What are the differences between false rejection and false acceptance rates in biometrics systems?
Biometrics systems are crucial elements of access controls. Entities should be property identified and authenticated before gaining access to information systems and to physical facilities for that matter. Biometrics are used in ‘Something you are’ based category of authentication. Biometrics systems are highly crucial elements of multifactor authentication mechanisms.
While applying these biometrics based authentication techniques, there are two characteristics that demand close investigation. These characteristics are commonly known as false rejection rate (FRR) and false acceptance rate (FAR). They are sometimes referred to as Type 1 and Type 2 errors respectively.
- False rejection rate (Type I error): a false rejection error occurs when an authentication systems refuses to authenticate a valid entity.
- False acceptable rate (Type II error): a false acceptance error, on the other hand, occurs when an authentication system wrongly authenticates an entity.
Biometrics devices support threshold adjustments based on the sensitivity of an asset. When we try to protect very sensitive asset, we increase the threshold value to be high and this causes many FRRs.
In terms of damage to information systems, FARs are much more dangerous than FRRs. Because in FAR, authentication systems may allow someone to access resources mistakenly and this entity may bring many threats to an asset. Whereas FRR will be more or less be a burden on the valid users. This authentication overhead is much better than authenticating someone who is invalid user.
Furthermore, the cross-section of FRRs and FARs is known as CER (crossover error rate). Biometric devices with lower CER values are more accurate and precise than devices with higher CERs.