Proving your identity used to mean handing over a document. Soon, it may require nothing more than walking through a door.

Across airports, transport hubs, and critical infrastructure sites, AI-powered biometric systems are replacing manual checks with touchless, real-time verification. Behavioural analytics are enabling authorities to detect risk before it becomes an incident. And the economics of security — long treated as a necessary cost — are being reframed around measurable outcomes. Asia Pacific, driven by scale and an infrastructure build-out that has few historical precedents, is leading the charge. Gaurav Gupta, Senior Vice President and Global Head of Sales for Travel & Transport at IDEMIA Public Security, spoke more on various aspects of identity and access management.

Q1. How do you feel about the role identity and access management has come to play in organisational security?

Identity management has always been a cornerstone of security. With AI now in the picture, it has gained an entirely new dimension. Organisations are embracing AI-driven solutions that deliver a significantly better user experience whilst maintaining — and in many cases improving — security standards.

At IDEMIA, for instance, we are providing seamless, passwordless identity and access management solutions for airports and border control systems. AI is immensely shaping how travellers move through transportation hubs and how agencies manage the flow of people across airports and other transit points. Whether it is data, imagery, or video, AI is processing information to ensure a seamless experience with equal or better security than before.

Q2. Does expenditure on identity and security sit within the operations budget or the IT budget?

There is no single right answer to that. Identity is very much an operations issue driven by IT, so it is a combination of both functions working together. Operations demand it because that is how businesses and transportation hubs are run. At the same time, IT drives the requirements and the need for it.

I would say it is a convergence of four key drivers: information security, physical security, innovation, and operations. These functions are coming together to drive the need for AI-powered automation from an identity perspective across their respective domains.

Q3. Beyond airports and checkpoints, where else is the need for identity and access management becoming prominent?

Everywhere. Wherever you need to validate someone’s identity — a stadium, a critical infrastructure facility, a data centre — the need exists. In a world that is as geopolitically unsettled as it is today, identity validation is more important than ever before.

Gone are the days when a document alone was sufficient. You now need to bind that document to some form of biometrics to truly prove who you are. The use cases span from schools verifying students at entry, to hospitals managing healthcare records, to prisons, to critical infrastructure — the list goes on.

If you look at the evolution of identity itself, we have gone from a person’s name to a thumbprint, to an ID number, to retinal scans, to facial recognition. What comes next is a fascinating question. I would classify biometrics into two broad categories: hard physiological biometrics — fingerprints, iris scans, facial recognition — and soft biometrics, which capture behavioural traits such as how you walk, what you are wearing, and your body movements.

When you combine hard and soft biometrics, you get a complete picture. In video surveillance, for example, facial biometrics help identify a person of interest, but soft biometrics — gait, demeanour, clothing — complete the loop.

On the physiological side, the technology itself is also evolving rapidly. What once required physical contact — pressing a thumb on a scanner or positioning your eyes against a binocular-style device — is now entirely touchless. You can wave at a fingerprint scanner or walk through an iris camera and have your biometrics captured in motion. The speed and quality of capture have improved dramatically, making the whole experience far more user-friendly and ergonomically efficient.

Q4. Earlier, surveillance was purely about monitoring. Then it evolved into retail analytics — footfall, dwell time, eye-tracking. Do CIOs and IT budget owners still view such investments as a cost, or are they now thinking about ROI?

It is very much an ROI conversation today. Every time we present our technology or services to a potential client, it is less of a technology discussion and more of a return on investment or total cost of ownership discussion.

ROI here can be both tangible and intangible. Tangible ROI might mean processing more passengers with the same infrastructure capacity, or reducing processing time per traveller. Intangible ROI is about experience — the kind of seamless, pleasant experience that makes a traveller choose to fly through Changi Airport again and again. You cannot always put a number on that, but it has measurable downstream effects: a satisfied traveller is more likely to spend at the food outlets or duty-free stores. So it is a blend of both, and ROI is a central part of every conversation we have. We are not selling technology — we are selling outcomes.

Q5. How is the Asia Pacific region performing in terms of spending on these technologies compared to the West?

Within travel and transport — which is IDEMIA’s focus — Asia Pacific is leading the race, and a significant part of the reason is sheer volume. The population, the number of airports, the number of flights, and the scale of infrastructure investment in this region far exceed those of any other continent. Europe is also a significant player given its status as a major tourism destination, but Asia Pacific is where the most innovation is happening.

Part of the reason for this is that the Asia Pacific is starting from a relatively lower base. Airports in Europe — Heathrow, Charles de Gaulle — are decades-old, established facilities. Their infrastructure is mature, and that maturity sometimes makes it harder to introduce sweeping changes. In the Asia Pacific, infrastructure is being built fresh in many cases, which creates an openness and appetite for newer technology that is genuinely exciting to be part of.

Q6. Can identity solutions go beyond identification — for instance, by detecting the early signs of a stampede or dangerous crowd behaviour?

Absolutely, and this is precisely where AI comes in. This ties back to soft biometrics. Hard biometrics identify who you are; soft biometrics analyse how you are behaving. Before a stampede occurs, or before a dangerous situation develops — even something like a person in distress in a confined environment — there are behavioural signals that precede the event.

If you can capture and interpret those behavioural signals through video and imaging technology in real time, you can intervene before the situation escalates. This is what I would call behaviour analytics, and it plays a critical role in crowd management and public safety. AI-driven workflows are going to be central to solving these challenges, and it is one of the most exciting frontiers in what we do.