In response to concerns about privacy and data protection in the context of the use of Biometric data for non Government related transactions, Hitachi Europe would like to clarify several points for the sake of completeness.
For the purpose of this discussion we must also separate the issue of which part of a transaction relates to biometric data and which part of a transaction relates to the topic of Information Technology data security since these two items are often blurred
The first consideration concerns Privacy. Finger vein technology is one of the few biometric systems that can be considered to be privacy compliant. Several European Data Privacy Commissions, whose role is to enforce data handling procedures in line with
the relevant EU Directives, have already made declarations on this point. Such declarations pave the way for vein biometric solutions to be used in societal transactions.
The main reason that such declarations have been made is that in the case of Finger Vein Biometrics, the biometric data is gathered from the vein patterns inside the finger. It is not visible externally and cannot be easily obtained unless the user firstly
provides their finger willingly for a scan and secondly, the relevant specialised equipment is available. This is unlike Facial, Finger-Print, Iris-Scan and Voice Biometrics where the bodily features are visible externally and can all be captured without
the owner’s permission or knowledge using widely available equipment.
The second consideration concerns the security of the transaction itself. Once the biometric data has been scanned and the image has been processed, it is subjected to an algorithm to turn the processed image data into a template. This process is not related
to biometrics. Encryption and data mapping techniques are applied to protect and transform the information into a data set that is meaningless without the application of the correct encryption key or the correct mapping algorithm. The form of encryption
used is in line with that used to protect other transaction data (such as the PIN) in the banking environment.
The third consideration is the usefulness of the technology in allowing the end-customer to perform a transaction in a more efficient way. In Poland, one of the initial use-cases for Biometrics at ATMs is to provide a faster, more efficient and easy way
for Banks to dispense benefits payments to people who would normally spend time queuing at a bank counter. Many of the benefits recipients do not have a bank account and so there is no easy way for them to collect their benefits money. In this initial implementation
in Poland, the ATM user enters their personal number (not PIN data but Citizen number for instance) and a back office system provides the registered data to make a one to one check at the ATM. If the stored data matches the scanned data then the benefits
payment is dispensed by the ATM.
If the end-customer perceives that the technology is beneficial for them then as long as their concerns over security and privacy are addressed, then it is likely that they will be more open to use the new technology. Initial reports from the market in
Poland are encouraging and end-users are already seeing a much reduced transaction processing time. In this case it is noticed that customers are very willing to use such technology as they derive immediate benefits from it.
There are two sides to the business benefits case. The bank is able to process payments more efficiently with less queuing in the branch and the user spends far less of their time queuing at the counter.
Whilst this social benefits payments case may not be representative of banking solutions in other European countries it is a very good example of the use of technology to improve society. It is not just about securing transactions but finding innovative
ways of moving from a manual basis towards electronic transactions.