Touch and go
biometric security projects aim to identify users in the blink of an eye
The biometric security market is poised for rapid growth: It's expected to be worth US$25 billion by 2020, up from US$10 billion in 2014, according to BIS Research. Before products incorporating everything from iris to voice to fingerprint recognition can go mainstream, though, project managers have to navigate challenges such as a product's user-friendliness and stakeholders’ security concerns.
Zwipe's latest project: the world's first biometrically authenticated credit card
“You're venturing into new territory all the time when you're making cutting-edge technology,” says Steffen Larsen, CFO, Zwipe, Oslo, Norway. “One of the risks of this is being able to accurately forecast and project the amount of resources and time that you would need to do something that no one has done before, partially because you lack project benchmarking to evaluate your project plans against.”
Although biometric technologies have existed for a few decades, they're surging in popularity as a way to combat recent high-profile security breaches.
As biometric systems enter new markets, project managers may encounter challenges integrating novel technologies within existing security processes. During Zwipe's latest project—an initiative to produce the world's first biometrically authenticated credit cards—Mr. Larsen's team found that the credit card industry's security certification process only partially covered the team's new fingerprint credit card.
To solve this problem, “certain parts of the traditional card certification steps were reviewed to ensure compatibility between existing systems and the fingerprint solution in our cards,” says Nora Skabo Rieber-Mohn, director of project management, Zwipe, Oslo, Norway.
When an organization adopts biometric identification technology, a major project challenge is merging new and existing internal systems. Project managers must create a solid integration and transition strategy early, says John Mears, a senior fellow and former director of biometrics and identity management solutions for Lockheed Martin, Rockville, Maryland, USA.
“You're venturing into new territory all the time when you're making cutting-edge technology.”
—Steffen Larsen, Zwipe, Oslo, Norway
The organization was contracted in 2008 by the U.S. Federal Bureau of Investigation for the US$1.2 billion Next Generation Identification (NGI) project. The goal was to develop and install a system that could identify suspects by fingerprint, palm print, mug shot or descriptions of unique scars, birthmarks or tattoos. When fed a clue, whether it's a mug shot or a print left at the scene of a crime, NGI sifts through an astounding amount of data—more than 230 million digitized records—and can frequently find matches in less than half an hour.
Achieving full operational capability in September 2014, NGI was delivered “on time, on budget and on function,” Mr. Mears says. That was possible thanks to disciplined project management, an incremental delivery approach, a close partnership with the FBI and a detailed plan for integrating data from the law enforcement agency's older Integrated Automated Fingerprint Identification System (IAFIS).
The U.S. FBI has sponsored projects to build better biometric identification systems.
“In a biometric deployment, you will always have an outlier or someone who just can't use the sensor or someone that refuses to. You have to have a plan B.”
—Tim Meyerhoff, Iris ID Systems Inc., Cranbury, New Jersey, USA
“Successfully integrating data from IAFIS to the new NGI system required creating a schedule to convert IAFIS information and move it to the new system in off-peak NGI developmental and IAFIS operations times,” Mr. Mears says. The agency's identification capabilities couldn't be compromised, so “the two systems had to operate in parallel as function was incrementally migrated. Users of either system could not be impacted.”
One of the biggest challenges facing biometric tech project teams is security. It's not just about delivering unhackable biometric devices. Organizations implementing these technologies must understand that they are only as secure as the back-end systems they rely on.
Tim Meyerhoff, sales and product management director for Iris ID Systems Inc. in Cranbury, New Jersey, USA, says that project teams delivering and installing biometric technology, particularly that aimed at identification within organizations, need to be up on the latest “spoofing” techniques hackers use and heed related security recommendations. (Spoofing is when a hacker impersonates another person or program.)
The biometric market is expected to be worth US$25 billion by 2020, up from US$10 billion in 2014.
Source: BIS Research
These companies also need to work with human resources to have contingency plans for employees who can't use a biometric device.
“In a biometric deployment, you will always have an outlier or someone who just can't use the sensor or someone that refuses to,” Mr. Meyerhoff says. “You have to have a plan B, like issuing a card and PIN to those users.” During previous projects, he's encountered people who can't use iris scanners because they wear patterned color contacts and others who object to biometric devices for religious reasons.
And project teams shouldn't assume a client will take care of the basics after a new system is installed, he says. “Encryption key settings and passwords are often overlooked,” he says. “A year or two down the road, we'll find that a client is still using all the system defaults.” —Christina Couch
FEBRUARY 2016 PM NETWORK
PM NETWORK FEBRUARY 2016 WWW.PMI.ORG