FindBiometrics President Peter O’Neill recently interviewed Richard Agostinelli, CEO of Crossmatch. The conversation begins with a review of Crossmatch’s successes in India, China and the Middle East markets, as well as the biometric opportunities offered by today’s emerging markets around the globe. Agostinelli goes on to speak about Crossmatch’s educational initiatives and how his company is positioning itself as a leading biometrics educator, before shedding light on the state of multi-factor authentication and liveness detection — or as it is becoming colloquially known: PAD (presentation attack detection). The conversation concludes with recognition of Crossmatch’s recent ESGR Above and Beyond Award and a look ahead to what the company has in store for the future.
Read our full interview with Richard Agostinelli, CEO, Crossmatch:
Peter O’Neill, President, FindBiometrics (FB): Crossmatch is truly a global player, can you tell us about your activities in areas outside of North America — in China, India, the Middle East, for example?
Richard Agostinelli, CEO, Crossmatch: Yes, Crossmatch has been global from almost its inception more twenty years ago. Today about half of our revenue is generated outside of the United States, where we are seeing significant interest. The is particularly true for the three places you mentioned.
In India, the Aadhaar program is really exploding, as you know. Initially it was meant primarily for benefits distribution, but has now grown to point-of-sale applications. With all the currency fraud that has been going on in India, they recently outlawed some of the larger banknotes, taking them out of circulation. As a result, more and more people are making payments via point-of-sale terminals using their Aadhaar number, which of course requires a biometric. That has been a strong area of growth for Crossmatch.
In China, the China ID program is requiring biometric authentication for everything from banking and real estate transactions to test taking and a variety of everyday activities. So, this has represented another strong area where we are seeing growth.
In the Middle East, of course, there is a huge concern for and opportunity around border control and migrant/refugee management – use cases where we have a great deal of experience. I might add that we recently opened an office in Dubai to serve that region.
FB: Now Rich, with these explosive developments in places such as India are you finding that is being watched carefully in other parts of the world? Are you starting to see the momentum grow in other places as well?
Crossmatch: In my view it is strongest in emerging markets. There is a constant balance – as you know, Peter – between biometric enrollment in large scale civil government programs and privacy concerns, which are still prevalent. In the emerging markets, where most people aren’t in the banking system, they embrace the use of biometrics to enable them to participate in everyday transactions. Whereas in more developed countries, where most people are already in the financial system, they really resist a bit more where the balance between the perceived privacy issues and biometric convenience tips toward privacy. So, we are seeing adoption and growth more in the emerging markets.
FB: That leads well into my next question which is how do we educate end users and everybody involved in biometrics now? There is a fascinating project undertaken on the Crossmatch website which is a history of biometrics stretching from ancient times to today and into the future. I was reading it and the most recent chapter is about how the 9/11 terrorist attack affected the biometric industry and in our Year in Review, our 15th annual, industry experts resoundingly agreed that education is critical to the biometric industry. Do you see Crossmatch as playing a leadership role in the education initiative?
Crossmatch: Yes, we need to. And thanks for mentioning those educational campaigns, “Behind the Biometrics Boom” and “Think You Know Biometrics?”. We’ve been spending a lot of time and effort on our social engagement and a lot of the content is educational as opposed to company specific. We also have a growing blog following who have an interest in a variety of topics: biometrics, multifactor authentication, standards, etc.
You mentioned 9/11. As you know Peter, I have been in this industry for a long time, as have you. And even after all these years, there is still a bit of a mystique around biometrics and what it can do and what it can’t do. If a biometric system is installed and it is installed incorrectly, it will fail. When that happens, the ill-informed are quick to claim that “biometrics don’t work,” rather than address the installation that was poorly executed. It is just so critically important that people have at least the basic understanding. Especially now that we have such explosive growth in the commercial and consumer world, and additional biometric modalities are being introduced everyday. Most of us are familiar with face, finger, iris and voice, but there are a variety of other biometrics coming out. Potential users are barraged with these different modalities and trying to figure out the pros and cons and which ones to choose.
It is critically important that we educate the market as an industry. Because the other issue that I have talked a lot about is that in the early days of biometrics many people inadvertently promoted it as a magic bullet – something that would always work, every time and in every use case. And as we know, it is an incredibly effective tool, but it has to be deployed correctly. So, education is absolutely critical as we move in to more widespread adoption. And yes, Crossmatch is striving to take a leadership position there.
FB: Congratulations on your website and social engagement because it is critically important. FindBiometrics is always striving to educate through our webinars and featured content and events appearances. I agree with you 100 percent: with all the new entrants into the marketplace companies are looking for leaders who have a long history of success like Crossmatch does.
Crossmatch recently partnered with BehavioSec, bringing behavioral biometrics to the DigitalPersona enterprise security platform. How does behavioral fit into your larger identity management portfolio and are you seeing a greater demand for behavioral solutions and what is driving all of that?
Crossmatch: We refer to our DigitalPersona security platform as providing “composite authentication.” That is a term we have coined to indicate that authentication needs to be broader than just multifactor authentication. Multifactor, as you know, is a combination of something you are, something you have, and something you know – a biometric, a password or a card for example. Composite authentication expands from here with other risk-based factors.
Right now, behavioral – how you type on your keyboard, for example – is one of those additional factors along with geolocation and geospatial. Where were you when you introduced the probe? Where were you right before that? And is it physically possible to have a probe come from Los Angeles ostensibly from you one minute and another probe ostensibly from you come in from New York the next minute?
What I see happening, Peter, is that proving someone’s identity is moving more towards a continual gathering of information from multiple sources – biometrics, location, time, machine interaction – to learn how an individual usually interacts with his or her devices as he or she moves through everyday life. Then when a probe is initiated using that information, we can create a high level of confidence that the authorized user is indeed initiating the probe.
In addition to behavioral biometrics, we are doing research into deep learning, artificial intelligence, because this information is going to come from all sources. We need to be able to create this web of information to help increase the probability that we have identified the right user as they continually move in and out of an online and digital world.
FB: We are certainly feeling the same thing. And another important aspect that came out of our Year in Review survey was a resounding call for an improved liveness detection. Again, you are making some wonderful steps there. In January there was an announcement that you are expanding your license agreement with Precise Biometrics who now owns NexID, bringing Precise BioLive software to your fingerprint readers. Can you tell us a little bit about that and what drove that relationship?
Crossmatch: Sure. I joke that you can tell when a topic is important because it gets its own acronym, and now liveness detection is called “PAD” – Presentation Attack Detection. That is how you know that it has moved into the mainstream. I think liveness detection has become increasingly important as biometrics has moved from the traditional government world where an armed, trained operator was monitoring the enrollment to today’s world of the unattended authentication of an individual. That operator could inspect the individual to make sure that he or she didn’t have on some sort of a fake finger device or patterned contact lenses, for example. They could ensure that the individual was presenting his or her own biometrics. But as you get into unattended environments where the individual is enrolling or authenticating alone in the privacy of their own home, it is important to enhance the liveness detection.
We have looked at the various alternatives in the marketplace and did partner with Precise to add enhanced capabilities to our single finger product line as well as our tenprint line. Obviously, our devices have their own capability within the hardware and software, but we wanted to further enhance those capabilities. We continuously look at ways to improve performance.
The other thing that we have done in addition to the partnership with Precise is to pursue and win a program with IARPA – the US Government’s Intelligence Advanced Research Program Activity, to develop Presentation Attack Detection solutions. We have a four-year program underway where we are doing advanced research into presentation attack detection.
Although PAD is important, it is also critically important to address and understand that we will never be able to say that any biometric collection device is 100 percent anti-spoofable, because we can’t prove the negative. People are coming up with new attack approaches everyday and we diligently continue to try and stay ahead of that, but we believe we absolutely must also use additional layers of security, other biometric modalities, other non-biometric factors to help buttress an identity profile.
FB: Again, that ties back into the educational area in making sure that people understand these nuances in the biometric area.
Crossmatch: Agreed, Peter, that is part of the education.
FB: We just posted a press release about your award from the DOD, the ESGR Award, can you tell us a little bit about that? Wonderful news and congratulations.
Crossmatch: Thank you Peter. Although the commercial part of our business continues to grow, obviously our roots are in the government sector – predominantly in the US government sector. We have a long history there and are particularly proud of the work that we have done over the years and currently to support the mission of the US government agencies. Just this week we did receive an award from a section within the DOD called the Employer Support for the Guard and Reserve (ESGR). The Above and Beyond Award is for the support that Crossmatch gives to our employees who are in the Guard and Reserve. We were very proud of this because nominations are made by Reservist employees. In our case it was a Reservist who wrote the application indicating the support that we had given him over the years, while he spent time on active duty and on his return. We had a small presentation this week and were honored to receive the recognition. Crossmatch is very proud of the work we do in support of the US government.
FB: You started to talk a little bit about some of the other markets more on the consumer and commercial side, what is next for Crossmatch? You had mentioned IoT; we’re always fascinated with robotics, automotive. Beyond the FinTech space, healthcare is big these days. What excites you, and what does the future hold for Crossmatch?
Crossmatch: In the near-term we are seeing a continued, significant uptick in the use of biometrics for very traditional applications such as time and attendance, management approvals, audit logs for pharmacy dispensing, and those kinds of things. We are seeing continued growth in all of those application areas whether it is a quick service restaurant, retailer, a pharmacy chain, another type of healthcare organization, or general corporate enterprises.
Our DigitalPersona authentication software is seeing deployment in regulated industries such as healthcare and financial services, with government contractors who must comply DFARS compliance regulations, and with enterprises in general trying to prevent password hacks by using our composite authentication approach.
In the government sector we are seeing an increased need for rapid, mobile ID for border control, refugee management and law enforcement applications.
Longer term we are monitoring what I will call the convergence of physical and logical access, or what is sometimes called “door-to-desktop.” This sweeps everything together from access to the campus, then the building, then your computer log on, use of the copy machine or if you want to move into the factory and turn on a machine. The ability to have one seamless authentication experience that uses biometrics combined with other factors is what we see happening. Right now, we have come at it from the logical authentication world, but we do see it moving into the physical authentication and IoT platforms as well.
FB: Thank you very much, Rich, for taking the time to fill us in on all the wonderful things that are going on at Crossmatch. It is always a pleasure to speak with someone with your wealth of experience in the market. We’ve been having these conversations for about 15 years. Thank you again for carving out some time for us today.
Crossmatch: Thank you, Peter. Always a pleasure.