Kenneth Nosker, Fulcrum Biometrics: “using biometrics is no longer just a good idea, it is necessary”
The growing rates of insider threat and identity theft incidents show that solely relying on passwords and usernames is not enough.
As attacks get more sophisticated, more companies turn to biometric solutions as a way to make sure their employees are really who they say they are. And while the daily use of biometrics might sound just like something out of a science fiction movie to some, our guest today believes that this reality is just around the corner.
Today we are talking with Kenneth Nosker, the CEO of Fulcrum Biometrics – a company providing advanced biometric systems. Kenneth explains that the growing use of biometrics will make our lives not only easier but more secure.
How did Fulcrum Biometrics originate? What would you consider the biggest milestones throughout the decades?
Where we started is nowhere near where we are now. I started Fulcrum Biometrics as a consultant in 2002 as a one-man show. Before too long, I was being asked to sell my customers biometric scanners, which I would source from a manufacturer, load them in my trunk, and sometimes even personally deliver to my customers. Within a short amount of time, I had to involve my wife in the shipping and license fulfillment part of the business as I started to travel more and more. This ultimately blossomed into a full online business, selling biometric scanners along with software development tools and runtime licenses. Those parts of our business have never stopped developing, but we’ve long since morphed into a software development and solution sales company.
Talking about milestones, the big ones that come to mind are when we moved from California to set up shop in San Antonio in 2005, where we’ve been based ever since. In 2009, yes – that 2009, we opened an office in India. But the big milestones are when we developed our Fulcrum Biometrics Framework (2010), launched our Apple-approved FbF mobileOne scanners (2010), and had our FbF® LiveScan approved by the FBI (2012). We’ve been building our company on the backs of these accomplishments ever since. Getting acquired by Fujitsu in 2020, well, that really made it possible to catapult us into the next generation.
Can you tell us about what you do? What industries do you mostly work with?
I would say that we occupy a unique space in the industry, with our highly relevant biometric technologies and our team's deep experience, insights, and expertise. This combination of tech and skills empower us to address most, if not all, of our prospective clients' requirements and objectives. Our mission is to deliver a comprehensive array of biometric solutions, software, devices, and services to enterprise, government, and OEM partners.
At the core of our technology is our proprietary Fulcrum Biometrics Framework (FbF®). This framework is sophisticated and flexible enough to power several large-scale deployments of biometrics ranging from national-ID/border control and civilian-ID projects to other more custom projects in healthcare, banking and payments, NGOs, and more.
For clients who need off-the-shelf solutions for cyber-security/logical access control, physical access control, time & attendance, etc., our FbF Portfolio has several compelling options. And our live scan business offers several industry-specific solutions in law enforcement, applicant background checking, and FBI channeling.
In your opinion, what aspects of our daily lives could be greatly improved by biometric verification solutions?
You don’t have enough room in this article to list all the places I think biometrics verification could help humans navigate the world. (Ha!)
Practically speaking, we view the majority of the daily engagements between enterprise and governmental organizations with their customers, partners, constituents, and staff as ideally suited to benefitting from biometric solutions Biometrics is a key enabler for ensuring the strong authentication of individuals you want to grant access to your locations, applications, systems, and devices.
Literally ANY place where identity verification or identification can be automated can be helpful at the least or critical at most. So anything–from opening your phone to point-of-sale payments to onboarding banking customers to identifying past criminal activity–are places biometrics can help.
Fast biometric identification can make a slow, laborious process smoother (more “frictionless”). It can also make a mission-critical step safer.
We make it our business at Fulcrum Biometrics to enable trust and reduce friction anywhere identity verifications and identifications are a critical step in the process.
How do you think the pandemic affected your industry? Were there any new challenges?
For openers, I think we had the same challenges everyone had – how to move the majority of our operations out of an office environment, how to deal with supply chain slow-downs, and how to do business when your customers are going “on pause” or out of business by the droves. None of us will be the same.
On the biometrics front, we saw a couple of big shifts. One is a big shift toward “contactless” biometrics and “frictionless” interactions. All of a sudden facial recognition was a much more palatable idea than it had in previous generations. We have the advantage of having palm vein technology as part of core offerings, which is contactless, so we were able to stay in the game, maybe even increase market share.
The second thing we noticed was a massive shift in the “retail” background checking industry, where our live scan products are needed. Hundreds of businesses that had been content with outsourcing the fingerprinting part of their business, decided to bring it in-house. That part of our business tripled almost overnight.
Now that the pandemic is not “new news” we are starting to see some of the knee-jerk reactions against things like contact-based fingerprint scanning start to soften. We always believed that would be the case. People touch things others have touched all day long whenever they go out in public. It is simply unavoidable. With simple common practices like washing your hands (or sanitizing) after touching a shopping cart handle apply to touch-based biometrics. Just do it and you will be fine.
What best practices can companies adopt to minimize the risk of identity-related attacks?
Speaking from an enterprise perspective, there are lots of best practices that companies of any size should be employing. First, using enterprise-class firewalls, intrusion detection systems, server-side and endpoint protection software (anti-malware), etc. Many companies are now taking advantage of AI to enhance real-time systems protection and this will only continue to become more sophisticated. Most of these systems are best handled by either well-trained in-house IT or outsourced to trusted third-party providers. We don’t specialize in these common areas of IT which are well covered. We have sister Fujitsu companies that specialize in true Cyber Security that we can refer customers for this type of support.
One area that we do strongly promote in enterprise identity management/protection is our biometrics-based enterprise Single Sign-On and IAM solution, FbF bioLOGIN. Adding biometrics in place of (frequently written down and usually poorly managed) passwords significantly raises the level of difficulty for external AND internal bad actors to succeed in whatever bad behavior they want to execute, whether that is gaining access to company secrets, or one employee logging in as another to access areas that they do not have permission to access. It turns out that many of the largest IT breaches were either done by employees or facilitated by employees of the organizations that got hit. Using biometrics, and other strong authentication technologies beyond username/password is no longer just a good idea, it is necessary.
As for personal use, what actions can average individuals take to protect their identity online?
Individuals should employ personal protection systems on all their computing devices in similar ways that enterprises do only without all the server-side technology. There are many great options for consumers to subscribe to comprehensive PC or handheld device protection. In addition, the use of personal VPN subscriptions is highly advised. It is very easy to configure your personal pc or handheld device to always connect to a VPN (Virtual Private Network). Subscribing to identity monitoring services that provide some level of identity theft insurance is also a smart and affordable thing to do. Finally, use strong passwords and do not reuse passwords across different systems. Use a password vault system to help you keep organized if you need to. There are a few good systems out there.
Since biometric authentication is a relatively new technology, people still tend to have some misconceptions and myths regarding it. Which ones do you run into most often?
Well, automated biometric authentication is in its 5th decade now, so its existence isn’t the mystery it used to be. The misconceptions and myths that were regular tormentors are much less so now. We can thank our phones for that – first with fingerprint and now with facial recognition – the use of biometrics is completely ubiquitous now. Also, due to Covid, there’s a wider acceptance than ever of facial recognition and other contactless forms of biometrics.
It is still common for us to run into wild expectations of what automated biometric systems can do in the real world. This is largely due to the popularity of police detective shows and hundreds of movies where the capabilities of the police, various clandestine government agencies, or nefarious corporations greatly exaggerate what can be accomplished with biometrics. While the technology has come a long, long way in the past half-century there are still limitations to what the algorithms can achieve and limitations of hardware and storage.
We also frequently run into situations where people need to be educated about how biometrics data is stored, how templates and algorithms work, and the like. But in my judgment, these are not conversations that are unique to biometrics so much as they are concerns about storage of PII, generally. We frequently must explain the differences between biometric templates and biometric images to quell fears that storage of biometrics isn’t just one more bad thing that can be hacked, stolen, and used.
One of my favorite myths is that once someone has an image of your finger, face, iris, palm, etc. your identity is forever compromised. If that were true, biometric systems would all be defunct. Anyone who wants a picture of you, or a copy of your fingerprint only needs to follow you around for a short while and they will easily collect whatever they want. Advanced biometric systems cannot be easily defeated with photos, copies, or models of your (finger, face, iris, palm, etc.) All modern biometric systems include advanced PAD (presentation attack detection) systems that protect against these types of attacks. The industry is much more advanced than many people realize and there are constantly evolving standards to protect these systems against various types of malicious attacks.
Where can we expect to see biometric solutions be used more often in the near future?
Actually, we are already starting to see them popping up all over the place. For example, in airport lounges and terminal gates, biometric systems are starting to be widely accepted to speed up access and increase security while reducing the need for human operators. Credit unions have widely adopted biometric systems, but I think we will see more and more banking institutions accepting and adopting the technology in consumer-facing ways. We have not seen a lot of this in the USA yet but there are many countries where biometrics are embedded in almost all ATM systems. We will see a lot more biometric use in membership-based organizations like car rental companies, gyms, and even private clubs.
One area that we are specifically focusing on is the retail and payments spaces. Biometrics make a lot of sense when you think about personalized shopping experiences and secure and frictionless payments. We are working with several multinational organizations that believe the time has finally arrived for biometrics to help create better personalized experiences with a higher level of security and a significant reduction in fraud.
Would you like to share what’s next for Fulcrum Biometrics?
I can certainly tell you a few of the general things that you should expect from us as we push further into 2022 and beyond. First is continued growth and expansion into new geographical territories. Fulcrum currently has offices in the US, India, the UK, and South Africa. Look for us to expand into CALA (the Caribbean and Latin America) and deeper into Central and Eastern Europe as our customer base continues to grow in these areas. Being part of the global Fujitsu organization makes this a little bit easier for us as they already operate all over the globe and have already helped us tremendously in our expansion plans.
Second, you should expect to see us continue to expand our solution offerings. We will always be a hardware and software distributor and our consulting services are not going away. But we are increasingly focusing on “productizing” biometric technology into easy to acquire and deploy solutions. We will be a leader in Biometrics as a Service (BaaS) combining hardware and software into simple subscriptions lowering the barrier to entry for many companies.
Finally, I think you can expect us to see some very interesting partnership announcements in the next couple quarters. I have to leave that as a tease for now to protect ongoing initiatives.