As the biometrics industry is maturing, the same ought to go for the public discussion on how we keep our data safe and secure. With cybercrime explosively on the rise, smaller fingerprint sensors pose a security threat – one that many are unaware of. Here’s why organizations looking to ramp up security ought to go for larger, more secure fingerprint sensors instead.
Smooth.
Convenient.
Not to mention: probably tiny and hidden somewhere in your laptop’s keyboard.
It’s time we talked about fingerprint sensors.
Or more specifically: what’s been trending among computer manufacturers and big tech giants like Apple and Microsoft during the past few years. Tiny sensors, rapid authentication and a seamless user-experience is often promoted as the future of both payments and secure authentication.
But what if things aren’t as simple as they seem? What if, due to that tiny, tiny sensor, someone else could eventually spoof your finger and gain access to all the data on your company’s PC?
We’ll soon dive deeper into this scenario. Before we do, let’s take a look at cybercrime and how this rapidly growing industry is affecting biometrics as well.
Enhanced security requires us to change our behavior
In the early days of internet, security measurements and online attacks were quite different. Although there were viruses and cyber threats, most of us could still surf the internet and remain somewhat anonymous and safe.
Today that’s changed.
Our devices are online 24/7 and internet is easy, fast, and cheap. Convenience, however, comes at a cost as the instant our devices are connected – they’re also vulnerable to attacks.
Previously, testing by the Kraken Security Lab team demonstrated the possibility of spoofing several commercial fingerprint scanners with a faked fingerprint. And according to PWC’s annual CEO Survey 2022, comprised by answers from some 4 500 executives within 89 countries, at the management level cyber risks are now seen as the biggest threat against companies. Almost half of the respondents, 49 percent, worries mostly about the cyber threats. Unsurprisingly, within the finance sector numbers are even higher: with 67 percent estimating cyberthreats to be a big risk for the company.
In just a few years, the cybercrime “sector” is expected to have grown into one of the world’s largest markets. Cybersecurity Ventures has predicted global cybercrime costs to grow by 15 percent per year, reaching 10.5 trillion USD annually by 2025.
Forget everything you knew about hackers in hoodies. The cybercriminals have gotten themselves organized, and they’re going for our weak spots. Organizations ought to take security seriously and ask themselves: are our current security measurements enough to withstand the threats?
Yet, when it comes to biometric security: smaller, less secure fingerprint sensors prevail.
It’s time we changed that.
Here at Next, security is key. And trust us, it’s not just a marketing buzzword. We take security very seriously indeed, which is also clearly demonstrated as our sensors meet FBI image quality standards.
One question we often receive when meeting new clients is why it’s safer with a larger fingerprint sensor? If convenient and quick with a smaller one, if the demand from both manufacturers and consumers is tiny sensors, why would you invest your budget in a larger product?
To understand that, we must get a little bit technical here. Please toggle along as we walk you through the authentication process of a fingerprint sensor and the crucial steps that defines and, in the end, determine how secure the process will be.
Why larger fingerprint sensors are more secure
When registering your fingerprint, you press and hold your finger on the fingerprint sensor. There are many different types of sensors of course but regardless of the specific technology, the main goal is to scan, register and store the individual pattern of your unique fingerprint.
One part of the registering process is counting and comparing so called “minutiae points”. Minutiae points are the major feature of your fingerprint image and are used in the matching of fingerprints. These tiny points are used to determine the uniqueness of a fingerprint image. In other words: the more minutia points your fingerprint sensor can detect, the more secure will your fingerprint analysis be.
Now, the next time you want to login to your computer or perhaps use your fingerprint to authenticate a payment in your bank, you press your finger on the fingerprint sensor. The sensor will now compare the live representation of your finger with the image stored, and this is where the difference between smaller and larger fingerprint sensors will start to show.
Smaller sensors are typically only able to detect part of your finger. You will notice this for example when you register your fingerprint – a smaller sensor requires you to tap on the sensor repeatedly for up to 15-20 times before registration is done.
In general, full human fingerprint are hard to falsify, but most small sensors are so small that they only read partial fingerprint. In practice this means that as the finger swipe only must match one of the stored images to unlock the computer or authenticate your payment – the system will be vulnerable to false matches.
A large fingerprint sensor then, captures more information. It will also look for more signs to identify you.
What about convenience? Large sensors also provide you with a less frustrating sign-up process: a sensor of larger size will be able to cover all your finger at once. No need to tap 15-20 times to register or unlock your device.
Now the impact and importance of a larger area really has become clear. However, as this perspective is often misunderstood, we’d like to emphasize that although the area is large, a thin form factor is of course still an essential, integrated part of this biometric package.
Integrating the sensor? No worries. Thanks to the above-mentioned thin form factor, seamless hardware integration is easily done, with a broad variety of business areas to explore and enhance security in.
Look at the sensors in our Access 200 series, for example, with a large sensor area measuring 12×12 mm, it’s ideal for integration in products such as notebooks, tablets and access control readers – just to name a few possibilities.
As cybercriminals show increased interest in biometric data, organizations will have to prepare themselves for more complex spoofing attempts and attacks. Going for a larger fingerprint sensor is one the best ways to quickly decrease the risk of attacks.
Want to know more? We’re here for you. Whether you’ve already got a budget, a project you’re working on or just need a reliable biometrics partner to get started with – drop us an email and let’s talk.
Until next time, take care!
Did you like this blog post? Don’t forget to bookmark our blog! And of course: tell a friend to tell a friend. Do let us know what you thought and would like to read more about here by dropping a comment below.