Biometrics, Mobile Devices and the Future of Physical Access Control

Inadequate physical access control can be a significant contributing factor to data breaches, property theft and personnel safety, which is why enterprises make it a priority. What does the future look like for physical access control? It is likely to be dominated by mobile-based access credentials — biometric authentication, particularly contactless methods like facial recognition (combined with increasingly sophisticated liveness detection), and growth in cloud-based access control with mobile biometric credentials remaining on the mobile device. 

Specifically, over the next several years, we expect the following:  

Reduced need for biometric readers at the door: The increased availability of biometrics — driven by new cloud-based SaaS access control software (ACS) delivery models — is doing more than simply making biometric-based physical access control more widespread. It is enabling the next step: integration with mobile app platforms focused on physical access control. This advancement eliminates the need for dedicated biometric readers, which often involve complex installations and require ongoing maintenance.

These ACS mobile platforms also support multifactor authentication (MFA), combining biometric verification with an additional factor — such as a password — or even requiring two types of biometric authentication. The result is a more robust layer of security and protection.

Organizations have the option to no longer require biometric readers at entry points. By allowing users to access secure areas using smartphones or tablets that store digital access credentials, businesses can also phase out traditional access control cards—enhancing security, as these cards are easily lost or stolen. 

When biometric authentication is integrated into mobile app platforms, it reinforces the shift toward fully mobile-based access credentials. This approach enables physical access control systems that are both simpler and more affordable for businesses, while delivering unmatched convenience, security, and speed for users. 

New biometric modalities: Fingerprints remain the most widely accepted and commonly used biometric modality; however, they lack the advantage of being contactless. Facial recognition is gaining broader acceptance due to its hygienic, touch-free nature. Other emerging and less traditional modalities — such as gait (a form of behavioral biometrics), voice, ear structure, and even vein patterns in the hand — are also being explored. These options offer highly individualized identifiers, with vein patterns in particular standing out for their complexity and uniqueness. 

Requiring multiple biometric inputs in an MFA approach — such as any combination of facial recognition, fingerprints, voice or iris scans (known as multimodal biometrics) — paired with liveness detection (discussed below), represents one of the most secure methods of biometric authentication available today.

Liveness Detection and On-Device Matching Raise the Bar

Support for liveness detection: Liveness detection will become a more important feature of access control as bad actors look to bring facial recognition evasion techniques from the virtual world into the physical. 

It is often said that cyber threats eventually trickle into the physical world, and we are seeing that today. For example, a fraudster may pull down a picture or video of a person from social media and present that to an app’s authentication interface to gain access to another person’s accounts. This is known as a spoof or a “presentation attack” — a deliberate attempt to deceive a biometric authentication system by presenting fake or altered biometric data. 

To combat these threats, physical access control systems are now implementing liveness-detection software much in the same way that digital access control systems have. Liveness detection works in various ways, depending on the biometric modality (face, voice or fingerprints) being used, and these liveness-detection techniques are growing more sophisticated every day. 

When it comes to facial recognition, liveness detection may include “passive” forms that run in the background of a biometric authentication process and don’t require user input, such as a system that scans the user’s face for natural movements like blinking. “Active” forms of liveness detection, which involve user input, may instruct the user to blink, smile, or nod their head. Genuine users will respond with natural, involuntary movements that can be detected, whereas static images or videos cannot replicate these movements.  

On a more advanced level, liveness detection for faces may include a 3D liveness check to combat 2D spoofing attempts. 3D facial recognition can use depth perception to collect more information about facial expressions and subtle changes, making it harder for fraudsters to bypass security. When it comes to voice recognition, new algorithmic tools can identify synthesized voices within milliseconds by detecting specific spectral artifacts inaudible to the human ear. Usually, such artifacts are left by speech conversion and use of text-to-speech generators.

Finally, liveness detection for fingerprinting uses advanced techniques like texture analysis, which involves examining the fine details and textures of the subject’s skin or fingerprint. Genuine skin will exhibit unique features and perspiration patterns that are difficult to replicate with a photo or synthetic material.

Biometric Trust Grows, But Users Still Want Control 

Increase in verification performed on mobile devices: According to a recent survey, consumers are more comfortable with biometrics than at any time in our history. Over half of those polled indicated they use biometric authentication technology regularly, with nearly 50% stating they use biometric authentication “often” or “always” to access mobile apps. It’s no wonder that consumers are now expecting the same levels of superior convenience combined with security as they access physical spaces in their day-to-day lives. 

In spite of widespread acceptance of biometrics, concerns still linger, especially about data breaches and trust in technologies like the cloud. It should be noted, however, that the security and convenience of biometrics tend to outweigh most other trust concerns. In the aforementioned survey, 62% of consumers noted they have never refrained from using the technology as a result of trust issues. Still, some consumers report a tendency to feel more comfortable when biometric data authentication is processed on-device. 

Although in recent years significant advances like advanced encryption have been made to protect biometric data processing in the cloud, more is needed to secure matches between a device and a verified individual. To this end, over the next few years, we expect to see more organizations including biometric verification on mobile devices, leveraging the data security options available to them.