Exceed biometric standards, expert urges

Meeting the minimum standards in biometrics is sometimes not enough, according to a biometrics expert.

Standards provide a good baseline for the implementation of biometrics but organizations should "consider the business ramifications for exceeding them", David Chadwick, Unisys' senior solutions advisor for identity and biometrics in the Asia-Pacific region, told ZDNet Asia in an interview.

Biometric systems in general will return a list of candidate matches when a sample is entered for identification, said Chadwick, also a member of the Technical Committee at the Biometrics Institute, an independent not-for-profit organization focused on promoting, educating and setting standards for biometrics use. In the case of facial recognition systems, particularly in "high-risk" processes such as law enforcement and immigration, the ability to accurately identify a match boils down to standards and the operators' experience and tools.

Currently, the ISO 19794-5 standard for facial image data specifies a minimum resolution of 640x480 pixels for facial recognition purposes, he pointed out, adding that most facial systems designed today are based on that.

However, at that resolution, there is "very little" fine detail available. On the other hand, studies have found that new facial algorithms are able to perform more refined searches on very high-resolution images.

According to Chadwick, the process of resolving a facial match can span three levels. The first is a visual comparison that relies mainly on a trained operator's judgment. If there are any doubts or concerns, the process escalates to the next level, where comparison tools are used to compare facial regions. Such comparison, he explained, would be limited based on the minimum ISO standards.

Forensic comparisons are used in the third level of facial match resolution, where court proceedings or judicial reviews call for formal comparison procedures. This involves the analysis of individual facial components, and "meaningful results cannot be obtained" with images at 640x480 resolution, he added.

The best possible resolution of 4,000x3,000 pixels would be ideal for quality images, but that would pose concerns relating to bandwidth and storage capacities. A good resolution for facial recognition for high-risk processes, therefore, is 1,600x1,200 pixels, he said. Generally, organizations "should use the highest possible resolution based on IT and business needs".

Biometrics, Chadwick pointed out, are "no panacea" for fraud but merely tools for businesses. "Like any business process, companies have to choose tools that are the most suitable.

"If facial recognition systems are not designed and implemented correctly, they can end up being the most expensive biometric solution," he said.