biometric-interoperabilityLatin America (LATAM) is one of the most culturally rich and diverse regions in the world; a melting pot that combines native traditions with a perpetual influx of people from all corners of the world. Unfortunately, the diversity of its identity is matched by that of its identity credentials, and the opportunities for fraud it affords. The region suffers from extensive fraud caused by low-security, easily counterfeited paper- and plastic-based breeder documents, and the problem causes extensive losses to the region’s local economies. Fortunately, LATAM is also known for its prolific use of biometrics, which are beginning to be used to prevent fraud, as well as to bring convenience and security to daily transactions.

Many countries in the LATAM region use biometrics as a key factor for identifying its citizens. Fingerprints and biometric face enrollment are widely used in breeder document issuance in countries such as Brazil, Argentina, Chile, Mexico, Peru, and Paraguay, creating databases of biometric and biographic information that are useful for inhibiting fraud. Biometric collection is not typically performed by a single government agency, but rather by several independent government branches—both at federal and state levels—using the collected data for their own independent authentication and validation processes. These independent databases are generated over long periods of time, and eventually a citizen will likely have their biometrics duplicated in various repositories.

Data redundancy is commonly enforced to preserve data in the event of a hardware or software malfunction. Backup and redundancy are mandatory for government agencies and private enterprises alike, and this applies to biometric data as well. One might hope that reenrollment isn’t necessary if their biometrics are already stored in a different government databases, but that’s rarely the case.

For example, a typical Brazilian citizen has a federal ID card, driver’s license, and a passport, and their data is duplicated in all three systems. These databases are not interconnected or interoperating due to systems and procedures being optimized to each agency’s own specific obligations and responsibilities, as well as the prohibition of data exchange for security and privacy reasons. The result is an undesirable scenario where each citizen has many different ID credentials issued by different states and agencies. Adding to the problem, individuals often have multiple accounts in a same system.

These issues together create a perfect storm for fraud where credentials are relied upon to verify citizens’ identities. Fraudsters may take several different loans from one or more banks, enroll several times for pension or retirement plans, or take advantage of state-financed benefits such as healthcare or public transit discounts. The problem generates big losses for businesses, but the public sector bears the brunt of the losses due to fraudulent use of government or state sponsored benefits, including social services, healthcare, student loans, pensions, which add up to many millions of dollars. A lot of the fraud could be prevented if these databases could somehow be synchronized. Most agree that communication is the key for fraud prevention, but for various reasons they can’t allow their data to be shared.

Data security and privacy concerns are the major challenges for sharing of biometric data. No agency allows access to or transmission of their biometric data, but the goal of using biometrics to reduce fraud prevention can be achieved by anonymizing data and minimizing its exchange. For example, one agency can provide anonymous biometric data for search in another database, whose owner can respond with a simple yes/no answer. Security agencies already operate in a similar fashion. This workflow prevents access to the full database content and the only biometric data through the network comes from the requesting platform. A central hub interconnecting these different databases is required to manage the data broadcast and services requests, as well as the adoption of clear matching objectives and biometric standards between backend databases and frontend customers.

A possible approach to helping encourage data sharing towards fraud prevention is to enable those who possess useful biometric data to charging a fee for biometric search or authentication, while maintaining its privacy and security. A biometric search can serve as a duplicate check against multiple enrollments and prevents individuals with several ID cards from enrolling multiple times in a database. It can also perform an authentication in the cloud by verifying the identity associated with an ID number and guaranteeing the authenticity of both biometrics and breeder document. This type of service has the potential to prevent healthcare abuses by guaranteeing the identity of healthcare recipients, pension earners, insurance beneficiaries, job applicants, and even replacing PIN codes or digital signatures for banking and financial transactions. There are many use cases and applications.

The banking sector is leading adoption of biometrics as a security authentication factor, especially in Brazil. For example, banks have integrated biometrics into ATMs as a more reliable and safer authentication mechanism, where customers may have access to their accounts by way of fingerprint authentication, instead of PIN memorization or carrying a card containing preset authentication keys. This use case brings convenience to the customer and a much stronger authentication factor to banks, reducing the risk of fraud and stolen bank cards. The usage of biometrics in the Brazilian banking market has been so successful that banks and electronic means of payment enterprises are now exploring the possibility of integrating biometrics at non-supervised types of transactions, pushing the biometric authentication towards personal computers and e-commerce, as well as mobile platforms for banking transactions.

In addition, banks are starting to recognize the benefits of data sharing, especially to fraudsters. Most efforts are concentrated towards a centralized platform that will connect different banks databases and serve as a customer authentication hub, so banks can use it to check new applicants’ credentials against other banks databases. This platform has the potential to prevent attacks across multiple banks, and any service provider or government agency that may have access to its services.

Achieving interoperability of biometric systems in this way is a potentially powerful fraud prevention mechanism that can even lead to new revenues to parties that possess useful data. The LATAM region has the advantage of being historically friendly to biometrics and already has several large biometric databases available. The biggest challenge is to implement interoperability in such a way that does not impact security or privacy. Where this can be accomplished, there is a great opportunity for businesses and governments in the region to make great strides toward reducing fraud.