For the 40 years I've been in the security market, I've been told consistently that this is the year for biometrics. Over those years, I've actually worked with at least a half dozen of them and everyone is now either out of business or been consumed by a bigger organization, in many cases, some of the biggest. I remember an integrator defining biometrics as being 5 percent of his sales and 95 percent of his service calls. Many of us recall the problems computer users had with their touted biometric laptops, most ultimately deciding to skip the biometrics.
So, does that mean I'm negative on biometrics, that locksmiths should run and hide at the mention? Not at all. The secret to buying and installing biometrics that will help your customer is to understand biometrics. Where are you and your customer best served by biometrics?
Market Growth
Research firm IHS reports that biometric reader sales constituted 30 percent of all access control reader sales in 2015 throughout the Americas. That's third, behind proximity and smart card readers. The 30 percent sounds high, doesn't it? There's an explanation. Financial institutions are, by far, the largest users but not in the United States. For instance, biometric authentication is used at over 50,000 ATMs just in Brazil. The use of biometrics is quite routine for millions of bank customers there.
According to MarketsandMarkets, another research firm, the global biometrics market is expected to reach almost $33 billion, up from just under $11 billion in 2015, with much of the growth being a large portion, growing from $3.8 billion to $11.6 billion in the same time.
Since it's unlikely that Locksmith Ledger readers will be installing ATMs, where can locksmiths find potential customers that could boost their biometric reader sales?
Look for those industries with regulations that require multi-factor authentication in which the user must use more than one credential. For instance, this could consist of a card and a keypad, a card and a biometric, a biometric and keypad. In other words, they must present something they are (biometric), something they have (card) and something they know (personal identification number - PIN). Sometimes, only two authentications are needed; other times three. Often, the particular project will specify which authentications.
For instance, the North American Electric Reliability Corporation (NERC) is an organization of U.S. electric grid operators. The new NERC protection standards under CIP-006 require that strong two-factor authentication must be used for remote access to the networks, access to the physical security perimeter, access to the electronic security perimeter and access to specific critical assets.
A similar requirement is found in the National Institute of Standards and Technology (NIST) SP800-171 federal guideline. It states in Section 3.5.3 that federal contractors must "use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts" or risk losing their contracts. This is to ensure only authorized individuals may have physical and logical access to critical assets. As with the NERC requirements, "strong two-factor authentication must be used for remote access to the networks, access to the physical security perimeter, access to the electronic security perimeter and access to specific critical assets."
Therefore, if you are already working with any electrical grid organizations or federal contractors, including government agencies, airports, border control, research organizations in hospitals or at universities, among others, you are halfway home.
How to Sell Biometrics
For those that have regulations, they key is that you have a biometric solution that meets their needs. And, of course, many prospects want the higher security than only biometrics can provide. But, what are some of the more subtle selling points?
"Small and medium-sized businesses may not want cards they need to manage, so the convenience biometrics can provide can be a major selling point beyond the additional security," emphasizes Bill Spence, vice president of sales, North America and Western Europe, Lumidigm brand of biometrics, part of HID. "The key is that whatever biometric is installed, it needs to work reliably. Budget is always a consideration but the lowest cost is not always the best option. For example, conventional fingerprint sensors can offer low initial costs but can have troubles enrolling and recognizing certain people due to skin conditions or being reliable in certain type of weather."
This statement from Spence highlights the background giving rise to most installers complaints about biometrics. For far too long, some of the most hyped biometric companies, in order to get the pricing down, have taken shortcuts that have backfired on their customers and, ultimately, them.
For instance, the last thing a biometric reader wants to do is to get caught allowing the wrong person in. That's called a false positive. Thus, most biometric companies would rather deny several correct fingerprints than let a wrong one in. This creates two problems. In high traffic uses, there can be some hold-ups, creating long lines. But, as one old-timer explained, "If the major is stopped three times, the project is in trouble. If the colonel is stopped two times, the project is in trouble. If the general is stopped once, there is no project."
Cost is also an issue. In 2015, the average cost of a biometric reader was more than double that of a smart card counterpart and nearly four times the cost of a proximity reader, says IHS. This really is not such a bad thing. Remind your prospect that there is no cost to the credential as there are no cards to buy, to print or to reorder because they got misplaced. Nobody ever forgets to bring their finger, hand, eye or face to work. No card or PIN provides the security of a biometric. They don't now and they never will.
Remember, the key word you are selling with the biometric you propose is "reliability." Yes, you can always find a lower cost biometric but, then, you are making the same mistake others selling biometrics have made. If it doesn't work, cost is no longer the consideration.
Multispectral Fingerprint Sensors
Let's look at what one company has done to improve reliability and provide a biometric solution that keeps working. The core problem is that conventional biometric technologies rely on unobstructed and complete contact between the fingerprint and the sensor, a condition that is elusive in the real world, a world that is wet, dry, or dirty and users are not all young office workers with great skin who are experienced at using biometrics.
Multispectral fingerprint imaging is a sophisticated technology developed to overcome the fingerprint capture problems conventional imaging systems have in less-than-ideal conditions. This more effective solution is based on using multiple spectrums of light and advanced polarization techniques to extract unique fingerprint characteristics from both the surface and subsurface of the skin. The nature of human skin physiology is such that this subsurface information is both relevant to fingerprint capture and unaffected by surface wear and other environmental factors.
The fingerprint ridges that we see on the surface of the finger have their foundation beneath the surface of the skin, in the capillary beds and other sub-dermal structures. The fingerprint ridges we see on our fingertips are merely an echo of the foundational “inner fingerprint”.
Unlike the surface fingerprint characteristics that can be obscured by moisture, dirt or wear, the “inner fingerprint” lies undisturbed and unaltered beneath the surface. When surface fingerprint information is combined with subsurface fingerprint information and reassembled in an intelligent and integrated manner, the results are more consistent, more inclusive and more tamper resistant.
"Multispectral fingerprint sensors do not have the same issues with reliability due to its advanced imaging capabilities," says Spence. "It and can work with all types of skin conditions in all types of environments. Access systems using multispectral sensors may cost a bit more up front but can save the locksmith lots of service calls and customer headaches down the road."
SekureID is one company that leverages multispectral technology in its access control readers that combine fingerprint and smart card technologies to determine who is an authorized user and who is not. SekureID offers an array of access control, workforce management, civil identification, patient identification, student attendance, and customized security solutions to customers in over 30 countries through their dealer network.
According to Marco Quintero, CEO of SekureID, concerning reliability. “If a person can’t use it, the system can’t do its job. We’ve never had a complaint about fingerprint reads.”
Privacy Concerns Should Not Be an Issue
When and if the subject comes up in conversation with your prospect, it is up to you to knock this objection out of the park. Here are the facts. Contrary to biometrics used by law enforcement, the actual image of the biometric characteristic is not stored in a database or on an ID card. Once enrolled in any access control readers, a mathematical algorithm creates a unique number that represents the points measured on the finger, hand or eye. The number – or template – that results from this equation is all that is stored.
Privacy advocates also need to understand that the biometric template can be kept on the card, not in the reader or on the network. This means that the user has complete control of the biometric. Nobody else has access to it unless the cardholder lets them.
The Right Biometrics Solution
Today, biometric solutions are successfully being used in applications such as access control, time and attendance, and visitor management. There is no longer any reason why locksmiths should not be sharing in this growing revenue stream - as long as the locksmith is educated on biometrics.
Remember, not all biometric solutions are created equal. To maximize profitability for the locksmith, it is critical to select a biometric that operates in work environments and delivers consistent results irrespective of gender, age, physical conditions or even the weather. The biometric needs to work every time and for every user.