How to Choose a Biometric Vendor: Your Top 10 Considerations

The demand for online biometric authentication is soaring. Consumers love the convenience of using face verification to prove their identity online. Organizations are recognizing that biometrics offer security and other benefits far beyond what passwords and other authentication methods can deliver. 

But there are many biometric systems and different biometric companies and vendors. So how do you know which one is right for your organization? 

The right vendor will depend largely on your use-case. For some organizations, especially in government or financial services, finding a system with the highest levels of security will be the deciding factor. In other cases, organizations will be looking for flexibility in how they handle different levels of risk. There are numerous factors that must be taken into consideration, including security, scalability, performance, privacy, and cost. 

Let’s walk through your top considerations when evaluating biometric authentication vendors.

1. Establish what levels of security you need

Before you begin the evaluation of the biometric authentication systems available to you, establish what levels of security you need and where the risks lie for your organization. Ask yourself the following questions:

• What are the implications of an imposter getting access to a user’s account? Account takeover means different things for different organizations. If you’re a bank, accounts could be emptied and large amounts of money stolen. If you’re a social network, small businesses could find their profiles held for ransom and their livelihoods jeopardized. Find a solution that offers the appropriate levels of security for your users and interactions.
• What are the implications of new account fraud? What damage could be caused to your organization if a criminal set up an account using a stolen identity or the name of a non-existent person? If you’re in the financial sector, fraudsters can set up accounts for money-laundering or to run up large amounts of debt. You then risk being prosecuted by the regulators for failing to follow know-your-customer (KYC) or anti-money laundering (AML) guidelines. If you’re a government agency, fraudsters could steal money allocated for social benefits.
• What happens if one account gets successfully attacked and the attack scales to thousands? Establish the potential scale of the problem. We’ve all seen the fallout from a large-scale data breach. What would happen if your systems were targeted on a mass scale and thousands of accounts were successfully attacked in a short period of time?
• What is good enough? Every organization needs to decide on the level of security necessary for their use case. However, many set the “good enough” bar too low because they are willing to accept a certain level of fraud. Consider the implications of this approach carefully. At best, it can lead to financial loss and inconvenienced customers. At worst, it can cause serious damage both financially and to your reputation—and that scenario is very possible in a world of scalable cybercrime.

2. Define your usability and inclusivity needs

Usability and inclusivity are crucial. Your biometric solution should be usable by the largest section of the population possible. When considering a vendor for usability, ask the following questions:

• How inclusive is the vendor’s solution? Any responsible organization today should aim for maximum inclusivity. Can the vendor demonstrate how they mitigate against bias? Do they already support customers in multiple regions and for diverse customer populations? Is the solution accessible by digital newbies as well as digital natives? Can it be used on any device?
• Is the solution fast enough? To strike the right balance between speed and security, think carefully about the scenarios you’ll be serving. A split-second authentication won’t offer the reassurance needed if a user is completing a high-value transaction, but an authentication that takes 30 seconds may cause frustration. Can the vendor deliver the accuracy to complete an authentication the first time? Do they offer the scalability to process thousands of transactions per second? 
• Is it reassuring and respectful? What is the experience like for the user? Does it match the importance and sensitivity of the transaction? Does it feel respectful of privacy and circumstance?
• Is it convenient? Can users complete the authentication easily? Does it enable them to access your online services via any device? And are your users able to use alternative means if, for any reason, the authentication fails? 

3. Compare system accuracy

Make sure you compare the accuracy of the solutions you’re evaluating. Accuracy plays a large part in the user experience; if an authentication fails, for whatever reason, a user’s frustration will increase. This, in turn, affects your brand image and customer satisfaction as well as cost. It’s important to establish the vendor’s false rejection rates (FRR) as well as their false acceptance rates (FAR).

4. Check the vendor’s performance

A key metric of performance to consider is the average number of attempts good users need to pass. Ideally, every honest person would pass on the first attempt. However, it is likely that some legitimate authentications will fail, and an average number greater than one is inevitable. How much greater than one is a good measure of usability and your likely conversion rate. Ask your vendor for this number, as well as the size of the sample it was based on and how they calculated it. Ask existing customers for their experience.

5. Understand your scalability needs

Many organizations do not have a clear idea of how great the adoption of biometric authentication will be among their users. Expected levels of demand can vary enormously from actual outcomes over time. You need to ensure that the solution you choose will scale quickly and cost effectively. If you host the solution yourself, can you provision and afford the servers needed to cover all outcomes? If you choose a cloud-based provider, do they have a track record of supporting high levels of demand?

6. Address privacy concerns

Addressing privacy from multiple angles—your users’ concerns, your organizational needs, and the requirements of any regulators or other organizations that might need to be considered—is important. When selecting a vendor, ask the following questions:

• How is the data being processed?
• Where is the data being processed?
• If the data is being reviewed manually, where are those humans located?
• How and where is the data stored?
• How is the vendor complying with regulations?

7. Compare costs 

Biometric systems can be priced in different ways and can include different components. For example, some cloud vendors include hosting costs in their pricing structure while others expect the organization to bear these costs directly. Build a few models of potential uses so you have options and can work with the vendor to find the best possible model for your budget requirements. You can read more about cloud versus on-device biometric systems here. 

8. Understand the vendor’s processes

How do vendors process all their authentications? When a vendor’s technology isn’t good enough, some rely on manual checks—and manual checks affect privacy and accuracy. In addition, manual checks don’t scale—if your volume doubles unexpectedly, the vendor is unlikely to be able to double the number of manual checkers.

9. Consider the vendor’s team

Is the vendor easy to work with? Do they have customer-focused people and processes? What do their other customers and partners say about them?

10. Evaluate the vendor’s profile and references 

• Does the vendor have a strong presence in the industry? Are they involved in setting standards and working with other organizations to define the future of the industry? Has the vendor won any awards? Choose a vendor that is reputable, is proven, has good references, and can demonstrate strong market adoption.
• Who are they working with and what testing and audits have they been through? For instance, choosing a vendor with a global customer base might be crucial in providing reassurance on bias and inclusivity. 

If you’d like to learn more about how iProov can secure and streamline your organization’s online verification, authentication, and onboarding, book your demo today.