZ, is the first in the nation to install cameras designed to detect the faces of sex offenders or missing children and instantly alert police. At two sorority houses at the University of Central Florida in Orlando, hand readers automatically take a three-dimensional reading of the size and shape of a person’s hand and verify identity in less than one second.
The Bank of Hawaii has automated many of its transaction processes using computer technology and biometrics to provide customer access to safe-deposit boxes without a vault attendant.
Associated Bank in Milwaukee identifies its on-line customers by the sound of their voices.
Some McDonald’s restaurants are cutting payroll costs by up to 22 percent annually after incorporating biometric terminals to record time and attendance. “McDonald’s moved to biometrics because they wanted to verify that the employee clocking in was really that person,” says Jose Ramon Casal of Caracas, Venezuela, based Electronica Quantum, which installed the systems. “Students make up about 90 percent of the McDonald’s workforce in Venezuela. They were frequently punching one another in to cover for exams or other school-related events.”
A number of supermarkets, including Kroger, Food 4 Less, and Hy-Vee, are testing fingerprint scanners to combat losses involving payroll check cashing. The largest implementation in this area is by BI-LO. After a twenty-four store test last year, BI-LO has installed the biometric systems in 176 of their 300 supermarkets in the two Carolinas, Georgia, and Tennessee.
Biometrics in Retail
Retailers have a vested interested in ensuring the identity of their customers to prevent losses due to credit card and check fraud. According to the Nilson Report, losses from check fraud exceed $20 billion annually and are increasing at a rate of 25 percent per year.
Because of the scale of the fraud problem, merchants are testing biometric technology to deliver secure, convenient ways to pay for purchases and cash checks with the touch of a finger.
The next few years, however, will see retailers doing a lot more testing than implementation. Adoption of biometrics by retailers, like any new technology, is constrained not only by capital costs and return-on-investment justifications, but also concern about shopper perceptions. Any ultimate success will depend on marketing support programs that encourage enrollment and answer potential fears of protecting customer data.
Because the near-term sales prospects are limited, less than a handful of vendors worldwide offer a retail point-of-sale application using biometrics of any kind. The vendors that do sell turnkey systems all use finger-image scanning biometric technology that is highly developed and can be deployed at an acceptable cost to the retail industry.
In the typical finger-scan system, customers enroll one time by providing complete personal information, scanning both index fingers, swiping or scanning their driver’s license, providing a personal check or debit-card data, and having a photograph taken by a digital camera. Enrollment typically takes just a few minutes.
After the initial enrollment, the customer can return without identification, place a finger on the scanner to pull up their identification and transaction history on a monitor for the cashier, and cash a check or make a purchase, depending on the application.
Enrollment at one company store will allow the customer to cash checks or make purchases at any other company location that is on the system. Because customer data is not shared between retailers, customers must enroll separately at each retailer using the system.
While personal data is not shared, negative data is collected in a central database managed by the vendor. This allows the system to alert the cashier if the customer has a negative history with another merchant using the same vendor system. At this point, the negative file is not an industry-wide database shared by multiple biometric vendors.
In addition to preventing loss, biometric systems can also increase customer satisfaction by adding speed and convenience to processing transactions, especially in the growing area of self-checkout.
While merchants may feel biometric systems are designed to identify the bad guys, equally important is the capability to identify good customers. Since every merchant is competing for the best customers, retailers may be missing an opportunity to attract a preferred class of customers by not embracing biometrics.
With the more common use of customer loyalty and VIP cards, biometrics offers definite advantages. Customers must manage sometimes dozens of such cards on their key chains or in their wallets. Another common problem is leaving their loyalty or gift card at home. By incorporating biometrics into this process, those problems are eliminated. Instead, a customer can walk up to a terminal and within five to ten seconds register by using their fingerprint.
By most accounts, customers appear to readily accept the use of biometric technology, both because of convenience and identity protection. While some customers may feel some Big Brother type apprehensions, most believe they are less likely to have their identity stolen using these systems.
According to Ray Kessler, manager of LP services at BI-LO, the customers in their test program “not only loved the convenience, they liked the fact that we were potentially protecting them from identity fraud as well. They also appreciated that by reducing losses in our stores, we were helping eliminate potential price increases to cover those losses.”
While widespread use of biometric systems in retail applications may be several years away, the potential for reducing loss will find more and more loss prevention departments exploring the technology. As with any new technology, as costs go down, the ROI on such systems will likely reach a point where the majority of retailers who are suffering significant losses due to check fraud can implement a biometric solution.
BI-LO Rolls Out Biometric Cash-Checking System
With the growth of identity fraud over the past several years, retailers have struggled with how to reduce losses due to bad checks. It is especially a problem for those companies that cash payroll checks.
BI-LO, a 300-store grocery chain in North and South Carolina, Georgia, and Tennessee, was one such retailer that was experiencing significant loss from payroll check fraud. According to James Wiles, BI-LO’s director of loss prevention, “We were really getting hammered” by check fraud, to the tune of over $1 million a year.
Wiles and his manager of loss prevention services, Ray Kessler, spent three years exploring various technologies and strategies to solve the problem. While biometrics was one of the technologies they considered three years ago, at that point biometric solutions were cost prohibitive.
By early 2003, the cost of biometric systems had dropped to a point that the LP department’s cost-benefit analysis allowed them to justify a test program. From July to October 2003, BI-LO tested the Paycheck Secure biometric check cashing identification system from BioPay in twenty-four stores centered in the Charlotte, North Carolina, market.
“The Charlotte market is by far our biggest problem,” says Kessler. Why? Because Charlotte is at the intersection of two major interstate highways that give ready access to criminals who travel from city to city passing fraudulent checks.
At the end of the test period, the biometric system had reduced their losses in those stores by nearly 70 percent.
Stopping the acceptance of bogus payroll checks was not the only criteria for success monitored in the test. “One of the biggest concerns, especially from operations, was how would customers react to the system,” says Wiles.
Would customers object to this new identification system?
From a customer’s point of view, when they visit the BI-LO customer service counter to cash a payroll check the first time, they provide the normal personal information, such as name, address, and telephone number, as well as have their driver’s license and index fingers scanned. In addition, a digital photograph of the individual is taken for the customer’s file.
The customer information is protected on BI-LO’s store network and not shared outside the company. The only information shared outside the company is negative information. That data is provided to a database managed by BioPay that is accessed in real time by company’s using their system. The result is if an individual tries to pass a fraudulent check at another retailer on the BioPay system, BI-LO’s system will alert the cashier so the transaction can be declined.
The BI-LO test proved not only that the system reduced losses, but that “our customers loved the system,” says Kessler.“
Customers not only loved the convenience,” he explained, “they liked the fact that we were potentially protecting them from identity fraud as well. They also appreciated that by reducing losses in our stores, we were helping eliminate potential price increases to cover those losses.”
Wiles and Kessler presented the test results to the company’s executive committee in late September and received the go-ahead to roll out the program to those stores in the rest of the chain that made economic sense. As of February 2004, 176 stores were using the system with preliminary results indicating similar loss reduction.
Although the losses at the balance of their stores are not significant enough to justify adding the BioPay system, the loss prevention department will be monitoring those stores for rising check fraud. After all, the biometric system is not stopping criminals from passing bad checks, it merely stops them from victimizing those BI-LO stores that have the systems. Those individuals may simply go to another retailer, or potentially to a BI-LO store without the system.
“That’s why we need to monitor our other stores,” says Kessler. “If we see a spike in those stores, we’ll bring them up on the system.”
Have other retailers seen an increase in check-cashing fraud in those markets where BI-LO has implemented the biometric system? “Absolutely,” says Kessler. “We’ve had calls from other LP departments asking us what we’re doing that could be causing the increase in incidents in their stores. We tell them to stop by our stores to see.”
The BI-LO rollout may be the largest of any retailer in the country to date. A number of other retailers are testing similar systems.
“We couldn’t sit around and wait for other companies to prove that these systems work,” says Wiles. “We prefer to be leaders, rather than followers. We are extremely pleased with the program that has dramatically improved our bottom line.”