This post was originally published on Bianca's Linkedin on Dec 9th. You can follow her here.
For those who know me - and maybe even some that don’t know me that well know that I’m very loud and proud to be Brazilian. Just watch my reaction to a fellow Brazilian in the crowd at a talk I was giving in Toronto!!
With this unique situation of being Brazilian and leading a global biometric tech company I was recently asked to comment on how biometrics are being used in Brasil and Latin America as a whole for a piece for IDG and I want to elaborate here.
Brasil, has been using biometrics for years, and has allegedly zeroed the account opening fraud rate by utilizing biometrics at the ATM with an initial partnership with Morpho over 8 years ago. Brasil also uses biometrics for voting titles, police enforcement and is now undergoing a big push toward public transit.
If you look at Latin America as a whole, it is also one of the most culturally rich and diverse regions in the world; a perfect mixed bag that combines native traditions with immigrants coming from all over the globe. Unfortunately, the diversity of its identity is matched by that of its identity credentials, and the opportunities for fraud it affords. There is extensive fraud caused by low-security, easily counterfeited paper- and plastic-based breeder documents, and the problem causes extensive losses to the region’s local economies.
Now Latin America is also known for its prolific use of biometrics and it has become one of the largest growing markets for biometric technology. This technology is now beginning to be used to prevent fraud, as well as to bring convenience and security to daily transactions. It is also increasingly being used by the region’s governments. I believe we are seeing a high increase in biometric adoption due to the volume of the critical mass of inhabitants. The sheer number of people in these countries and the fundamental lack of trust in documents, such as your birth certificate as a form of identity “proof”, something that is often the gold standard in countries like Canada and the USA.
Many countries in the LATAM region use biometrics as a key factor for identifying its citizens. Fingerprints and biometric face enrolment are widely used in breeder document issuance in countries such as Brazil, Argentina, Chile, Mexico, Peru, and Paraguay, creating databases of biometric and biographic information that are useful for inhibiting fraud. Biometric collection is not typically performed by a single government agency, but rather by several independent government branches—both at federal and state levels—using the collected data for their own independent authentication and validation processes. These independent databases are generated over long periods of time, and eventually a citizen will likely have their biometric templates duplicated in various repositories.
Data redundancy is a big problem, and needs to be enforced to preserve data in the event of a hardware or software malfunction. Backup and redundancy are mandatory for government agencies and private enterprises alike, and this applies to biometric data as well. One might hope that re-enrolment isn’t necessary if their templates are already stored in a different government database, but that’s rarely the case. This is where I believe something like BioConnect and a platform that is agnostic of device and has a ledger can really play a big role in preventing fraud.
For example, a typical Brazilian citizen has a federal ID card, driver’s license, and a passport, and their data is duplicated in all three systems. These databases are not interconnected or interoperating due to systems and procedures being optimized to each agency’s own specific obligations and responsibilities, as well as the prohibition of data exchange for security and privacy reasons. The result is an undesirable scenario where each citizen has many different ID credentials issued by different states and agencies.
Adding to the problem, individuals often have multiple accounts in a same system. I love my country, but this is a big mess in that sense.
These issues together create a perfect storm for fraud where credentials are relied upon to verify citizens’ identities. Fraudsters may take several different loans from one or more banks, enroll several times for pension or retirement plans, or take advantage of state-financed benefits such as healthcare or public transit discounts.
They do this in Canada, why wouldn’t they do it in a region with much less serious police enforcement?
The problem generates big losses for businesses, but the public sector bears the brunt of the losses due to the fraudulent use of government or state sponsored benefits, including social services, healthcare, student loans, pensions, which add up to many millions of dollars. A lot of the fraud could be prevented if these databases could somehow be synchronized. Most agree that communication is the key for fraud prevention, but for various reasons they can’t allow their data to be shared.
A possible approach to helping encourage data sharing for fraud prevention is to enable those who possess useful biometric data to charge a fee for biometric search or authentication, while maintaining its privacy and security. A search of the data can serve as a duplicate check against multiple enrolments and prevents individuals with several ID cards from enrolling multiple times in a database. Do you want to mention templates anywhere here? Rid of the “fear” aspect? It can also perform an authentication in the cloud by verifying the identity associated with an ID number and guaranteeing the authenticity of both biometrics and breeder document. This type of service has the potential to prevent healthcare abuses by guaranteeing the identity of health care, pension earners, insurance beneficiaries, people applying for jobs, and even replacing PIN codes or digital signatures for banking and financial transactions. There are many use cases and applications. I see this as a potential next big challenge. And quite frankly even Canada can learn tremendously from this.
The banking sector is leading adoption of biometrics as a security authentication factor, especially in Brazil. Brazilian banks have integrated biometrics into ATMs as a more reliable and safer authentication mechanism, where customers may have access to their accounts by way of fingerprint authentication, instead of PIN memorization or carrying a card containing preset authentication keys. This use case brings convenience to the customer and a much stronger authentication factor for banks, reducing the risk of fraud and stolen bank cards. The usage of biometrics in the Brazilian banking market has been so successful that banks and electronic means of payment enterprises are now exploring the possibility of integrating biometrics at non-supervised types of transactions, pushing the biometric authentication toward personal computers and e-commerce, as well as mobile platforms for banking transactions.
This is so important for the future of identity and identity as we know it today. We unfortunately still hear North American banks and companies afraid to rollout big use cases or systems to a wide client base. I think what LATAM has taught us is if it can work there, it should work anywhere. We in North America have much more stringent laws and documentation parameters enabling even better data points to add to a biometric system. We have better connectivity and less people, so it’s about time we move ahead.