On May 5, 1961, moments before blasting off on his historic space voyage, astronaut Alan Shepard couldn’t help thinking “that every part of this ship was built by the low bidder,” according to press reports from the time. That’s the anecdote Ben Rothke, a senior security consultant in New York for BT Professional Services, a leading IT security firm in El Segundo, Calif., uses to describe the flimsiness of the system billions of people depend on to access everything from e-mail to bank accounts: a username and password. “This is the Achilles heel of electronic security. [This] authentication mechanism ... was broken 20 years ago,” says Rothke.
Rising fraud -- victims file some 25,000 complaints monthly to the federal government’s Internet Crime Complaint Center for hundreds of millions of dollars -- is driving demand for beefier measures. Among the fastest growing: biometrics, which uses individuals’ unique physical characteristics, such as fingerprints and iris scans. The market for the technology is still peanuts -- U.S. sales were less than $1 billion in 2009, the latest year for which data are available -- but biometrics is the fastest-growing major segment in the electronic security business, according to the Freedonia Group, which expects the market to hit $6.6 billion by 2019. By then, half of electronic access controls will be biometric, double what it is now, according to the Cleveland (Ohio) business research firm.
Within biometrics, iris-recognition, the fastest-growing technology, has compelling advantages. Each iris, the colored part of the eye (which controls light flow), is unique and remains virtually unchanged for life. Within 10 seconds, a recognition device can take a digital photo of the iris and algorithmically convert it into a template that can be compared against others in a database. This method is faster and more hygienic, and its results more accurate, than fingerprints, with negligible errors.
CONTROLLING A COUNTRY’S BORDERS
IrisGuard in Amman, Jordan, a pioneer and the largest specialty iris-recognition device manufacturer among at least six other companies, is proselytizing for the technology. Its efforts to persuade public and private-sector institutions to adopt it are gaining traction. Founder and Chief Executive Imad Malhas, 48, a veteran software developer, says that before the Arab Spring accelerated, 2011 sales were on track to double from $5.08 million in 2010. He notes that IrisGuard “has been cash positive and in the black from [its] inception” in 2005. Among the 40-employee company’s milestones: deploying the world’s first iris-based border control system for the United Arab Emirates, where foreigners make up 60 percent of the population. Since its tracking system started operating in 2002, more than 37 million arriving passengers have been enrolled in the system’s database, catching 600,000 deported workers trying to get back into the UAE with new identity documents. In another first, Jordan is now rolling out a system supplied by IrisGuard that enrolls every visitor to the country.
The 82,000 law enforcement agencies in the U.S. face similar challenges of scale. More than 2.2 million inmates are in U.S. prisons and jails, and another 5 million are on parole or probation. Rhode Island’s Corrections Dept. was in the process of acquiring an iris system last summer when corrections officers at the maximum security Anthony P. Travisono Intake Service Center mistakenly released an inmate who impersonated another with the help of a rumpled photo and some coaching on security questions. Deputy warden Robert Vitale, who has since overseen the installation of a $50,000 system that uses IrisGuard technology to register irises of all inmates and new arrivals, is a fan. He says he can get a reply on an individual’s criminal history from the FBI in one to three minutes vs. the 20 minutes to 60 minutes it takes with fingerprints.
There is significant “legacy” competition from earlier biometrics, like mug-shots and fingerprints, which are still, laments Malhas, the “darlings” of the FBI and other law enforcement. “You can’t leave your iris at a crime scene,” he says, conceding his technology is more about authentication than identification. In practice that means it’s proving most appealing to organizations with large existing databases. The higher cost of iris-recognition systems compared to some other biometrics, has also tended to restrict sales to controlling access to sensitive areas within entities with significant security budgets.
One of the most promising for IrisGuard is in the financial services industry. In 2008 the Cairo Amman Bank became the first bank in the world to launch Malhas’s iris-based ID system -- using it throughout its 87 branch network in Jordan and Palestine. “A person’s iris is nontransferable, it cannot be lost, stolen, forgotten, borrowed, or duplicated,” notes Kamal Al-Bakri, the bank’s CEO. Cairo Amman has enticed more than 65,000 customers to ditch their bank cards in favor of eyes-only transactions. Most of those enrolling in the free, voluntary program are under 40, which reflects the youth bulge in the region’s demographics. Several other banks in the region, including BankMed in Lebanon and Egypt’s Misr Bank, are in the process of rolling out similar systems.
Going mainstream is a long road, and the first steps are often the most difficult. Customer convenience will likely be the deciding factor, according to James Block, advanced technologies director at ATM manufacturer Diebold in North Canton, Ohio, because of the “ubiquity” of the ATM card and PIN system. “If the only way you were known by your bank is by your fingerprint or by your iris, and you went to Paris, France, and they didn’t have a fingerprint reader [or] iris scanner on their machine, you couldn’t get money. ... That kind of gets in the way of acceptance,” explains James Block. Although there are regional “pockets” -- especially in Asia -- where Diebold’s machines retrofitted with iris-recognition capabilities are being deployed, he does not expect integration to become widely adopted for at least another five years, if then. BT Professional Services’ Rothke agrees. Until “JPMorgan starts sending out biometric readers and requires it for all of its cardholders ... or until it is seamlessly integrated into Apple devices ... there is a chicken-and-egg problem,” Rothke says.
These obstacles don’t constrain how Malhas envisions the industry unfolding. Convenience, after all, is critical to his technology’s potential. A prototype for online banking -- EyeSign -- is now being offered to several hundred Cairo Amman customers in a pilot project. The same unit could be used in payment systems as well, for online shopping and at retail outlets, something his bank clients are keen to see, Malhas says. “In the future, when you go, say, into an ice cream parlor, you will just look into one of these devices and say, ‘I want to pay with my eye,’ he enthuses.
Malhas’s prediction of the technology’s widespread integration seems to be supported by recent developments. In March 2010, the U.S. military consolidated its earlier efforts into the Biometrics Identity Management Agency to direct development and implementation of biometric technologies across the Defense Dept., often the seedbed for wider civilian dissemination. American soldiers in Afghanistan are already collecting iris scans and checking identities and affiliations in a central database that contains more than 2.2 million identities and adds thousands monthly. This year IrisGuard began supplying cameras to India’s Unique Identification Authority, an agency with a mission to register the irises of each of the country’s 1.2 billion citizens.