In the future, seamless travel technology will enable people to transfer from their home to the destination without showing any ID or travel documents. New initiative aims to tackle the obstacles of trust by a co-operation within authorities and businesses.
Biometric authentication could provide a smoother travel experience
Digitalization of travel business is advancing quickly, but analyzing travel data in service silos is not enough to create a seamless customer experience. There are many different service processes in the passenger’s route from home to the airplane seat: transit to the airport, parking lot payment, baggage drop, check-in, security control, lounge area access, and boarding, to name a few.
One solution would be biometric authentication. For instance, facial recognition technologies already provide a way to identify the customer without any user interaction and deliver the services seamlessly in the blink of an eye.
Finnair and Finavia have been among the first ones to test the use of biometric authentication in air travel. According to IATA Global Passenger Survey study (2018), 45% of passengers are open to use biometric identification during their entire travel. This trend is preferred mostly by younger generation, between 15-44 years of age.
Biometric data portability can change the way of travel
Finnair and Finavia are exploring ways to clear away the obstacles from the passenger’s service flow. They already had identified, that to different service silos to act together, customer’s data must reliably and transparently be shared between the silos using a digital identity. That’s why they decided to partner up with the Sandbox of Trust, a digital identity pilot initiative, that aims to create a new digital identity linking and authentication solution called SisuID.
SisuID provides an app that allows all citizens who carry an authentic ID document to identify themselves in digital services. The app uses facial recognition and matches it to the document information. If the user wishes, the collected biometric data can be used for authentication. The usage is based on user consent – the user controls the information shared.
Conceptual, technical and legal findings
During spring 2019, Finnair and Finavia studied the possibilities of using SisuID as the enabler of next-generation passenger authentication. The group consisting of Sandbox of Trust, Finavia and Finnair representatives examined the concept and service design, tech and architecture, official’s requirements, privacy regulation and other possible legal barriers.
Key findings of the pilot were the following:
- 3rd party solutions, like SisuID, can be used to register and provide biometric data used in passenger authentication.
- Technically there are no technical or legal obstacles in implementing fully biometric authentication in the Schengen area air travel using a self-service registration of the biometric data, even remotely by a mobile app.
- Remaining legal questions concern the scanning a mass of passengers, from which not all have consented to biometric authentication.
- Clarification is also needed for the roles in handling the biometric data, for example who are the controllers and processors of the biometric data.
- In cross-Schengen area air travel, the biometric data collection and connection to the flight passenger must be done with an increased reliability level, for example by reading the biometric data stored on the passport.
- Removing all other physical authentication methods and all printed IDs, biometric authentication could significantly enhance the passenger experience.
- Providing a strong, easy-to-use, and cost-effective digital authentication like SisuID in the online channels, can improve the overall security within the travel ecosystem.
The pilot demonstrated the critical steps of the end-user flow through identification, biometric data collection, identity linking, and passenger authentication.
On a legal level, for domestic travel, and within the Schengen area, there seem to be no exceptional requirements considering the passenger authentication. In general, the implications of GDPR and local data privacy legislation are the same as for other industries. Scanning a flow of passengers needs special attention from the privacy perspective as well as the roles who actually control and processes the biometric data.
Travel outside of Schengen area requires more careful identification process, but still, a trusted external digital identification source could be used to apply biometric authentication instead of the passport.
One additional finding was that strong authentication mechanisms like SisuID can strengthen passenger authentication safety. Currently, travel domestically and within Schengen trusts on somebody holding the boarding pass. The boarding pass scheme itself operates on the same level of digital trust as any email-based service.
Work towards seamless travel experience continues
Pilot project gave excellent knowledge and insight on technical and privacy aspects of deploying biometrics and digital identity in travel journey. There are still some barriers to overcome before new technologies can be implemented. First are the privacy related open questions. How the roles in handling biometric data should be agreed between the airline, airport, border control and the other stakeholders in the travel ecosystem? These questions could be addressed and tested in practice in future pilots within the Schengen area travel ecosystem.
Also, legislation regarding facial recognition will need to be studied further. Seamless passenger journey is a vision that Finavia and Finnair will continue to investigate the opportunities of biometric authentication and digital identities.
The Sandbox of Trust and SisuID in brief
The Sandbox of Trust is a Finland-based digital identity initiative, led by cybersecurity company Nixu, Suomen Tilaajavastuu, Digital Living International, the Technology Industry of Finland, and funded by the pilot members together with The Finnish Innovation Fund Sitra.
The Sandbox of Trust initiative established an open community that creates an authentication and digital identity platform called SisuID. It provides normal and strong authentication to service providers in public and private sector at low-cost. For users, it is free of charge.
All the code generated by the community will be published as an open source code to produce a national identification solution. The findings of SisuID pilots help to advance the digitalization of the identification and knowledge of public and private sector users.
See also: https://sisuid.com/