What CIOs need to know about workplace biometrics

Professor James Woudhuysen takes an in-depth look at what biometrics are out there and what they might mean for tomorrow’s enterprise

Biometrics, in which IT captures and checks a person’s unique biological and behavioral characteristics, is spreading through the world’s workplaces. In North America, where the advent of mainframe computers enabled police forces to establish automatic fingerprint identification systems (AFIS) as early as the 1970s and 1980s, major organizations now want to bring to the workplace widely different kinds of biometric scanners, sensors and other hardware, and the image and signal processing and pattern recognition software that go with these things. Why? In the first place, to prevent unauthorized access to physical sites, and especially unauthorized access to sensitive areas on-site.

A trend toward using biometrics to control employee and contractor entry in factory and in office is one thing. However, the broader market for biometrics is also on the up, and enterprises need to first understand its dynamics before they turn to workplace applications.

To start with, Donald Trump’s policies on illegal migration and national security have driven a thriving market for military biometrics. There, AFIS are established, but the recognition of irises and of faces is set to grow. One report has North American military and civilian government purchases of biometric systems topping $2.5bn by the end of 2022; that might be an underestimate. A particular hotspot in US government: education, where biometrics can help assuage concerns about cheating and campus harassment.

Are biometrics really the future of security and surveillance? Check out: The rise of biometrics is not as clear cut as may seem

Booming biometrics markets in law enforcement and general government are good news for giant biometric systems suppliers such as 3M Cogent, Fujitsu, Hitachi, Lockheed Martin, NEC, Nuance, Qualcomm, Siemens and Thales. But they’re also good news for smaller, more specialized firms with slightly cheesy names: BIO-Key International, CMI Time Management, Cross Match Technologies, EyeVerify, FaceFirst, GreenBit Biometric Systems and OT-Morpho. Companies like these can be expected to make their own efforts to extend the use of biometrics to the workplace.

General biometric techniques are spreading fastest, perhaps, in Asia. In North American and European healthcare, for example, concerns around fraud and patient security have been widely met by the deployment of biometric systems. Now it could be the turn of Asia and other developing regions of the world to help drive the global healthcare biometrics market from $1.3bn in 2015 to nearly $9bn in 2024.

In mainstream Chinese commerce, too, payment by means of face recognition systems is growing, especially in shops and fast food outlets. Bank ATMs also boast face recognition. In China as elsewhere, however, it’s government that’s leading the adoption of biometrics. In the dissident northwestern region of Xinjiang, for instance, Beijing has collected fingerprints and iris scans on everyone between 12 and 65 years old. Indeed, Beijing has added, to its database on Xinjiang, mass DNA samples and mass information on blood types.


How are multi-modal biometrics being used around the world?

China’s adoption of biometrics is certainly controversial. But in Xinjiang the government is also pioneering the use of multi-modal biometrics – the sort that integrates data from more than one personal characteristic, or ‘biometric identifier’, whether it be fingerprints, finger veins, palm prints, hand veins, hand geometries, or irises. This extra-level-of-security kind of biometrics, indeed, could emerge as a specialty for Chinese biometrics suppliers. Search Alibaba for simple “biometric fingerprint scanners” and you’ll find more than 7600 Chinese products on the market. Search it for two-factor “biometric fingerprint and facial recognition” devices, and you’ll still find nearly 470 Chinese products.

In India, too, biometrics is both controversial and multi-modal. The country boasts, in its Aadhaar (Foundation) 12-digit national photo-identity card system, coverage of nearly the entire adult population. It captures all 10 fingerprints, irises, and, to include older people with fuzzier fingers and eyes, will catch faces too from 1 July.  But when Aadhaar was criticized for weak security, the government’s Unique Identification Authority of India (UIDAI) and the police cracked down on critics. On 17 January, 24 petitions against Aadhaar began hearings at India’s supreme court.  

CA Technologies VP Lina Liberti looks at how to move on from reactive security to something more predictive: Why identity, analytics, and biometrics are key to proactive security


What can biometrics bring to the US workplace?

In the US biometrics has also proved polarizing, but though some controversy has attended the police use of face recognition, much more has focused on the use of biometrics in the workplace. The 2008 Illinois Biometric Information Privacy Act (BIPA), arguably the most stringent piece of biometrics legislation in the US, has prompted class action complaints not just against employers using biometrics, but also against systems vendors. If Illinois restaurants and hotels, among others, have rushed to install workplace biometrics so as to monitor their employees’ timekeeping, it seems that some may have failed to notify staff beforehand.

Washington DC and Texas have similar laws to BIPA, but don’t allow a private right of action against employers. Soon New Hampshire, Idaho and Alaska may follow in their footsteps. Yet whatever the merits of the complaints about biometrics, in Illinois or any other location, the fact is that the use, in the workplace, of up-close and personal methods of identification is bound to raise concerns about privacy. Indeed, privacy in the workplace is already a major issue in Europe, and, even in the less regulated US, is nowadays felt to raise a number of grey areas – even without biometrics, and without, too, those related but non-biometric workplace technologies such as the tracking of employees using GPS. So by the time biometrics is rolled out in the modern, sensitive, somewhat charged workplace, there should be little surprise that implementing it can prove tricky.

That’s especially the case because the data picked up by biometrics, though unique, is no more secure than any other kind of data. Once it reaches databases and networks, its special power is available to any capable hacker.

For all this, the allure of workplace biometrics is clear enough. Especially when surveyed with multi-modal techniques, employees’ bodies should now be able to give employers more security. Measured by biometric methods, people’s idiosyncrasies can, with the help of IT, defend enterprises from any kind of site ‘visitors’ trying to impersonate customers, suppliers, regulators or, crucially, members of staff. Indeed, the advantages and benefits of biometrics over several other related but rival technologies in the workplace show that biometrics has more to offer organizations than just enhanced workplace security:




Accurate ID of staff and others on site

Better access security than photo ID, passes, badges


Better timekeeping than punch clocks


Employer can track timekeeping more closely           


No ‘buddy punching’ fraud on hours worked


Compliance with regulation and/or improved safety

Automatic, fast access, e.g., at entrances

Fewer security guards, higher productivity

No staff keys or passes

Better security – no loss or theft

No human memory needed

Lower costs/higher productivity through fewer errors

Speed of accreditation of new staff on site                                      

Productivity of the enrolment/induction process

Speed of paying for food/drink at work

Fewer/shorter queues during lunch breaks


So far, methods both conventional (fingerprints) and much-hyped (face recognition) have, through the mobile phone and especially through China’s massive mobile payments industry, done much to popularize biometrics in general. Yet other methods will be vital to the future evolution of the most secure kind of biometrics – the multi-modal kind. What’s more, other methods encompass not just people’s physiological characteristics, but also their behavioral ones.


1 2 Page 1
Page 1 of 2