With all the attention given to “enterprise-level” biometrics, it’s easy to overlook how much they can – and do – help small and medium businesses (SMB). In addition to improving cybersecurity, biometrics are also being used to help manage employees more efficiently and engage with customers more personally.
The 2013 release of the Apple iPhone 5s with its fingerprint recognition system, Touch ID, brought biometrics to the mass market. Consumers embraced it because it gave them an easier way to access and secure their smartphones.Business Insider predicts 99 percent of U.S. smartphones will be biometrics-enabled by 2021. This popularity has made these systems more affordable even as they have become more sophisticated and secure.
Payment systems are the first place where many SMBs adopting biometrics – whether or not they want to. Earlier this year all four major U.S. credit card companies stopped requiring handwritten authentication for credit and debit card transactions as a step toward adopting biometric identification. Mastercard has also announced plans to allow all customers to identify themselves with biometrics beginning in April 2019, which means anyone who accepts Mastercard will have to have biometric POS devices by then.
“Biometric technologies perfectly match consumers’ expectations of getting the secure payment solutions of tomorrow, in line with the increased digitalization of lifestyles,” says Javier Perez, President, Mastercard Europe. “This can significantly benefit consumers, retailers, and banks by improving the purchase experience and better securing the transaction. Our leadership in the field demonstrates our ability to adapt to the expectations and new uses of consumers.”
Biometrics are a must have for SMB cybersecurity. Unfortunately, more than half of all small and medium businesses (SMB) leaders think they’re companies aren’t cybercrime targets, according to a new report. Unfortunately, no one has told the hackers that: According to the Ponemon Institute’s 2017 State of Cybersecurity in Small & Medium-Sized Businesses report, the percentage of small businesses that have experienced a cyber attack in the past 12 months is up from 55 percent in 2016 to 61 percent in 2017.
To protect against this companies are being advised to institute a multi-factor authorization (MFA) cybersecurity system. The idea behind multi-factor authentication is that the more steps a user has to take to gain access to sensitive information or complete a transaction, the harder it is for hackers to exploit this process.
Authentication is the process by which a user provides digital evidence they’re who they say they are to gain access to an account. The things used to do this fall into three different categories:
- Something you know (password, PIN),
- Something you have (phone, tokens, card)
- Something inherent to you (fingerprints, faces, retinas).
In order for an unauthorized user to gain access to an account, they must imitate and/or steal all of the authentication methods being used to protect it. While there is no established formal method for determining authentication strength, it seems self-evident that the easier authentication factors are to imitate or steal the weaker it is. This is why systems based solely on something you know are considered weakest.
It’s best to have a system that uses two different categories of information, the more difficult they are to steal or imitate the better. That generally means one of them is a biometric, which is inherent to the person owning an account.
MFA is required by some regulations, like PCI and the EU’s GDPR. The National Institute of Standards and Testing (NIST), which is a great resource for all small businesses grappling with cybersecurity issues, recommend MFA for companies of all sizes. Furthermore, a Better Business Bureau study, 2017 State of Cybersecurity Among Small Businesses in North America, found 64 percent of small business owners had already adopted MFA and said it was one of their top four ways of protecting data.
Biometrics are also helping small businesses with more accurate and efficient ways to track employee time and attendance. These employees’ fingerprints to verify who is actually clocking in and clocking out of work each day. It’s a relatively frictionless way to ensure employees are not clocking in for other employees and are actually there on time when they said they are going to be there They can also be used to gain and restrict physical access to rooms and buildings.
In the future biometrics may also be part of customer loyalty programs. For example, an integration between facial recognition software and a business’s POS system might automatically give a customer discounts on merchandise while eliminating the need to carry loyalty card. It could also make it possible for staff to instantly know the customer’s name and preferences to provide them better service. For example, at a coffee shop clerks could instantly know how a customer likes their coffee. Put a similar system on a tablet and retail staff would be able to use CRM tools to upsell customers.