Iris recognition systems encode the entire eye structure, following an open standard. And because the process doesn't focus on detailed feature points, a gray-scale 640-x-480-pixel image is sufficient. That's one reason why the recognition algorithms can speedily process data and respond quickly. "The old VGA format turns out to be all you need. High resolution is not needed, and in fact would slow things down," says Grother.
Sophisticated, high-end cameras capable of capturing images at distances of two meters can cost $30,000 or more, but other models suitable for business use that operate at close range may run as little as a few hundred dollars.
EyeLock, a developer of iris recognition systems in San Juan, Puerto Rico, is designing a consumer-grade system that can be added to tablets and mobile phones at a low enough cost that it shouldn't require an increase in the price of the product, according to chief marketing officer Tony Antolino. EyeLock is a member of the Fast Identity Online Alliance, an industry consortium developing open interoperability standards for iris recognition and other biometric authentication methods for use with online services.
Can iris recognition systems be fooled? While iris recognition has generally been considered extremely secure, academic researchers have come up with scenarios under which the systems could be hacked. But Grother doubts that those scenarios would work in the real world (see "Hacking the Iris").
Banking by eye
For Kamal Al-Bakri, who as general manager at Cairo Amman Bank oversaw the installation of an iris recognition system at 80 branches and 100 ATM locations in Jordan, fraud has not been an issue. "We've done more than a million transactions since 2009 with zero fraudulent transactions," he says. The bank recently upgraded to more-accurate dual-eye readers from IrisGuard in Buckinghamshire, England, "to sustain our position as a leader" as competing banks start to use similar technology, he adds.
In Amman, people must present a government ID when banking -- a driver's license isn't sufficient -- but not everyone remembers to bring their IDs when they make a trip to the bank. So Cairo Amman Bank gave its customers the option of registering with its iris recognition system and using it at both the teller window and at ATMs. Customers initially had concerns, such as whether the system would somehow affect their eyes, so the bank put out a flyer with answers to common questions. Today half of its customers use the technology.
The system isn't just more secure, Al-Bakri says, it's more efficient. With iris recognition, the average time per transaction at the teller window is one minute versus four minutes using traditional authentication methods. As more customers opted for iris recognition, the bank found that it could reduce branch staffing levels from four tellers to two.
The latest cameras are smaller and less expensive than the models the bank deployed with its first system a few years ago, Al-Bakri says, but they're still not cheap -- and neither was the integration project required to get the cameras, ATMs and core banking systems to work together. Al-Bakri declined to discuss costs for competitive reasons. But IrisGuard senior vice president and COO Joe O'Carroll did say that the cost of a fully integrated vertical market deployment varies depending on the systems that must be connected. The average cost ranges from $3 to $6 per bank customer, he says.
"But the cost is irrelevant when compared to the risk you're facing when you use a card and password," Al-Bakri says. "Look at what you're gaining from the system, not just what you're paying for it."