Cardholder authentication is the process of verifying that the user of the card is the owner or authorised user of that card. Not all applications require the cardholder to be verified. For example, the presentation of a transport smart card containing a valid ticket or concession is usually enough to allow travel on public transport. Where it is important to know who the user is (such as for financial or identity uses), cardholder verification is normally required.
The conventional method for cardholder authentication is for the recipient to compare the signature on the payment slip with the signature on the back of the card. With self-service terminals, the conventional method is for the customer to key in a 4-digit personal identification number (PIN). Customers often have difficulty in remembering too many pins (particularly if they are used infrequently) and are prone to writing them down, which lessens the security of the system. People with dyslexia can have problems in remembering the digits in the correct order.
Numerous biometric systems have been developed to improve the security of cardholder authentication; these include fingerprints, corneal patterns and facial recognition. For people with disabilities, it would be desirable for the customer to be able to choose to use an alternative method of customer verification; for instance, a customer with damaged fingers might want to use a pin instead of fingerprint recognition.
A biometric is a physical or behavioural feature or attribute that can be measured. It can be used as a means of proving that you are who you claim to be, or as a means of proving, without revealing your identity, that you have a certain right.
Biometrics commonly used to confirm identity include:
- Fingerprint recognition;
- Iris recognition;
- Face recognition;
- Hand geometry recognition;
- Vein recognition;
- Voice recognition; and
- Dynamic signature recognition.
A biometric system is essentially a pattern recognition system that operates by acquiring biometric data from an individual, extracting a feature set from the acquired data, and comparing this feature set against the template set in the database.
Some physiological and medical factors can affect the usability and efficiency of biometrics. For hearing impaired people, speech may be affected due to loss of hearing resulting in difficulty in using voice recognition systems; for visually impaired people, iris recognition is difficult for people who have received laser iridotomy (used to correct angle-closure caused by glaucoma).
Advantages of biometrics
The obvious advantage of biometric systems is that the user no longer has to remember pins and keep this number secret. People with a cognitive impairment will find most biometric systems much easier to use and provide a greater level of security.
People who have limited or no use at all of arms or hands will find using face and iris recognition systems an advantage as they will not have to swipe a card or type in a name or pin.
Issuance for authentication methods
Pins are normally issued by post separately from the card. Blind people have obvious problems in ascertaining their pin by this method; in practice, they have to ask a friend or neighbour to read it to them.
To register a biometric for public use (e.g. For a passport), the person will usually have to go to a centre where specialist staff take the biometric and check other relevant documentation. Ideally, these staff should have received some disability awareness training.The registration equipment may not be easy to use. For instance, an iris scan may require the user to look at a target; if the user has macular degeneration resulting in loss of central vision, they may not be able to see the target.
Biometric terminal environment
The environment of the biometric authentication terminal needs to meet the general accessibility for public access terminals. These may be fully supervised, partially supervised or unsupervised; this is likely to be significant for occasional users and for some people with disabilities.
In general, a consistent user interface will benefit all users and may be of particular importance for some people with disabilities. With unsupervised terminals, it would be beneficial for there to be a standardised set of icons, symbols and pictograms for the operation of the terminal.
It is essential that the authentication terminal is comfortable to use. For instance, enrolment of fingerprints will normally be done with the person sitting down. However, the authentication may be done with the person standing. It is important that the height and angle of the fingerprint reader is comfortable for both a tall person and someone in a wheelchair. If it is not viable to make the reader a variable height (or on a flexile lead), it might be helpful if it was able to tilt to allow a comfortable angle for the wrist. A wrist rest might be beneficial for a person with hand tremor.
Like all input devices on public terminals, it is important that the device gives both auditory and visual feedback of the current status (e.g. Still processing, accepted, rejected). It is also important that error messages are helpful and give guidance on what the person should do differently.
An ISO standard is under development that will highlight the needs of the disabled and suggest practical ways of addressing their needs.
The following are key accessibility considerations:
- An alternative to pin is provided for those users where it is not appropriate;
- The ability to change the pin is available;
- There is a process for issuing pins to blind customers;
- There is a choice of biometric verification and appropriate arrangements available for the registration process.
More detailed information is provided in the guideline on authentication.