Banking on Security – One Finger at a Time: Best Practices for Biometric Security Solution Selection

By Vance Bjorn co-founder and chief technology officer at DigitalPersona, Inc.

Financial institutions in the United States lose about $48 billion a year in identity-related fraud according to the Federal Trade Commission. Statistics such as this, coupled with today’s troubling economic climate, leave consumers questioning where they can add greater security to their finances as well as how they can keep their identities protected.  vance

The banking industry plays an important role in decreasing this emergence of doubt by implementing efficient and cost effective measures such as biometric security.  This best practices approach to user authentication not only ensures continued, excellent customer service, but provides an additional level of security that keeps customer data confidential and access safely managed.

Passwords – Still Sufficient For Your Needs?

From encryption to multi-factor authentication, banks are forced to provide and utilise various security solutions to secure their customer and company-sensitive information.  One thing all of these systems have in common is a reliance on the use of passwords, PINs or tokens for identity verification.

Now, you may think that passwords are sufficient in securing critical information, and in cases where effective password management and rotation are practiced, they often are.  However, how often are password management and rotation rules followed?  According to the Computer Emergency Response Team (CERT), 80 per cent of the security attacks they investigate are password related.  Why? Because we’re human and humans are fallible and predictable.  With the volume of accounts and applications bank employees access, this volume often leads to tellers using the same password across multiple applications and not rotating them on a consistent basis, making them susceptible to compromise.

Fingerprint Biometrics – An Answer to the Common Password Problem

Previously thought of as a “James Bond” approach to security, fingerprint biometrics are not only broadly available, they are the easiest and most cost effective method of biometrics.  A variety of vendors offer fingerprint authentication solutions that ensure the people accessing customer or company information are, in fact, who they say they are.  Passwords, PINs or tokens cannot provide this assurance as they are easily shared, stolen or mishandled.  A fingerprint, on the other hand, is something uniquely identifiable.  Other options for biometrics security include facial recognition, voice recognition or retinal scans.  While many of these options are not widely in use yet, all provide corporations with significant improvements over traditional password-based authentication.

Not only are biometrics a nice idea, but they are currently being used at banks throughout the world.  Some use the fingerprint systems at their brick and mortar locations to access company networks and applications, while others use fingerprint readers to authenticate wire transfers between financial institutions.
Although biometrics and the security provided by implementing this measure into your overall IT security strategy sounds great, how do you evaluate potential options and select a solution that meets your organisation’s needs and ROI requirements?  When selecting biometric security solutions for your organisation, it is crucial that you take a hard look at not only the biometric solution, but also the solution vendor.

Evaluation of the security vendor is extremely important as those considered should have a good track record within the banking industry, including a deep understanding of the industry’s needs.  Additionally, considered vendors should have a solution base that allows them to quickly adapt to future security threats, and utilise multiple forms of authentication credentials should they be required.

Best practices are emerging that can help you narrow down your choice of vendors.  It is important to first identify your organisation’s “must haves” and targeted users of the biometric solution.  Common questions for identifying these “must haves” include: Will employees and/or customers use these systems?  Does the solution’s platform integrate into the existing identity management infrastructure?  Is the solution easily modified should organisational needs change? Does the solution have immediate cost savings associated with the deployment?  How big of a factor is cost?

Impact on the Bottomline – Biometrics as an ROI and Business Driver

Finally, it is important to consider your organization’s return-on-investment (ROI) requirements.  For instance, it is estimated that 25 to 50 per cent of help desk calls are for password resets due to forgotten or compromised passwords, with each reset call carrying a price tag of $20 to $38.  However, this changes if a fingerprint authentication solution is deployed.  No reset is required and costs are reduced to zero — a fingerprint simply can’t be forgotten.

After all of these questions have been answered, and products have been identified, it is crucial that your organization follow-up with a product trial period to ensure that the solution matches the defined needs.  These steps will lead to implementation of the correct biometric solution for your organisation, significantly improving system security and ROI.

Identity theft security can have a significant impact on customer retention and acquisition, especially in these uncertain times.  Biometrics provide strong authentication and a fast ROI, making them a solution that every organisation can justify.  As consumers begin to re-evaluate their financial makeup, and decide on where to place their dollars, make sure your organization provides them with strong security features, and they will be sure to repay the favor with their loyalty.

_________________________________________________________

Vance Bjorn, Chief Technology Officer and Co-Founder
Vance Bjorn is responsible for guiding DigitalPersona partnerships, business development and technical strategy. Bjorn was awarded by the Department of Defense the prestigious National Defense Science and Engineering Graduate Fellowship (NDSEG) to pursue doctoral studies in Computer Science at MIT. Bjorn is also a recipient of the MIT Technology Review TR100, a national award for technology innovators under age 35. He holds a B.S. degree with honors in Engineering and Applied Science and an M.S. degree in Computation and Neural Systems from the California Institute of Technology.

About DigitalPersona
DigitalPersona, Inc. is a global provider of strong authentication and access management solutions that close the gap between people and security for enterprises, government agencies and commercial embedded-solution developers. DigitalPersona’s authentication and access management software is shipped by computer manufacturers on millions of notebooks and desktop computers per year; its cloud- and Active Directory-managed solutions multi-factor/strong authentication, single sign-on (SSO) password management and emergency access recovery simplify compliance and cut IT costs. The company’s fingerprint biometrics technology helps organisations prevent fraud and increase accountability; it is incorporated into multiple national voting systems, almost all brands of biometrically-enabled point-of-sale (POS) stations, as well as many commercial applications in the retail, healthcare, and financial industries. For more information contact DigitalPersona, Inc. at: +1 650.474.4000, or visit www.digitalpersona.com.

© 2012 DigitalPersona, Inc. All rights reserved. DigitalPersona® and U.are.U® are trademarks of DigitalPersona, Inc. registered in the United States and other countries. Microsoft and Active Directory are registered trademarks of Microsoft Corporation in the United States and/or other countries.Citrix and XenApps are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries.  All other trademarks are the property of their respective owners.This information should not be relied upon as legal advice.  DigitalPersona specifically disclaims all warranties of any kind, express or implied.  Users must take full responsibility for their application of any products or compliance with any legal requirements.

Most Read on Global Banking & Finance Review



More From Global Banking & Finance Review