printer friendly version

Biometrics is inevitable

The uptake of biometric identification in the financial world may take time, but it is sure to happen.

The uptake of biometric identification in the financial world may take time, but it is sure to happen.

There are many myths surrounding the Knights Templar and their sometimes legendary, sometimes suspect pursuits. The reason the Templars live on in history is that they became rich and powerful by offering what we call banking services to thirteenth-century customers, and the fact of their grisly demise in the early 1300s.

In those days, travelling between towns and countries was a dangerous affair as there were bandits around every corner ready to carry your valuables away. The Templars allowed travellers to deposit their ‘stuff’ at one monastery and collect the amount from another monastery after showing your proof of deposit – minus a small fee, of course.

Not much has changed. Today’s bandits are still around every corner and inside our financial houses, which still consider their fees small. And while there are many more outlets, from banks themselves, ATMs, credit and debit cards, and the Internet to choose from; the idea is that if you can offer some proof that you are a certain person you can help yourself to that individual’s money.

Things have changed in that criminals today have a broader range of tools and technologies to choose from when helping themselves to other people’s money. In fact, you can steal identities and raid bank accounts from the safety of your computer thousands of kilometres away. Unfortunately, many problems with identity theft and fraud happen in financial companies, perpetrated by the people who work there.

Of course banks try to curb internal crime by trying to ensure only the right people have access and authority to conduct specific transactions and access certain areas and information. Unfortunately, this is normally accomplished using identity cards and, for very secure processes, a combination of cards and PINs or passwords.

Marius Coetzee, COO of Ideco Biometric Security Solutions, is adamant that the use of cards and PINs is an inherently faulty process as they can be shared, copied and stolen. Few employees would consider it fraud to lend their card or access code to someone popping out for lunch. Not much damage in that? One local bank recently paid a R2,5 million price through passwords being shared.

“Using biometric identification is a non-repudiable process that links one identity to whatever business process the person associated with that identity is doing,” Coetzee explains. “You cannot lend your fingerprint, and it cannot be stolen and used without you noticing. So, when a biometric is used to authorise a transaction, that evidence will stand up in court; a lost card or forgotten password will not.

“We will see the use of biometrics increasing in the financial world over the next decade, eventually replacing insecure cards and PINs completely. This will not only happen for financial staff, but the physical and logical transactions of customers as well. Someone can easily steal your card and observe your PIN, but faking a fingerprint or iris is not that easy.”

To ensure security, there are processes surrounding biometrics that must be adhered to in order to ensure biometrics is 100% reliable. The products used must be proven to be reliable and secure, while being easy to use – you do not want people scanning their fingers four or five times before being recognised.

Additionally, the question of interoperability is also crucial. If a customer’s biometric works at one bank’s ATMs, for example, it must work at ATMs from all banks. This means that vested interests need to be put aside and the standards that already exist in the market must be accepted and implemented by all. There will still be brand and application flexibility, but within globally accepted standards.

Coetzee notes that globally accepted and proven standards are also crucial when it comes to privacy concerns in biometrics. All organisations will be happy to have a foolproof method of identifying people, but they need to ensure that their customers can be securely identified in multiple situations without exposing their private details. “This is not all that difficult; it simply means the financial institutions need to be careful in implementing their identification processes.”

The bottom line is that mindsets need to change if an effective identity chain is to be developed. This is not an access control solution that is expanded to include logical sign-on, but an holistic solution covering the enterprise and beyond. There may be resistance from many quarters that will lengthen the process, but to put a barrier between criminals and their targets biometrics is inevitable.

Share this article:

Further reading: