IBS Journal March 2018

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

46

OPINION

Is biometrics the new gold standard of security?

Companies are increasingly making use of biometrics to improve security and reduce fraud. But concerns remain around whether mobile biometrics really delivers

UK & Ireland country manager, Entersekt Frans Labuschagne

A

ccording to a recent report by Acuity Market Intelligence, the worldwide mobile biometrics market is expected to exceed $50.6 billion in revenue by 2022, growing from a base of $6.5

billion in 2016.

In biometric security, unique physical traits, such as a fingerprint, voice, iris, heart rate, or vein pattern are used to prove the identity of an individual. This generally amounts to less effort than using passwords. Hard to copy, biometric elements also cannot be “guessed”, making them more secure than passwords.

Given the ease of use of biometric-based security measures, they have the potential to provide financial service providers with an optimal solution in terms of customer experience.

But what are the risks?

As experiments such as the iPhone X facial recognition hack prove, biometric data can be imitated. When this happens, the consequences can be far-reaching: passwords can be reset, but you can’t reset your face, fingerprint or voice. The risk of biometric data being stolen is much greater when that data is stored in a server-based model. If such a server is hacked, numerous users are simultaneously affected.

To avoid the large-scale theft of biometric records, most mass-market biometric solutions therefore rely on device-based biometric models, which are designed never to share data beyond the user-held device (e.g. the smartphone). The biometric solution simply informs the remote service that a biometric record has been matched successfully on the device.

Unsurprisingly, hackers still manage to find ways around this, and use mobile malware to tell the remote service the same thing – without there having been a match at all. A stolen device can also provide hackers with opportunities to commit fraud (albeit in a very targeted attack) if they are able to replicate the user’s biometrics. Once biometric data is compromised, an individual may not be able to confidently use their own biometrics in the future.

Frans Labuschagne: when used correctly, biometrics can offer a high level of safeguarding, much higher than passwords

Biometrics as part of a sound security solution

In digital security, no strategy alone is enough to deter fraudsters. This is especially true in the financial sector, where regulations are increasingly mandating the implementation of multi-factor authentication (MFA), in which at least two of the three authentication factors (knowledge, possession and inherence) must be presented to identify a user or complete a transaction.

While customers seek convenience, the strategic objective for financial institutions is to decrease fraud without introducing friction into transactions. If banks can achieve both these objectives while also having MFA in place, they win doubly: on the one hand, their customers feel secure and in control; on the other, the banks can securely confirm their customers’ identities and intentions.

The easiest route to this advantageous position is to choose a security solution that relies on strong device ID, whereby each user’s mobile device can be uniquely identified with a digital certificate. Together with the user’s biometric data (the inherence factor), proof of the user’s identity is ensured during a login or transaction. In this way, biometrics can form part of a secure MFA approach.

www.ibsintelligence.com | © IBS Intelligence 2018

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48 | Page 49 | Page 50 | Page 51 | Page 52