Let The Finger Do The Talking

Retailers need to understand how access control can be integrated into identity management systems

• By Bill Spence
• Jun 01, 2012

Visualize this: You walk into a men’s store, approach the “personal shopper” stand and place your finger onto a designated spot. A personalized greeting appears on the monitor: “Good day, Mr. Brigham. The last time you visited, you bought a blue pinstripe suit. To thank you for your business, for any tie you buy today, pick another at the same price or less for free. Your discount will appear at checkout.” With a biometrically enabled loyalty system like that, past customers will want to return to the store over and over again.
Today, retail decision makers can be less concerned about whether technology works—with the introduction of multispectral imaging, even biometrics have become reliable—and more interested in how access control can be integrated into identity management systems for goals beyond the simple transaction of opening a door. Also today, they can use biometrics in “customer-facing” applications like loyalty programs. With the advent of the latest technologies, biometrics have been successfully deployed at major theme parks and ATMs. Why shouldn’t the retail industry take advantage of new biometrics technologies as well?

Can biometrics allow workflow to be streamlined by a single authentication solution across an organization? Can user authentication be tied into safety systems, as required by regulators or insurance providers? Can business patrons’ experiences be enhanced by expanding the touch points that know who they are? The answers to these questions are being asked today by retail CIOs who are demanding seamless and holistic solutions to IAM challenges that revolve around the question, “Who?”
The challenge has always been how to establish the “who” in transactions. Who is accessing the warehouse? Who is punching the time clock? Who is the customer standing in front of me? The question is always, “Who?”
Until now, the industry response to this question of “who” has been to use the best available tools to approximate identity. Thus, cutomers can present a credential— something they know like a password or something they have like a swipe card—to authenticate their identity. However, credentials alone simply cannot substantiate identity.
CIOs understand that others can know the password—it may have been shared, found or observed. Cards and tokens show what somebody has, but possession alone does not ensure identity; somebody else could have access to that card or token via sharing or theft. Thus, while access and authorization have always been granted to individuals, knowing a password or having a key is only superficially related to the authorized person, and neither can establish who. Only a biometric can do that.
Here’s an example of why it’s important to know who. Today, NFC-enabled smartphones are starting to get a lot of press. It is now possible to replace cards with virtual credentials on a smartphone. These credentials, when linked to one’s unique identity, provide an easier, simpler way to pay for merchandise. The customer just has to tap his or her smartphone to the cash register. NFC-enabled smartphones also could provide better access to buildings, data or devices.
Nonetheless, virtual credentials still verify only that somebody has the phone. Add a biometric to the phone and you know that the person using the phone is the person who is authorized to use it.
Instead of a smartphone, retailers could implement finger biometrics and actually understand who. After all, not all customers fit the phone-carrying demographic. And what about customers who forget to bring their cellphone? They didn’t leave their finger at home! Let’s look at some retail applications and how biometrics can help take retailers to the next level.
Eliminating the High Cost of Buddy Punching
Increasingly, retailers are discovering that time and attendance technologies, such as barcode ID cards, proximity cards, PINs and manual punch clocks, are inexpensive short-term fixes but, in the long run, they can be exploited and are susceptible to fraud, rendering them a poor long-term solution. Biometrics solves this problem by eliminating sharing, swapping, stealing and loss of PINs, passwords and ID cards. This is especially true for big-box environments