Fidelity looks at biometrics to ID clients, employees

Biometrics, the use of information technology to verify the identity of a person using human body traits, such as fingerprints, voice, face and eyes, is still in its nascent stages, but it is emerging as an alternative for companies to authenticate employees and clients without using passwords.

One of the companies exploring biometrics is FMR Corp., better known as Fidelity Investments, the largest mutual fund company in the U.S. and one of the world's largest providers of financial services with customer assets of around US$1.4 trillion.

About three years ago, Fidelity's top management decided it was high time the company explored biometrics and how it could benefit from the use of these technologies.

Since then, Fidelity, based in Boston, has taken some decisive steps towards implementing biometrics tools and learned quite a bit about the challenges associated with this field, said Sheldon Watson, a senior systems analyst at Fidelity who chairs the company's biometrics steering committee.

For example, Fidelity has learned that privacy concerns are real and shared by clients, employees and government regulators. "Privacy is one of our main points," said Watson, speaking at the recent Winter 2003 Biometrics Summit here organized by Chicago's Advanced Learning Institute.

Consequently, legal, regulatory and social considerations have to be factored in when planning to roll out a biometrics project, something which calls for involvement of human resources specialists, lawyers, executives, clients and employees, he said.

To get users to buy into the technology, it's also very important to educate them about the system and inform them about the company's internal policies for storing, using and disposing of captured biometric information, he said.

"You need clarity around the purpose and use of the biometric system," he said.

Another important lesson is that even biometrics products that look great on paper can totally malfunction in a real-world setting, so that thorough testing is critical in this field where so many vendors make promises they later can't keep, he said.

For testing, Fidelity has sought help externally and also done product-validation work in-house.

Another challenge Fidelity has had to face is how to integrate its existing Unix and mainframe back-end systems with biometric tools that predominantly run on Windows.

Fidelity also has learned during its tests and pilot projects that biometric tools are far from infallible and often get tripped up by factors that are hard to control, a big consideration for a company like Fidelity that has over 30,000 employees in a wide variety of physical settings throughout the world.

For example, an employee at the company couldn't use a fingerprint reader successfully because his hands shake too much. A facial recognition tool simply couldn't see an employee who has very pale skin, and it malfunctions sometimes due to changes in lighting.

Moreover, companies must take into account that shifting identification systems to biometrics often implies an increase in costs, not just related to buying the equipment but also to operating it. Transferring a user's biometrics template over a network and storing it is much more costly than transmitting and storing that same user's personal ID number (PIN). Likewise, the maintenance and replacement of biometric devices can often be expensive.

Currently, Fidelity has several biometrics projects in pilot phases, and one very large project slated for deployment at some point during the second or third quarter of this year, Watson said in an interview after the presentation.