Printer Friendly

BANKING SECURITY - Can biometrics finally beat the crooks?

Summary: Banking transactions, including cash withdrawals, are inevitably moving towards electronic systems worldwide and increasingly so in Africa. But with every advance made by the industry, there is a parallel sophistication in fraud and identity theft involving millions of dollars. In South Africa alone, some $8m was lost to fraud. Is there a foolproof system to beat the crooks? Mark Shermetaro* argues that biometrics is the answer.

As far as bank robberies go, the 2012 "Eurograbber attack" has been one of the most successful, especially if you consider that e1/436m was stolen from over 30,000 customers across 30 banks in four European countries with one online heist.

Eurograbber was a smart Trojan, a Zeus variant, a type of computer malware. It was sophisticated enough to specifically target the dual-factor authentication used in Europe, which relies on the texting of one-time passcodes to mobile devices.

Eurograbber first infects a user's desktop PC when the user inadvertently clicks in a malicious link. When the customer accesses their bank account, the Trojan wakes up and instructs the user to upgrade and complete it via their mobile phone. But this downloads Zeus and the mobile Trojan, and so every time they access their account thereafter, it initiates a transaction to transfer money to the attacker's account, a l l apparently correctly authenticated to the bank but unknown to the user. It proved hackers had an in-depth understanding of how online-banking systems work.

In 2013, cyber criminals made headlines in the US as they stole $45m from just over 2,900 ATMs in a matter of a few hours. In South Africa, fraud and identity theft continues to grow and the South African Banking Risk Information Centre (SABRIC) requires banks to take active measures to become "safe, secure and risk free".

In fact, back in 2003, several of South Africa's largest banks began to focus on measures to eliminate fraud and started to adopt identity systems that would utilise biometrics as a means to achieve security goals.

Biometric identif ication relies on ana ly s i ng a person's unique physiological characteristics or traits to verify their identity. It uses tools which scan fingerprints, palm prints and irises, utilise facial recognition, eye tracking, voice recognition and even monitor behaviour.

Using biomet r ic s to replace passwords is supposed to enhance security, but it can a lso push the boundaries of privacy.

Identity theft - where personal information such as ID numbers, credit card numbers and banking details are compromised - continues to be one of the leading contributors of successful frauds. According to SABRIC, R90m ($8.3m) was lost by consumers thanks to banking fraud in 2012 alone, and bank fraud increased in 2013.

Biometrics in the real world

Clearly, systems relying on Personal Identity Numbers (PINs), passwords or other means of user authentication are rapidly becoming both ineffective and obsolete. However, unlike other forms of strong authentication, biometrics is the only real way to determine the identity of whoever is using the system.

Having said that, the promise of biometrics was not fully realised in the field for many years due to the fact that conventional biometrics technologies rely on unobstructed and complete contact between the fingerprint and the sensor, a condition that is elusive in the real world - a world that can be wet, dry or dirty.

However, "multispectral imaging" is a sophisticated technology specifically developed to overcome the fingerprint-capture problems that conventional imaging systems have in less than ideal conditions. This more effective technology is based on the use of multiple spectrums of light and advanced polarisation techniques to extract unique finger print characteristics from both the surface and subsurface of the skin.

Subsurface capability is important because the fingerprint ridges seen on the surface of the finger have their foundation beneath the surface of the skin, in the capillary beds and other sub-dermal structures.

Unlike surface fingerprint characteristics, which can be obscured during imaging by moisture, dirt or wear, the " inner fingerprint" lies undisturbed and unaltered beneath the surface. When surface fingerprint i n formation is combined with subsurface fingerprint information and reassembled in an intelligent and integrated manner, the results are more consistent, more inclusive and more tamper resistant.

Biometrics at the ATM

Today, we see a growing number of bank s worldwide deploying multispectral imaging biometrics solutions as part of their next generation ATM rollouts. As the world attempts to put an end to ID theft and to reduce waste, fraud and abuse, the banking sector is making a real commitment to biometrics and intelligent identity management.

With the growing cost of identity theft, the industry is finally responding and investing in new, more effective ways to ensure that transactions and personal identities are secured.

High reliability is critical at the ATMs because their use is not typically supervised; there might not be a person on hand for customers to consult if a problem were to occur with a transaction.

However, because multispectral imaging technology provides good reads on the first try by viewing the surface and subsurface of fingerprints in any condition, fingerprint readers using the technology were chosen for the ATMs. As a result, security has been increased with a simple, easy, intuitive touch of a finger. In most parts of the world today, common biometric solutions use a card plus a biometric to ensure that the user is authorised and legitimate. Often the card is designed to include a biometric template and, therefore, matching can be done locally and user credentials are carried by the customer.

Biometrics in Africa

Biometrics is a critical component of the new Smart-ID Card programme being rolled out for all South Africans. Additionally, several of South Africa's top tier banks now deploy biometrics to provide authentication services both at the teller and within an integrated ATM solution, where fingerprint biometrics is not only used for authentication and spoof detection, but is also tamper resistant.

According to SABRIC, criminals could fix a skimming device over the card slot and film PIN numbers by using small spy cameras filmed during transactions.

In most cases, customers don't even realise that their details have been compromised. Although it is not known exactly how many cards were skimmed last year, SABRIC released figure, stating that South African banks seized 189 handheld and 36 ATMmounted skimming devices in 2012.

Safeguarding f inancial assets requires the highest level of security without sacrificing convenient access. With this in mind, banks have specific requirements such as reducing fraud and limiting duplicate records, which can be achieved by incorporating technology at the ATMS that performs consistently in all environments and in unattended settings. Biometrics can provide identity assurance, convenience and a compelling ROI.

It is the only technology that assures identity and knowing "who" to a high degree of certainty, and is unique in its ability to raise the bar on security without adding complexity for the end user. ua

*Mark Shermetaro is CEO of Lumidigm, a leading US-based company providing authentication solutions using multispectral imaging technology, innovative software and biometric fingerprint sensors.


Myth 1: "Privacy is at risk" - fingerprint images need not be stored, and cannot be recreated from binary templates.

Myth 2: "Big Brother is tracking us" - data collected does not need to be interoperable with other systems, and is used to verify an individual's identity, not to compare to a latent print.

Myth 3: "Stolen fingers can fake the system" - biometric devices have a 'liveness' detection and therefore should be deployed with anti-spoof software.

Myth 4: "Small/fine features cannot be verified" - thin ridge lines in the skin can be identified by using surface and subsurface data.

Myth 5: "The system will be used to identify individuals" - the fingerprinting system is used to authenticate with a high level of assurance that the person using the system is the same person that enrolled.

Myth 6: "Biometrics will never become mainstream" - in the finance and banking industry, ATM integration is used for financial inclusion, simplicity and security and is adopted for transaction-based authentication.

From 2003 several of South Africa's largest banks began to focus on measures to eliminate fraud and started to adopt identity systems that would utilise biometrics as a means to achieve security goals

Copyright IC Publications 2014 Provided by , an company
COPYRIGHT 2014 Al Bawaba (Middle East) Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2014 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:African Banker
Geographic Code:6SOUT
Date:Feb 17, 2014
Previous Article:How Islamic finance can bridge funding gaps.
Next Article:BANKING SECURITY - Outwitting the information robbers.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters