The biometric iris recognition scans used at many security checkpoints may be less reliable than previously believed, researchers at the University of Notre Dame have found. In a paper that will be presented at next week's IEEE Computer Vision and Pattern Recognition Conference, a pair of scientists argue that patterns in irises change significantly as people age. The study used commercial iris-matching software to compare 20,000 images of 644 irises, using iris pictures that were taken anywhere from one month to three years apart.

When the researchers compared the photos that were taken one month apart, they found few instances of the system failing to match two irises from the same person. As the length of time between the photos increased, however, the rate of false mismatches increased: when iris photos taken three years apart were compared, the false non-match rate was 153 percent higher than for photos taken a month apart. In practical terms, this still means that only about 2.5 iris scans in 2 million will be incorrectly matched after three years. As time goes by, however, the effect will be compounded, co-author Kevin Bowyer says, potentially locking some people out of systems or letting other fool security checkpoints. This means that at the very least, images should be updated every few years, and future pattern recognition systems may need to account for changing irises as well as different lighting conditions and other factors.