Register to receive our Newsletter

                Consumers Worldwide Overwhelmingly Support Biometrics To Establish Identity
           
                 Also Favor Biometrics as Preferred Method to Combat Fraud and ID Theft
                                  

 BIO-key delivers the tools needed to integrate secure, convenient authentication NOW!
               
Recent studies highlight consumer concern and the significant increase in identity theft. These studies reveal that consumers prefer to replace less secure, less convenient methods of ID authentication with biometrics.
You can quickly & easily meet these consumers preferences!.

 BIO-key’s implementation team can guide you through the steps to implement this extremely cost effective, secure alternative to passwords, tokens and PINs.  Click Here to contact  your BIO-key account team or email us at  sales@bio-key.com


Consumer Preferences, Authentication Trends & Industry Studies
         
            Unisys Reports:  Two-Thirds of Consumers Prefer Credit Card Verification  by FINGERPRINT BIOMETRICS (10/10)            
            Unisys Predicts:  2010 Yields a Biometrics Boom While Organizations Go on the Offensive to Protect Data (10/09)
            Unisys Study: Americans will give biometrics to prevent ID theft (10/09)
            Unisys Study: Consumers Overwhelmingly Trust Biometrics to Protect Data, & Americans concerned about  ID theft (12/08)
            Survey Shows Strong Interest in SMS Privacy and Demand for Convenient Fingerprint Security in Cell Phones
            DHS Secretary Chertoff recommends fingerprint biometrics to protect theft of an individual’s identity.  
           Passwords Spells Biometric PC Boom  Sales of computers with built-in fingerprint readers are skyrocketing!
         How Wall Street Can Mitigate Financial Fraud Using Biometric Authentication
         Accenture Study: recommends biometric solutions, specifically, fingerprint readers to prevent ID theft.      
          Independent Study: Vast majority of U.S. consumers trust convenience & security of fingerprint ID               
         Unisys Study:   Consumers Overwhelmingly Support Biometrics for Identity Verification
            IBM Study:   Consumers Concern Over Identity Theft and Credit Card Fraud- cite biometrics to protect ID
            TSSI Systems Study:   UK Study Reveals Dramatic, Positive Shift in Public Perception of Value of Biometrics
            KnowledgeStorm Study: Sophisticated Password Schemes Are  "High Maintenance" and Not Effective           
         Consumer Strategy Report: Majority of bank customers concerned about security of PINs& Passwords 




Unisys Reports: Two-Thirds of Consumers Prefer Credit Card Verification by Fingerprint

Advances in surveillance systems and continued Trojan attacks also on the horizon

BLUE BELL, Pa. – October 14, 2010 – A recent online poll by Unisys Corporation (NYSE: UIS) reveals that consumers trust fingerprint biometrics over photo identification, PIN numbers or handwritten signatures to verify their identities when using a credit card or requesting personal information. The results indicate increasing consumer acceptance of biometric technologies to secure financial transactions and combat identity fraud.

Responding to the question, “Which do you believe is the safest method to prove your credit card is being used by you?” the online poll found that 63 percent of more than 300 respondents preferred fingerprints as the best method for identity verification and authentication as compared to photo identification (20 percent), PIN numbers (13 percent) and handwritten signatures (six percent).

“As we move to an increasingly digital era, traditional methods of identity verification will no longer be sufficient,” said Bryan Ichikawa, vice president of identity solutions, Unisys. “As our poll shows, biometric identification is a valid and preferred method of identity authentication which could prove valuable in a variety of fields even beyond banking such as in healthcare and transportation security."

These findings, that show a growing comfort level among respondents with biometric security, complement results of the April 2010 Unisys Security Index which revealed similar findings in most countries surveyed. For example, the Unisys Security Index found that 93 percent of Americans are willing to supply a biometric to increase physical safety at airports. Sixty-five percent of Americans responded they would cooperate with full electronic body scans at the airport and 55 percent would be willing to submit to identity checks using biometric data such as iris scans or fingerprints.

This online poll of 305 respondents was fielded between September 20 and October 4, 2010.

Click here for link to Unisys report

Return to Top


 Unisys Predicts 2010 Yields a Biometrics Boom While Organizations Go on the Offensive to Protect Data

Advances in surveillance systems and continued Trojan attacks also on the horizon

BLUE BELL, Pa., December 8, 2009 – Slashed budgets and reduced staffing numbers delayed many security initiatives in 2009, but the vulnerabilities didn’t retreat and will only intensify in 2010, Unisys security experts predict.

Looking ahead to 2010, Unisys predicts that government and commercial organizations will take a more proactive approach to security, implementing new measures to verify identity and protect confidential information. Financial institutions and defense agencies will lead the charge, with ports and other organizations quickly following.

“Given the potential harm that can result from new and more dangerous forms of attacks, both physical and virtual, organizations can no longer afford to wait until they are attacked to defend themselves,” said Sid Pearl, global director, Risk Intelligence Solutions Management, Unisys. “They will begin to more closely monitor behaviors and identities in an effort to predict and prevent attacks before they happen.”

Unisys believes the following seven security trends will emerge in 2010 as business and government agencies look to protect data and strengthen identification methods:

1. The consumerization challenge – Consumerization of IT will continue to blur the perimeters of the enterprise network. As a result, Unisys experts predict organizations’ focus will shift to data protection as opposed to traditional network security or infrastructure security. As more employees and consumers use smartphones and PDAs to conduct business transactions online, organizations will look for new ways to protect data beyond simple PINs and passwords. As consumer devices are increasingly targeted by malware and spyware, users will demand that security platforms and anti-fraud applications need to be strengthened and continually updated to ensure the protection of mobile online transactions.

2. A good offense –Trojan attacks will continue to plague financial institutions and government agencies. Therefore, these organizations will need to take an offensive stance to better guard their data against increasingly sophisticated and harmful threats. Unisys experts predict that banks and government agencies will adopt a more comprehensive, integrated view of their IT environments and will seek to better understand the human element behind illegal activities to help them pinpoint in advance when and where and how attacks are likely to happen.

3. Proactive ports – Port security officials will take a more predictive, proactive approach to preventing threats at key ports of entry. Rather than focusing on mere compliance with security standards, Unisys security experts predict that ports will actively begin assessing risks, simulating response efforts and creating more robust disaster recovery plans in the coming year. In addition, Unisys predicts an increase in U.S. land-based port cargo activity as Asian shipping lanes divert shipments from the congested sea ports of Los Angeles and Long Beach, Calif., to Canadian and Mexican ports. Pressure will increase to rapidly scan cargo shipments as they cross land borders into the U.S.

4. Cloudy forecast –Organizations will also begin to reverse the tendency of “protecting everything” and instead prioritize security controls based on whether the data in question presents low, moderate or high levels of risk. Consequently, more organizations will begin moving less sensitive public data into cloud computing environments to attain cost savings in 2010, and will then migrate more sensitive data to the cloud as new security models are developed to address multi-tier data protection.

5. Biometrics on the border – The coming year will see a tipping point in use of biometric identification tools such as iris, facial or fingerprint scans, to verify identity at the border and customs areas in airports. Unisys experts point out that many governments have invested in an electronic passport infrastructure, but not yet used it. Unisys expects increased rollout of electronic passports which contain a chip to store biometric data that can be matched to its owner to verify that the person carrying the passport is the owner of the passport. Unisys predicts that the rollout electronic passports will be led by countries in the Asia-Pacific region and Europe. The Unisys Security Index recently found a majority of people globally would accept biometric authentication to verify their identities.

6. Taking IT to the streets – Mobile biometric devices will allow governments to take more biometric-based critical services directly to their citizens, rather than requiring their citizens to come to the technology. Police forces in the U.S. and U.K. have already started using mobile fingerprint scanners to facilitate faster processing. In Australia, police officers can use the device to access the national fingerprint database from the field to scan the criminal database for a match. Such devices will also aid in the identification of individuals in a disaster situation.

7. Smart surveillance – Surveillance systems will be become more sophisticated and intelligent. Unisys experts say that real time event detection technology will soon be able to identify a security breach as it occurs and initiate an action instead of simply recording footage to be reviewed after the incident. Improved digital camera technology coupled with intelligent software enables surveillance footage to be combined with other available information, such as facial recognition data, to create alerts so that immediate appropriate action can be taken. Surveillance software will also soon be able to recognize recurring patterns, or individuals to detect when an unusual event is occurring in real-time.

About Unisys

Unisys is a worldwide information technology company. We provide a portfolio of IT services, software, and technology that solves critical problems for clients. We specialize in helping clients secure their operations, increase the efficiency and utilization of their data centers, enhance support to their end users and constituents, and modernize their enterprise applications. To provide these services and solutions, we bring together offerings and capabilities in outsourcing services, systems integration and consulting services, infrastructure services, maintenance services, and high-end server technology. With more than 26,000 employees, Unisys serves commercial organizations and government agencies throughout the world.

Unisys web link for this release at:  www.unisys.com


Return to Top


 Unisys Study: Americans will give biometrics to prevent ID theft

As reported in ThirdFactor
10/21/09

 Nearly two-thirds of U.S. citizens are concerned about identity theft and 58% of Americas would be willing to provide biometric data to protect that identity, according to the latest Unisys Security Index report.

Of that 58% of consumers, 93% would be willing to use fingerprint scans, while 79% are willing to use iris recognition.

“Interestingly, Americans are willing to provide biometric data for identity verification, but we are not seeing the widespread use of biometrics in daily transactions with governments, financial or retail institutions, ” said Mark Cohn, vice president of enterprise security, Unisys. “Adoption of interoperable identity management systems and an investment in shared infrastructure would hasten widespread use of biometrics, taking advantage of the technology that’s available today and the public’s growing acceptance of biometrics. ”. 

"Adults in the US are most likely to worry about fraudulent use of their credit and debit cards, national security and identity theft. Americans are least concerned about their personal safety'"

To view ThirdFactor Story, click the following link:
http://www.thirdfactor.com/2009/10/21/americans-will-give-biometrics-to-prevent-id-theft

To view  the 9/25/09 UNISYS Security Index: United States Results click on the following link:
http://www.unisyssecurityindex.com/resources/reports/US%20Security%20Index%20Oct%2009.pdf


Return to Top
 Unisys Study: Consumers Overwhelming Trust Biometrics to Protect Data, & Americans concerned about ID theft
Survey also shows Americans remain concerned about identity theft and credit and debit card fraud
Blue Bell. PA
12/9/08

A recent survey conducted by Unisys (NYSE: UIS) finds a majority of Americans are comfortable using common biometric technologies for authentication. More than 70 percent of respondents will trust banks and government agencies to ask them for biometric data for identity verification. Additionally, fingerprints nearly tied personal passwords as the primary preferred authentication method, 73 percent to 72 percent, respectively.

The biometrics survey was conducted alongside the latest installment of the Unisys Security Index, which found that a majority of Americans continue to have strong concerns about identity theft and fraud with their credit and debit cards. Sixty-two percent of Americans said they were extremely or very concerned about the safety of their personal information, and 60 percent expressed serious concern about credit and debit card fraud.

 

“Despite ongoing fears about identity theft and fraud, and a willingness by consumers to adopt biometric technology, many organizations have yet to embrace this technology as an effective way to protect data and identities,” said Mark Cohn, vice president of enterprise security at Unisys. “Risk management only gets more challenging with the current financial crisis. Sophisticated cybercriminals know how to take advantage of increasing consumer anxiety as well as perhaps weaker internal controls at banks as a result of layoffs and reorganizations. Adoption of advanced biometric technologies as a critical security measure is a possible solution, but it also must be augmented with best practices and stringent policies and procedures.”

 

The Unisys Security Index is a biannual study that gauges consumers’ views about key security issues. Each survey also includes supplemental research on a security niche topic such as the current data on biometric authentication methods.

 

Additional key findings of the most recent research include:

  • Older and higher income groups significantly favor fingerprint scans, with 76 percent of people aged 35-49 and 50-64, and 79 percent of people earning $50,000 or more approving this verification method.
  • Additional consumer preferences for authentication include photographs (69 percent), personal identification numbers (PINs) (69 percent), eye scans (61 percent), voice recognition (55 percent), and face scans (52 percent).
  • Americans are significantly less supportive of hand / blood vessel scans, with only 43 percent favoring this authentication method.
  • Men and women are willing to use biometrics to verify their identity at similar rates. However, women are less supportive of advanced methods such as eye scans (57 percent) and hand scans (39 percent) when compared with men, 66 percent and 47 percent, respectively.

“Biometric authentication technology provides institutions with greater efficiencies and improved authentication accuracy. Businesses and agencies that use these methods also experience increased customer confidence regarding privacy issues,” Cohn said. “Because U.S. consumer acceptance of biometric data for security verification is increasing, mirroring trends we see around the world, we expect to see these technologies more broadly deployed in the future, from airport security checkpoints to online banks.”

 

In addition to the U.S. biometric results, the Unisys Security Index global results also were released today. This study provides a worldwide perspective on how people perceive critical security issues and their opinions on biometric authentication.


The current biometrics data supports results of similar research that Unisys conducted in 2006 which also found that a majority of consumers worldwide support biometrics for identity authentication.

To view the full release, click the following link:
http://www.unisys.com/about__unisys/news_a_events/12098939.htm

Unisys has published a supporting document with details on Americans concern over Identity theft,  and as illustrated in the following excerpt from the report, Identity Theft is second only to Bankcard fraud (both of which can be easily prevented by implementing a BIO-key fingerprint biometric solution):

HOW DEMOGRAPHIC DIFFERENCES INFLUENCE SECURITY CONCERNS: AGE
For six of the security threats, different age groups display varying levels of concern (top-2-box measures). Americans aged 18-34 worry less than older adults about bankcard fraud and identity theft. They worry less than middle aged adults about viruses and the safety of online transactions. However, they are the most worried about meeting personal financial obligations.

To view the 12/6/08 Unisys Security Index Report, click the following link:
 http://www.unisyssecurityindex.com/resources/reports/US Security Index Oct 6-08.pdf


Additionally, Unisys published a White Paper on 12/1 with details supporting the press release above, the first result published in this white paper is as follows:
Issue: Which of the following would you be willing to use to verify your identity with banks, government agencies and other organizations to prevent fraudulent misuse of your personal information?
The majority of consumers are willing to allow banks, government agencies and other organizations to ask them for personal data in order to verify their identity – but this willingness does not extend to all verification methods. Typically, the majority are willing to provide familiar information (personal passwords, fingerprint scans and PINs), although this is less true in Asia. However, willingness drops below 50% for relatively novel scans of the voice and various physical characteristics.

To view the full white paper, click the following link:
http://www.unisyssecurityindex.com/resources/reports/Global Security Index - Dec08.pdf

 


Return to Top

Survey Shows Strong Interest in SMS Privacy and Demand for Convenient Fingerprint Security in Cell Phones
Melborne, Fla (BUSINESS WIRE)  
10./27/08

According to a consumer survey conducted this month, a vast majority of cell phone users (89%) use the device for short message service (SMS) text messaging and transmitting photos and files, and nearly half (49%) send more than 5 text messages a day. In spite of the privacy of these messages and files, only a small percentage (14%) use a password to protect the phone or its stored files and messages today. However, more than two-thirds (71%) would choose to protect the privacy of these messages and files through use of an embedded fingerprint sensor on the phone to authenticate the user via the simple swipe of a finger.

The independent survey of cell phone users (ages 18-25) was sponsored by fingerprint sensor supplier AuthenTec (NASDAQ:AUTH) and indicates that the vast majority (80%) would like to see widespread availability of fingerprint-enabled phones in the U.S. between now and next year, and nearly half (45%) would be willing to pay $10 or more for a phone if it was equipped with fingerprint security. Highlighting the desire and trust in fingerprint sensor security, more than two-thirds of respondents (69%) would feel more secure about conducting mobile financial transactions via their phone if it was equipped with a fingerprint sensor.

"The survey reveals the high volume of text messaging and file transmissions by a new generation of cell phone users, and yet a lack of security to protect these private and personal files," said AuthenTec Vice President of Wireless Products Art Stewart. "The vast majority of these cell phone users are eager to protect their privacy with a convenient solution such as a fingerprint sensor and an even greater percentage want to see wide availability of fingerprint-enabled phones in the U.S. by the end of 2009. This underscores the opportunity for handset manufacturers and carriers that can offer phones with this convenient and inexpensive security solution to an eager U.S. market."

Only a small percentage of respondents (7%) were aware that millions of cell phones already feature a fingerprint sensor for added privacy and security, principally in Japan and Asia where the phone is used like a mobile wallet for quick and secure financial transactions. AuthenTec has shipped greater than 9 million fingerprint sensors for use in these phones, which is more than any other fingerprint sensor supplier.

Concerns about personal privacy, increased computer and network security breaches and an alarming rise in identify theft have caused consumers and businesses to consider convenient and reliable fingerprint biometric security. Passwords are difficult to deal with in a mobile device, are no longer adequate for security since they have become too complicated and too costly to reset. Further fueling the growing use of AuthenTec fingerprint sensors are today's smaller, more powerful and web connected mobile devices which can easily be lost or stolen.

About the Survey

The survey, conducted in October 2008 by independent online service Zoomerang, sampled U.S. women and men between the ages of 18-25. AuthenTec sponsored the survey as part of its ongoing effort to track consumer, business and government market trends. Complete survey results are available at the Company's website, www.authentec.com

To view the full release, click the following link:
http://investing.businessweek.com/research

Return to Top

Concerned that the personal identities of millions of U.S. citizens are far from secure, DHS Secretary Michael Chertoff has recommended that the country essentially embrace three-factor authentication -- which he called "the three D’s: description, device, and digit" -- to make it harder for thieves to steal an individual’s identity.

Chertoff offered this suggestion during remarks he delivered on Aug. 13 at the University of Southern California, where he emphasized the importance of securing one’s identity.

"In the 21st Century, the most important asset that we have to protect as individuals, and as part of our nation, is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community," Chertoff declared.

To guard against identity theft, Chertoff said, Americans are accustomed to using two traditional approaches, either separately or in tandem: an official card or document (such as a passport or a driver’s license) or a specific piece of unique identifying information (such as an individual’s social security number). Unfortunately, he argued, both of these approaches are far from perfect.

Documents can be forged, false IDs can be acquired illegally, and "sometimes we allow people to identify themselves using documents that are even unofficial," he observed.

Specific identifying data, such as social security numbers, pose their own risks. True, a social security number, in and of itself, doesn’t reveal anything personal about its holder; it’s simply an identity authenticator. "Yet, if you think about it," Chertoff told his audience at USC’s National Center for Risk and Economic Analysis of Terrorism Events, "using a number or a word as an authenticator carries its own inherent vulnerability because as you give the number to people who are going to authenticate you, they now have the number."

Chertoff recommended that our society continue utilizing the tools of the 20th Century to "harden" these two forms of identity protection -- by making it more difficult to counterfeit an official card or document and by making it harder for thieves to gain access to unique social security numbers.

"We’ve put chips in passports. We’ve created pass cards. We’ve put bar codes in. We’ve embedded certain kinds of holograms, all of which are designed to make it more difficult for people to fabricate these cards," explained Chertoff. "And we’ve required higher standards through things like our Western Hemisphere Travel Initiative which governs what people need to show when they cross a land border or our Transportation Worker Identity Card or even the Real ID Initiative to strengthen the security of our driver’s licenses."

In addition, Chertoff said he supports the use of encryption to safeguard social security numbers and bank account PIN numbers, but recognized that encryption is only a partial solution.

"I want to remind you, every time you get on a telephone, and you give your credit card to somebody in a company as a way of validating your identity, you are trusting that the person on the end of the line is not going to misuse it," Chertoff warned.

Chertoff does not strike me as the type of person who easily trusts an anonymous voice at the end of a telephone line. That’s probably why he is advancing the notion of adding 21st Century tools to further strengthen our citizens’ personal identities.

That’s what brings Chertoff to his three D’s – description, device and digit.

Of course, the notion of three-factor authentication is not new and startling within the U.S. security community, but Chertoff probably thought the concept was worth explaining to a broader audience of Americans.

"Description means some piece of information or something known to you, and not to anybody else, that can separate you from the other person," he said. (Your mother’s maiden name or your favorite pet’s name are classic examples.)

A device could be a traditional credit card, but it could also be a cell phone that carries a token which serves as an identification tool. "Many of you actually use cell phones as identification devices now because you can get on the Internet with your BlackBerry," said Chertoff. "You’re using an identification device. So this is not some startling insight by me. It’s a recognition of where we’re headed."

A digit, namely a person’s fingerprint biometric, could serve as the third leg of the stool. "Your fingerprint is unique and the ability to use that as an identifier, as we do, for example, throughout the criminal justice system, gives us a third powerful tool that we can use in order to make sure that we can separate real people from impersonators," Chertoff added.

The DHS secretary said he can envision a time when individuals who want to get on an airplane, transact business with a bank or gain entry to a student dormitory will be asked to authenticate themselves using the three D’s -- a description, a device and a digit.

He’s probably right.

To view the article on Government Security News website, click the following link:
 http://www.gsnmagazine.com/cms/features/news-analysis/998.html

Return to Top
 

Password Fatigue Spells Biometric PC Boom
September 15,, 2008
Security Strategy
 

Sales of computers with built-in fingerprint readers are skyrocketing.

According to Comet, PCs and laptops with fingerprint scanners made up around seven per cent of all May-to-July computer sales - a jump of 91 per cent on the preceding three months.

According to Comet, the rise in sales of PCs with biometrics scanners comes as a result of Britons seeking better security while becoming increasingly fed up with remembering numerous passwords.

According to research by the retailer, 82 per cent of the 1,300 Comet customers surveyed had had enough of passwords and want a better way to log into their machines.

Meanwhile, password security remains lax, with 30 per cent of those surveyed saying they share their passwords with workmates, friends or family and 11 per cent claiming to enter the word 'password' to get access to their computer.

To view the article, click the following link:   http://software.silicon.com/security/0,39024655,39288051,00.htm

Return to Top
 
How Wall Street Can Mitigate Financial Fraud Using Biometric Authentication
 eWeek
 Oct 07, 2008

Risk control procedures are not enough to mitigate fraud on Wall Street. The current financial meltdown provides evidence that many banks and financial institutions have failed to change systems and people in order to mitigate fraud and to comply with regulations and standards. Biometric authentication is a reliable solution for preventing security breaches. Knowledge Center contributors Paul Foote and Reena Hora explain why the financial industry needs to supplement its internal controls compliance with biometric authentication.
Daily, trillions of dollars are transferred worldwide in funds and securities through financial systems. The magnitude of this exposes the financial institutions and their customers to a very high risk of deliberate and accidental fraud. Many government and industry regulations and standards such as the IFRS (International Financial Reporting Standards), Basel II, Basel III, PCI and Sarbanes-Oxley require compliance by these financial institutions to take steps to mitigate risks and protect them from fraud. These strict regulations were unable to prevent the big slide in the stock markets in September. Future solutions to the financial meltdown must include raising security standards in the financial industry, such as the use of biometric systems.

A brief look at regulations and standards
International Financial Reporting Standards (IFRS): These standards are becoming global standards for preparing companies’ financial documents. They are developed by the IASB (International Accounting Standards Board) and are adopted by more than 12,000 companies in more than 100 countries globally. (Reference 1)

ERP systems such as SAP ERP financials provide compliance solutions for IFRS. (Reference 2)
Basel II & III: These are issued by the Basel Committee on Banking Supervision, which is composed of representatives and senior authorities from the central banks of the G-10 countries. These accords are recommendations on banking laws and regulations. (Reference 3)

PCI DSS: This is a security standard developed to facilitate adoption of data security measures on a global basis and mitigate payment security risks. It includes requirements for security management, software design, network architecture, policies, procedures and other critical protective measures. (Reference 4)

Sarbanes-Oxley Act (SOX): The Sarbanes-Oxley Act became law in 2002 in response to major corporate and accounting scandals. Congress created SOX to increase transparency in financial accounting and to mitigate fraud. Originally, its focus was on issues surrounding accounting and finance. In 2005, its focus expanded to include human resources, supply chain management and information technology. (Reference 5)

Banks and financial institutions may have risk control procedures in place that comply with the above regulations, but they are still exposed to fraud. This vulnerability is due to dependence on passwords for security and negligence in carrying out the security procedures diligently. According to an April 2008 survey of 185 IT professionals (“IT Departments on Data Security: A Research Concepts Survey”), one out of four organizations surveyed had a data breach in the past year. Most of these companies viewed security as a high priority. Even so, according to this survey, only one in every 100 employees consistently follows security policy.

New ISO security standard published To increase security, biometrics is now being increasingly recognized as a method for authentication and a reliable identification method. The ISO (International Organization for Standardization) has published a new standard: the ISO 19092:2008 (Financial services – Biometrics -- Security framework).

“This standard establishes the security requirements for the implementation and management of state-of-the-art biometric identification technology within the financial industry.” This standard will make transactions more secure in the electronic era for the financial sector. (References 6 and 7)

According to a Unisys survey, 66 percent of worldwide consumers preferred that banks, credit card companies, health-care companies and government organizations use biometric identification over passwords, smart cards and security tokens. Most consumers surveyed found biometric solutions extremely convenient and secure, as they would not have to remember passwords and also not have to deal with password misuse. (Reference 8)

There are many ways to gain access to passwords, which include simple means such as casual conversations to using more sophisticated software. Data and systems security cannot be dependent on passwords. In certain work environments, such as banks or financial institutions, multiple users share a computer with their individual log-in credentials to do their jobs. If a user forgets to log out of the system, the next user could misuse this to create fraudulent transactions or trades using the previous user’s log-in. The ERP system would only have the record of the transaction being carried out by the first user under his log-in.

 Biometrics authentication: The reliable solution for security
SAP users can mitigate fraud by using bioLock (from realtime North America), the certified biometric solution using fingerprints. Even if log-in passwords were obtained, the fraudster would not be able to do anything with the passwords because the biometric authentication system would deny him access to perform transactions. Even if an ERP system uses multiple passwords for each user to control access to specific modules, that approach is no match for a biometric system able to control access even to the transaction, field or data level. The biometric approach is crucial for maintaining segregation of duties when employees gain new responsibilities.

Societe Generale Bank: A case study in what went wrong The fraud at Societe Generale Bank is a classic example of how compliance with IFRS and Basel II was not enough to prevent the fraud that could have been prevented (had they used SAP and a biometric system such as bioLock to protect them). Jerome Kerviel worked in the back office (and in the middle office) from 2000 to 2005, prior to becoming a trader. He had in-depth knowledge of their systems and procedures. (Reference 9 and 10)

The middle office monitored and managed the bank’s risk exposures. In 2002, Kerviel was promoted to assistant trader, managing risk analysis and hedging. In 2004, he was promoted to the elite Delta One desk as trader and market maker. His job was to make bets on small price differences between contracts. He needed to make the transactions in pairs by buying and selling similar assets and taking advantage of the minute differences which exist in markets.

Kerviel crossed his limits and made one-way bets by faking the other half of the bets. He also started making unauthorized bets on the market’s direction. Encouraged by the success of these bets, he continued betting on the direction of the market and making one-way bets and faking the other half. He was extremely successful doing this. For the year 2007, Kerviel generated a positive gain of 1.4 billion Euros. As he was not authorized to do these trades, he hid this from the bank by creating an offsetting fictitious operation. (Reference 11)

The winning streak ends
 In January 2008, for the first time, Kerviel experienced an extended losing streak. He started making larger and larger bets that the market would turn around. He started doubling down, which is a strategy where he started doubling his bet after every loss. By Jan. 16, 2008, he had bet about 50 billion Euros--which was more than the bank’s total market capitalization. At this point, Eurex started sending inquiries to Societe Generale’s compliance people regarding Jerome Kerviel’s trading patterns. (Reference 12)

Kerviel went to great lengths to make sure his fraudulent trades were undetected by the system. He used fake e-mail messages for justifying missing trades, borrowed colleagues’ log-in credentials by using their passwords to conduct trades in their name, forged documents (he created a fictitious Profit and Loss statement for 2007, reflecting the bogus hedges he had created for this period), and he manipulated the bank’s proprietary system Eliot by deleting transactions and re-entering them after reconciliation.

 Societe Generale Bank used Eliot, a proprietary system for trading. Kerviel knew how to manipulate the system. He knew the timing for the reconciliation every night for the day trades. Hence, accordingly, he would delete his trades and re-enter these unauthorized transactions in Eliot without being detected.
 The bank used Zantaz, a system for e-discovery and archiving software. The compliance team used RISQ/CMC, a trade-tracking dashboard which uses Accurate NXG (a reconciliation, exception management and workflow software package).

There were 75 warnings regarding Kerviel’s rogue trading. Yet the authorities failed to detect Kerviel’s rogue trading until it escalated to such a high level.
(Reference 13).  What should Societe Generale do in the future to prevent this? According to Diamond Management & Technology Consultants, this fraud was due to a deficiency in Societe Generale’s operational risk management. To avoid this situation, Societe Generale needs to have automated processes, an internal controls culture and strong IT access controls in place. (Reference 14)

Internal controls and risk management are key. Organizations must improve and strengthen their internal controls and risk management procedures. Banks and financial institutions need to build an internal controls culture which spans the business from top to bottom and also extends across businesses. They need to improve their controls for cancelled or modified transactions, their controls for transactions over certain limits and their procedures to act on alerts.

Banks can use an ERP solution such as SAP, which is a leader in the banking industry. Among the 30 largest banks of the world, 21 are SAP customers. The SAP for Banking portfolio includes compliance and risk management solutions. (Reference 15) SAP’s partner, realtime North America, provides a biometric system, bioLock. This requires biometric authentication for users of the SAP system. bioLock is currently the only certified biometric solution for SAP R/3. One of the co-authors of this article has interviewed at a central bank that is using bioLock, and has received positive feedback about its simplicity and effectiveness.

To prevent a recurrence of a fraud like this, financial institutions can improve security by adding biometric systems to their ERP systems, or by replacing their legacy systems with SAP and bioLock. Most biometric systems are used for access control. Realtime North America’s bioLock is the only biometric system which goes beyond access control and is even able to control a field, function or value within the ERP system--such as the amount of an outgoing wire transfer.

The technology offers control for changes to transactions within SAP R/3 and will prevent unauthorized changes. The special committee for investigating Societe Generale’s fraud recommended that, to prevent traders from using one another’s accounts, the bank should use a stronger biometric authentication system. A system like bioLock could have prevented Societe Generale’s Kerviel problem for the following five reasons:

1. When Jerome Kerviel was promoted from middle office to front office, bioLock could have been used to change his role and deny him access to the backend systems in SAP R/3.

2. An SAP system requiring biometric identification using bioLock would not have allowed Kerviel to use others’ log-in credentials to post his fraudulent trades in their name.

3. bioLock would have also restricted access to Kerviel from deleting records of his trade transactions from the system before reconciliation.

4. There would have been high accountability, as the system would have shown that Kerviel tried to use others’ passwords to enter his trades in their name.

5. As a result, a technology such as bioLock would deter fraudster’s from trying to commit fraud since they would be uniquely identified.

Thus, a biometric system such as bioLock can protect SAP R/3 by restricting access and controlling who can make changes to transactions within SAP R/3. If SAP interacts with a trading system, and only SAP users can link to the trade system from SAP, then bioLock can be used to control that only authorized users log on to the user profile that connects to the trading system. The connection to the trade system would be established and ask for biometric authentication again. The bioLock log file will give a log of who connected to the trading system, and also prevent unauthorized users from connecting.

Conclusion
 In today’s world, banks are required to comply with regulations and standards to protect the banks and financial institutions from fraud. To mitigate fraud, these banks and financial institutions need to supplement their internal controls compliance with biometric authentication. Biometrics will prevent data breaches of security. Fraudsters will not limit their fraudulent activities trying to perpetrate frauds using only an ERP system. Users of ERP systems must also secure e-mail systems and any trading systems interfacing with an ERP system. This would tighten security and improve accountability.

To view the article, click the following link:   http://www.eweek.com/c/a/IT-Management/How-Wall-Street-can-Mitigate-Financial-Fraud-using-Biometric-Authentication/

Return to Top
 

Stopping ID Theft With Biometrics
June 19, 2008
Wall Street and Technology
Accenture recommends the use of biometric solutions — specifically, fingerprint readers -- to prevent identity theft.

Consumers are pointing to themselves as the greatest threat to secure online financial services. A recent survey by global consulting firm Accenture reveals that 88 percent of respondents believe that personal irresponsibility is the top cause of identity theft. Further, nearly half of respondents admit to being careless with their online security by sharing or not properly disposing of personal information.

Accenture surveyed 800 U.S. and U.K. consumers who use broadband or high-speed Internet connections at home. One strategy that Accenture recommends to counter users' lax attitudes toward security is the adoption of biometric solutions. Specifically, the firm recommends fingerprint readers to ensure the security of online transactions.

With the use of solutions such as fingerprint readers, "The human problem is alleviated because, unlike passwords, a fingerprint biometric cannot be readily shared, lost or stolen," explains Rob Blau, VP of development for UPEK, a fingerprint sensor vendor. "The technology largely removes the human elements of credential management by shifting the burden to technology without sacrificing usability."

Vendors such as UPEK are battling barriers to biometric adoption, including a lack of consumer awareness of the benefits of biometrics and the cost to financial services companies to deploy and support fingerprint scanners. According to Blau, however, the attach rate of fingerprint scanners for notebook computers and mobile phones is increasing, and the cost of deploying the technology is expected to subside.

To view the article on the Wall Street & Technology website, click the following link:
 http://www.wallstreetandtech.com/data-security/showArticle.jhtml?articleID=208700637

Return to Top
 

Survey Shows Highly Favorable Consumer Perceptions for Fingerprint Sensors
Tuesday January 29, 8:00 am ET
Online Banking, PC Security and E-Commerce Rated Highest among Desired Fingerprint Sensor-Enabled Applications

MELBOURNE, Fla.--(BUSINESS WIRE)--According to a recent consumer survey, a vast majority of U.S. consumers trust in the convenience and security benefits of fingerprint authentication, especially as it relates to online banking, PC security and electronic commerce (e-commerce) applications. The survey indicates that a clear majority (77%) is ready to begin using fingerprint sensors as part of their part of their day-to-day activities, signaling the strong growth potential for broad consumer adoption

The independent survey of U.S. consumers, sponsored by leading fingerprint sensor and solutions provider AuthenTec (NASDAQ:AUTH ), shows two-thirds (66%) of consumers trust fingerprint biometrics as a means of authentication more than traditional PINs or passwords while 68% perceive the use of a fingerprint sensor to be more convenient.

Surprisingly, a similar majority (67%) claimed to have little or no knowledge of mainstream consumer electronic devices such as PCs and cell phones that feature a fingerprint sensor, despite their widespread availability. According to the survey results, 43 percent of respondents believe that less than one million fingerprint sensors are in use today. In fact, AuthenTec recently celebrated the shipment of its 25 millionth fingerprint sensor to the global marketplace in November, 2007.

“The survey reveals the chasm between strong end-user acceptance for fingerprint sensor-enabled devices and yet the low level of awareness of the widespread availability of products that feature our fingerprint sensors,” said AuthenTec Chairman & CEO Scott Moody. “This feedback is a reminder to the industry and consumer electronics manufacturers that there is a receptive buyer eager to enjoy the convenient security of fingerprint sensors.”

Correlation: Adoption and Online Comfort Level
According to the survey, the more often an individual conducts online banking and e-commerce, the more likely that person is to perceive the value of using fingerprint sensors and to consider more online activity. Two-thirds of survey respondents see the advantages of fingerprint sensors and their associated benefits for online banking and e-commerce, and would use the technology today to authorize payments and transactions online. As well, information security concerns among respondents also increased with more online activity.

Online Banking Rated as Most Desirable Application

  • When asked to rate their most desired application, online banking was the clear winner with information security second.

  • 75% of respondents said they use online banking services and 78% of those respondents said that, if available, they would use a fingerprint sensor to make online banking transactions more convenient and secure.

  • More than one third of those who do NOT use online banking would be more inclined to do so if a fingerprint sensor was part of the experience.

Consumers Think Creatively About Biometrics Applications
The broad consumer openness to using fingerprint-enabled devices revealed in the survey mirrors the enthusiasm and creative thinking on the part of hundreds of consumers who recently participated in the international Big Ideas contest sponsored by AuthenTec. 25 winning ideas, including the Grand Prize winning idea – a lockable diary that can only be opened by its owner – were selected by a panel of technology enthusiasts.

Because of the low cost and small size of AuthenTec’s sensors, many of the contest ideas for fingerprint sensor uses are already being implemented today – from fingerprint sensor-enabled PCs to uses in cell phones, GPS navigation devices, door locks and a host of other consumer and business applications.

AuthenTec’s fingerprint sensors are based on the Company’s patented TruePrint® technology which reads below the surface of the skin to the live layer where the true fingerprint resides. The sensors bring Power of Touch® features including security, convenience, personalization and navigation to over 17 million PCs and more than 8 million cell phones worldwide.

About the Survey
The survey, conducted in December, 2007 by independent online service Zoomerang, sampled U.S. men and women between the ages of 21-55. AuthenTec sponsored the survey as part of its ongoing effort to track consumer, business and government market security trends. Complete survey results are available at http://www.authentec.com/technology-market-surveys.html.

Return to Top
 

Consumers Worldwide Overwhelmingly Support Biometrics for Identity Verification, Says Unisys Study;
More Than Two-Thirds Also Favor Biometrics as Preferred Method to Combat Fraud and ID Theft  

 BLUE BELL, Pa, April 26, 2006--Nearly 70 percent of consumers worldwide support using biometrics technologies such as fingerprints or voice recognition administered by a trusted organization (e.g., a bank, healthcare provider or government organization) as a way to verify an individual's identity, according to new global research from Unisys Corporation  Click here for full story

In the first worldwide survey of its kind to study consumer security preferences, the Unisys research also found that 66 percent of consumers worldwide also favored biometrics as the ideal method to combat fraud and identity theft as compared to other methods such as smart cards and tokens. This finding shows a slight increase from separate research that Unisys conducted in September 2005, which found 61 percent of consumers worldwide favored biometrics as the preferred method to fight fraud and identity theft.

"This research is revealing since many headlines today seem to question biometric adoption because of legitimate privacy concerns," said Mark Cohn, vice president, homeland security solutions, Unisys Corporation. "System developers and owners must address those concerns so that these technologies can move toward the mainstream on a large scale with appropriate protection and sensitivity."

The Ponemon Institute, a leading independent firm that specializes in privacy and security research, conducted the survey on behalf of Unisys. Additional interesting findings on biometrics include:

* Convenience was the top reason for biometrics support with 82 percent citing the benefit of not having to remember separate passwords or other login data. More than three quarters of consumers cited improving the speed of the identity verification process as their primary reason for using biometrics.

* Consumers from North America support biometrics for identity verification more than any other region (71 percent), followed by Europe (69 percent) and Asia Pacific (68 percent). In contrast, Latin Americans were the least supportive (58 percent).

Return to Top
 

Fear of Identity Theft and Credit Card Fraud Worry Consumers
During the 2005 Holiday Season, According to IBM Survey    
 
SOMERS, NY--(MARKET WIRE)-Nov 16, 2005 - Shoppers are concerned that their personal information is at risk of being stolen when they hit the stores -- physically or virtually -- this holiday season, according to an IBM survey of consumers. As a result, these shoppers say they plan to shop differently, more conservatively and possibly even spend less. Of those American consumers who plan to shop for the holidays, almost two-thirds (61%) of respondents say they are concerned for the safety of their personal and/or credit and debit card information during the busy holiday shopping season. Nearly half (49%) of those concerned believe their personal information is in jeopardy, while another 46 percent worry about their credit card information being stolen. More than one third (39%) are concerned about having their debit card information stolen.
 
When asked what would help alleviate their fears, nearly half of all consumers (49%) said that biometric technology (a fingerprint ID system) would be helpful.  Click here for full story

Return to Top
 

Biometrics gains British approval; 3 in 4 people now say they would welcome its use...
October 17, 2006
M2 Presswire

The UK public is now overwhelmingly in favour of wider biometrics use. Seventy-six per cent are more in favour of biometrics than they were one year ago. The striking opinion change comes after a year in which the UK has thwarted an airline terrorist plot and 15 months after the London transport bombings of July 2005.

Personal safety was identified as the biggest driver for the change: three-quarters of people believed it was important for combating terrorism. However, there is widespread public confusion about what biometrics means in practice, with the majority of people confused about the terminology. In addition, concerns about civil liberties were highlighted by almost a third of respondents.

These are the key findings of the TSSI Biometrics in Britain Study 2006, undertaken by TSSI Systems, Britain's document and identity security specialists.

Danny Chapchal, CEO of TSSI Systems said: "I was astonished by the dramatic change in public opinion. Eight in ten people changing their opinion in the last year is a huge increase and can only be attributable to the terrorist attacks. These have no doubt forced acceptance of biometrics upon the nation, but a positive campaign of education is needed to allay fears about its use."

Safety concerns Personal safety was identified as the biggest driver for the change. Three-quarters of people believed it was essential or important for combating terrorism, with only 17 per cent viewing intelligence information as more important to fight terrorism than biometrics. 79 per cent of people were in favour or more accepting about the introduction of biometrics for any travel abroad.

A strong pattern of ambivalence was evident over usage of biometrics in everyday situations, such as in the rail, tube, retail and airline networks. People's primary concern was for the safety of the individual, so that usage of biometrics in airports received a resounding seal of approval. Eight out of ten (77 per cent) approved of its use, with only nine per cent actively against and the remaining respondents undecided. Almost half approved of usage of biometrics in Britain's underground tube networks. However, usage of biometrics in banking and retail was rejected by 59 and 63 per cent respectively.

Biometrics confusion The survey also highlighted public confusion about what biometrics means in practice. For example, when respondents were asked whether they knew that they may be subjected to biometric checks when travelling abroad, the majority (58 per cent) claimed ignorance. However, nearly the same number (63 per cent) claimed they were aware of the pending introduction of new international standards that will mandate the logging face and optionally, fingerprint data (ie, biometric data) on passports.

Civil liberties Concerns about civil liberty infringements remain a pressing issue in the minds of a significant proportion of the population. Nearly a third (28 per cent) rejected the creation of a Government biometric database - even if it led to better crime detection rates. While 54 per cent were convinced of its benefits, a further 18 per cent remained undecided and could join either camp with persuasion.

"Peace of mind is the biggest factor in the change. But the trade off between security and convenience is also an influence. The catastrophic delays and stringent measures after the thwarted terror attack on UK airlines in August 2006 appear to have pushed the British public towards applications of convenience. Would they rather stand in a security queue for hours at Heathrow, or be subjected to biometric checks and get through quickly to the shops? It seems people are now overwhelmingly opting for the latter," said Chapchal.

Methodology TSSI surveyed 1000 people between the ages of 18 and 60 at mainland stations in the UK in September and October 2006. The TSSI Biometrics in Britain study 2006 management report with full details of the findings, issues raised and recommendations can be requested from the following website: http://www.tssi.co.uk/biometrics.html .  

Return to Top

Global research firms Nucleus Research and KnowledgeStorm study released 10/17/06

 One in three people write down computer passwords, undermining their security, and companies should look to more advanced methods, including biometrics, to ensure their systems are safe, according to this study performed by global research firms Nucleus Research and KnowledgeStorm. The study went on to report that companies' attempts to tighten IT security by regularly changing passwords and making them more complex by adding numbers as well as letters had no impact on security. Staff still had a tendency to jot down passwords either on a piece of paper or in a text file on a PC or mobile device. 

"This is really a lot like mom and dad buying a great new security system for the house and junior leaving the combination under the door mat," David O'Connell, senior analyst at Nucleus Research, told Reuters. The study, which surveyed 325 U.S. employees, found that a single sign-on system is just as effective as more complex schemes and that user education on the importance of proper password protection did not deter employees from their lax habits.

"Passwords are high maintenance. People forget them, people lose them, they have to be reset. Resending passwords is time intensive and costly. It takes up time at a help desk," said O'Connell.  The report suggested companies look instead to biometrics, such as voice recognition devices or thumbprint scanners, .

"It's these higher order techniques that companies need to shift to in order to get away from passwords," said O'Connell

 Return to Top
 

Bank Customers Call For Tighter Security
July 8, 2008
Customer Strategy

More than half of bank customers (61%) concerned about the security of PIN, passwords and ‘secret data’ when used to confirm ID over the phone with a contact centre agent and four in ten (42%) of people using telephone banking believe their banks don’t take enough security measures to prevent fraud or identity theft.

These are the key findings of a new survey from Speechstorm and Genesys that investigated consumers’ attitudes towards current telephone banking security measures and voice biometrics. The survey’s results send a clear message to banks that they need to be more proactive in the use of technology, as over a third of respondents would be inclined to move to an alternative bank if it offered a more secure service such as voice biometrics as an identity verification measure.

The research was conducted by SpeechStorm and Genesys during May and June 2008 under the guidance of University of Ulster’s Head of Voice Authentication Research, Professor Michael McTear. During 30-minute face-to-face interviews, 41 per cent of respondents revealed that they believe their personal information is more secure when using an automated systems than speaking to a live agent (36 per cent) when handling PIN and passwords. Eighty six per cent of the candidates said they would be happier to use either voice biometrics (28 per cent) or a blend of both voice biometrics and PIN/Password (58 per cent) measures for telephone banking identification and verification.

Return to Top

 





 
 

Whitepapers
Industry Links
Biometrics 101
   - About Fingerprints
©2005 - BIO-key International, Inc.