Connect with us

Technology

Using biometrics in industrial control systems

Using biometrics in industrial control systems

The State of Industrial Cybersecurity Report 2018, from the Kaspersky Lab, found that 54 per cent of respondents who had experienced a cyber-attack on their industrial control system (ICS) noticed damage to their products or services. Industrial control systems are critical to business success, so how can we protect them better? Here Emil Pricop, senior lecturer at the Automatic Control, Computers & Electronics Department of the Petroleum-Gas University of Ploiesti, Romania, and freelance scientist for Kolabtree, explains how biometrics can increase the physical security of industrial control systems.

 Control systems are critical components that run the air conditioning in our homes, the safety of our cars, and even industrial facilities — whether it’s a petrochemical plant, oil refinery, power plant or water and sewage treatment plant. In the last decade, the control systems became one of the preferred target for cybersecurity incidents. The attacks can be devastating for a business in more ways than just financially — they can completely disrupt processes, risk human safety, cause environmental harm, result in the leak of confidential information and ultimately lead to the shut-down of an entire facility.

Biometric security

There are a large number of cybersecurity measures that can be taken, ranging from access control lists, intrusion detection systems and next-generation firewalls (NGFW). All the mentioned measures are inefficient if the physical security of the industrial control systems is not properly assured.

Radio frequency identification (RFID) is one way of providing physical security for an ICS. Authorised personnel are given a card that enables access to the correct parts of a facility. However, cards can be stolen and used by someone else, and to prevent this, businesses are turning to biometric techniques.

DNA analysis is an extremely accurate biometric technique, but it is certainly not a practical one as it is invasive and time consuming. Voice recognition is less time consuming, but it still takes over three seconds to verify the user, which would be too slow if immediate action was needed. It can also be inaccurate — a person’s voice can change if they are ill, or a recording could be used to trick the system.

Fingerprint analysis is one of the oldest biometric methods and one that is affordable and well accepted. An alternative is palm vein template recognition, a non-invasive collection technique, where users can scan their palms for access.

Iris scanning is also growing in popularity — each person has a unique iris, which stays the same throughout their lifetime. However, iris scanning can be difficult. People’s eyes rarely stay still, and the shape of our eyes essentially forms a curved reflective surface that is partially obscured by our eyelids and eyelashes.

Facial recognition is likely to become the biometric method of choice for ICS security. It can be incorporated with existing surveillance systems and integrates well with artificial intelligence. To use it, businesses must have access to high levels of processing power, a large amount of storage space and good lighting conditions.

Two steps to safety

To improve accuracy, businesses can opt for a multi-factor biometric identification system, which uses more than one measurement. One problem with this is that in emergency situations when the user needs to issue a quick command, the system may be too slow.

A possible solution is storing the data in advance, so that only one rapid measurement is needed at the time of access can speed up the process. Businesses must consider how they store this data, so that it cannot be copied or stolen by a cyber-criminal — storing only part of the information is one way of addressing this. Researchers at the Seektron Company and Petroleum-Gas University of Ploiesti, Romania, have developed and patented a system that stores part of a user’s biometric data. It uses an RFID card that stores fingerprint templates and when the user requests access to a protected area, they scan their fingerprint to create a live template, which is compared with those stored securely on the card.

Ensuring the protection of data is of particular importance in biometric systems using templates. Not only could these be stolen and used to access other biometric systems, but attackers could also implant false templates to allow malicious actors entry. For this reason, it is a recommended practice for biometric systems to not transmit the information they collect across a network.

A protected and isolated authentication method is a significant improvement over the technologies used today. However, using limited data poses the challenge of templates being incorrectly matched with biometric inputs. A way of solving this problem is used in automatic eGates.

Increasingly, biometric security is becoming commonplace in many activities that require quick and accurate authentication. Automatic eGates globally almost tripled in numbers between 2013 and 2018, using fingerprint and facial templates to ensure that passport holders are who they claim to be. However, unlike the newly patented system, this authentication method occasionally requires encrypted biometric data to be exchanged across a secure network, which can be less secure than local verification.

Improving the technology through which biometric templates are stored and matched  reduces the need for transmitting biometric data across a network. By avoiding the cat and mouse game of encrypting and exchanging data as a whole, the use of biometric RFID cards could allow system developers to maintain high security standards while protecting user’s privacy.

Using the technology safely

Despite the use of safe networks, cyberattacks are still a possibility. According to Kaspersky Lab, over ten per cent of respondents had experienced a cyberattack and directly lost contracts or businesses opportunities because of it. There is a clear need for increased levels of security within ICSs and researchers are providing the tools to achieve them. The cybersecurity and physical security of the systems are strongly linked.

Biometric technology provides an effective, affordable and easy to implement way of improving the physical security of an ICS. For these approaches to be successful, we need to increase acceptance among employees. As people get used to using commercial devices, such as smartphones, with fingerprint or facial recognition, biometrics in industry is more likely to take off.

Technology

IDnow: Putting a new face on identity verification

IDnow: Putting a new face on identity verification 1

By Charlie Roberts, Head of Business Development UK&I at IDnow

Munich headquartered IDnow is an identity verification provider which uses AI-based technology to check all security features on ID documents. With its Identity Verification-as-a-Service (IVaaS) platform that combines humans and technology, IDnow has set out to make the connected world a safer place, by enabling the identity verification of more than seven billion potential customers from 193 different countries.

IDnow’s expert knowledge of German regulation, which is considered one of the most highly regulated markets globally, has become critical. Indeed, the firm is currently in talks with the UK government about creating “immunity passports” for people who have recovered from Covid-19 to determine how recently someone has been tested and whether they can return to work.

Since launching its solutions in the UK in November last year, IDnow has seen enormous demand from organisations for its AI-based products.  Compared to the same period in 2019, the firm has reported a 358% increase in order intakes as Covid-19 accelerates the need for digital processes

So why the increased demand? We caught up with Charlie Roberts, Head of Business Development UK&I at IDnow, to talk about the AI identity verification market and how AI can help financial services organisations detect and mitigate identity fraud.

So why has IDnow seen such increased demand for its identification products?

While technology is – on the whole – changing the way people do business for the better, it nevertheless carries with it a certain degree of risk to security.  In the current climate in particular, with an accelerated move towards buying and selling online, identity fraud is on the rise. In fact, our research estimates this type of fraud has doubled in the last year alone. And, while banking and financial services may be the lowest hanging fruit in terms of targets for attempted identity fraud, the threat is certainly not restricted to this sector.

The problem is the cost to the economy. In June this year, Action Fraud announced that over £6.2m has reportedly been lost in the UK due to coronavirus-related scams, making cyber fraud one of the biggest threats in our economy and the fastest growing crime.

So we have seen an enormous uptick in enquiries about AutoIdent and VideoIdent because of their combined human and machine approach. Any identity verification check that doesn’t look 100% accurate gets automatically passed through to a human for extra security, all on the same platform, in a matter of minutes.

What are the most common fraud methods?

Of all fraud methods, social engineering is the biggest issue for companies. It has become the most common fraud method in 2019, accounting for 73% of all attempted attacks. It lures unsuspecting users into providing or using their confidential data and is increasingly popular with fraudsters, being efficient and difficult to recognise.

Fraudsters trick innocent people into registering for a service using their own valid ID. The account they open is then overtaken by the fraudster and used to generate value by withdrawing money or making online transfers.

They mainly look for their victims on online portals where people search for jobs, buy and sell things, or connect with other people. In most of the cases, the fraudsters use fake job ads, app testing offers, cheap loan offers, or fake IT support to lure their victims. People are even contacted on channels like eBay Classifieds, job search engines and Facebook.

Fraudsters are also creating sophisticated architecture to boost the credibility of these cover stories which includes fake corporate email addresses and fake websites.

In addition, we are seeing more applicants being coached, either by messenger or video call, on what to say during the identity process. Specifically, they are instructed to say that they were not prompted to open the account by a third party but are doing so by choice.

How can we fight social engineering?

The first priority is to ensure people are aware of the problem, and then ensure people have the right technology in place to be able to track fraudulent activity and react quickly.

Crucially, it requires a mix of technical and personal mechanisms. Some methods include:

  • Device binding: To make sure that only the person who can use an app – and the account behind it – is the person who is entitled to do so, the device binding feature is highly effective. From the moment a customer signs up for a service, the specific app binds with their used device (a mobile phone for example) and, as soon as another device is used, the customer needs to verify themselves again.
  • Psychological questions: To detect social engineering, even if it is well disguised, trained staff can be used as an additional safety net both during detection, but also in addition to the standard, automated checks at the start of the verification process. They can ask a customer an additional set of questions once a risk of a social engineering attack has been detected. These questions are constantly updated as new attack patterns emerge.
  • Takedown service – with every attack, organisations can learn. This means constantly checking new methods and tricks to identify websites which fraudsters are using to lure in innocent people. And, by working with an identity verification provider that has good links to the most used web hosts, they are able to take hundreds of these websites offline.

Is social engineering the only type of identity fraud?

No! There is also false identity fraud. Our research indicates fake IDs are available on the dark web for as little as £40 and some of them are so realistic – including the use of holograms – they can often fool human passport agents. The most commonly faked documents are national ID cards, followed by passports in second place. Other documents include residence permits and driving licenses.

Charlie Roberts

Charlie Roberts

Similarity fraud is another method of identity fraud in use, although it’s not as common thanks to the development of easier and more efficient ways (like social engineering). This method involves the use of a genuine, stolen, government-issued ID that belongs to a person with similar facial features.

Can anything be done about this?

Biometric security is extremely effective at fighting this kind of fraud. It can check and detect holograms and other features like optical variable inks just by moving the ID in front of the camera. Machine learning algorithms can also be used for dynamic visual detection.

To fight similarity fraud, biometric checks and liveness checks used together are very effective – and they are much more precise and accurate than a human could ever be without the help of state-of-the-art security technology.

The biometric checks scan all the characteristics in the customer’s face and compares it to the picture on their ID card or passport. If the technology confirms all of the important features in both pictures, it hands over to the liveness check. This is a liveness detection program to verify the customer’s presence. It builds a 3D model of their face by taking different angled photos while the customer moves according to instructions.

The biometric check itself could be tricked with a photo but, in combination with the liveness check, it proves there is a real person in front of the camera.

This all sounds like a significant time investment for companies?

It does but, if you can find a solution that offers both a fully automated system AND a video identification solution on a single platform, then it becomes pretty friction-free and part of the workflow. In fact, customers can be checked in a matter of minutes. Organisations worldwide need to be taking this very seriously. With over 1.9 billion websites and counting, there is a huge potential for fraud, and it’s a serious problem that must be slowed down.

The threat of identity fraud is not going away and, as fraudsters become more and more sophisticated, so too must technology. With the right investment in advanced technology measures, organisations will be in a much stronger position to stop fraudsters in their tracks and protect their customers from the risk of identity fraud.

Continue Reading

Technology

NextGen Communications – the future of customer experience

NextGen Communications – the future of customer experience 2

By Andrew Beatty, Head of Global Next Generation Banking at FIS

As software development increasingly resembles push updates in services, how can financial institutions best take advantage of their investments? The answer is leveraging today’s technologies to empower institutions to elevate their customer experience with personalised and integrated communications.

Long a staple of the British market, digital banks are expanding worldwide. The pandemic played to the strengths of these organisations. With branches closed or restricted, the accessibility and flexibility of these banks were major assets.

To better understand just why digital banks succeed, we need to look at their operating models. Using Software as a Service (SaaS) and Platform as a Service (PaaS) operating models rather than more traditional and slower alternatives allows them to supercharge development.

These new technologies can elevate customer experience (CX), with a specific focus on customer communications – an area often neglected in favour of purely aesthetic upgrades to flashy-looking front-end systems.

Communicating effectively

Every minute of every day, institutions globally generate 18 million texts, 188 million emails, 511,000 tweets, 232 VoIP calls and use 4.4 million GB of internet data. This colossal amount makes it difficult to provide a consistent experience that meets ever-higher customer expectations across all communication interactions and devices. Banks need to be accessible and provide a seamless experience through any and all of the channels their customers prefer, be that Native App Push, email, SMS, print, social media, Call Centre or bots.

FIs typically lack an integrated experience. What’s needed is enabled by a consistent data schema and workflow foundation that elevates the communications experience. Customers may not know to specifically request these, but they will notice their absence. Fundamental to these capabilities are application programming interfaces (APIs) that enable banks to pick and choose best-of-breed technologies, allowing banks to focus on improving the CX and increasing Operational Efficiency and Governance.

Loyalty matters

Banks succeed on the backs of loyal customers. What inspires loyalty in customers is a banking relationship that includes both listening and speaking. Research shows that 63% of customers would consider switching banking providers if communications don’t meet their expectations. For customers who said that their banks did not proactively offer them personalised services, the customer satisfaction experience rate fell to 39%.

Research shows that more than 70% of CX leaders struggle to design projects that increase customer loyalty. Contrast this number with 75% of enterprises aiming to beat their competitors by offering the best digital consumer experience, and we can gain a sense of just how crucial communications are; a seamless CX is more important than ever to meet these goals.

These last few months have been a testing ground for banks old and new. Every email, every statement about actions taken during the pandemic is a chance to prove (or disprove) that a bank has a robust, customised communication solution. Integration across all interactions is critical.

Questions to ask

Here are six questions executives who want to improve CX at their banks need to ask when evaluating infrastructure improvements:

  1. How will capabilities evolve without requiring extensive development to support new data schemas, workflow, communication types and new channels?
  2. Will the new solution allow accelerated change management (business user-enabled) of all communications to meet internal and external demand, or will we be handcuffed to an internal or external software release for these updates?
  3. Will our middle/back office and call centre benefit from this solution by having the capability to send ad-hoc communications from a previously approved library?
  4. Will we have end-to-end tracking of all our as-delivered communications for all stakeholders (call centre, back office, etc.)?
  5. How is delivery remediation handled? (e., failed email delivery to SMS)
  6. Are all required delivery methods supported in one centralised platform?

Consider these questions before embarking on a major project. This should help ensure the selected solution results in improved Customer Experience, superior Operational Efficiency, and better Governance for your financial institution.

FIs must take advantage of emerging technologies and investment in core technologies by considering service options for all key elements of their CX. A robust data integration and workflow layer along with API integrations allow the different components of technology infrastructure to have seamless real-time integrations with third-party Customer Communication Management technologies. This can accelerate existing digital transformation initiatives and take full advantage of a modern core transformation investment – putting technology to work for FIs and their customers.

Continue Reading

Technology

The Derry Group launches new employee engagement and communications app

The Derry Group launches new employee engagement and communications app 3

The Derry Group, a one stop shop for the distribution, storage and order picking of chilled and frozen products has today announced the launch of its new employee engagement app, Thrive.App.

Their flagship company Derry Refrigerated Transport is a leading service provider for chilled and frozen distribution throughout Ireland, the UK and Europe. Derry Refrigerated Transport is the first haulage company in Ireland to sign up to the newest self-service, rapid deployment Thrive.App which brings together the key features needed for businesses to power up their internal communications for their frontline teams.

With hundreds of employees working across multiple locations in Ireland, communication, organisational engagement and information sharing is essential for the growing business.

In order to meet the additional challenges presented by the current global pandemic and the fact that the company works out of various locations throughout the country The Derry Group recognises the need to look at new ways in which all employees can more effectively communicate and share information with each other.

Commenting on the deployment of the new Thrive.App, Patrick Derry, Managing Director, said,

“We have worked hard to build and transform our business to what it is today, and our employees are key to our success. It is important to us that we give them everything they need to carry out their roles successfully as well as feeling supported and recognised for what they do. With the Thrive.App our employees can now easily access the information they need to support them in their role, they see important updates as they occur, and they know what is happening across all areas of the business.

The launch of Thrive.App will bring everyone closer together, which is particularly important during the current challenges of Covid19 and the fact that we have teams in various parts of the country.

The Thrive team have provided the best support and guidance in helping us to launch the employee app and we are confident they will continue to support us to make it a success across our organisation.”

James Scott, CEO, Co-Founder of Thrive, adds; We are delighted to help and welcome The Derry Group as a new client and look forward to working together to ensure their employee communications and engagement app is a success and loved by their teams within the Group structure whether based in Armagh, Dublin or Cork. 

Our goal is to help organisations in shifting their communications from traditional methods such as printed newsletters, notice boards and team briefings to instant, modern apps and we have loved helping The Derry Group do this. We look forward to seeing the direct positive impact the app will have on their employee communications and engagement.”

Continue Reading

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

The ultimate tech guide to remote working for the casual worker   4 The ultimate tech guide to remote working for the casual worker   5
Business4 hours ago

The ultimate tech guide to remote working for the casual worker  

By Paul Routledge D-Link Country Manager Like many others, you may have grabbed your laptop in the middle of March...

Safeguarding international logistics arrangements during the coronavirus crisis 6 Safeguarding international logistics arrangements during the coronavirus crisis 7
Business4 hours ago

Safeguarding international logistics arrangements during the coronavirus crisis

By Adam Ewart, CEO and Founder of Send My Bag It has certainly been a whirlwind couple of months. The coronavirus...

The Future of Finance Teams: Digitally Transformed 8 The Future of Finance Teams: Digitally Transformed 9
Top Stories4 hours ago

The Future of Finance Teams: Digitally Transformed

By Simon Bull, Sales Operations & Business Development Manager at Aqilla Finance teams haven’t always been at the forefront of...

High-yield bonds will help, not hinder, businesses’ recovery 10 High-yield bonds will help, not hinder, businesses’ recovery 11
Finance4 hours ago

High-yield bonds will help, not hinder, businesses’ recovery

By Jesse Chenard CEO of fintech MonetaGo, One of the best indicators of stock market growth is high-yield bonds. The junk...

A holistic view of organisational security 12 A holistic view of organisational security 13
Business4 hours ago

A holistic view of organisational security

By James Ward, Senior Cyber Consultant at MASS The finance sector is typically more developed than others when it comes...

IDnow: Putting a new face on identity verification 14 IDnow: Putting a new face on identity verification 15
Technology5 hours ago

IDnow: Putting a new face on identity verification

By Charlie Roberts, Head of Business Development UK&I at IDnow Munich headquartered IDnow is an identity verification provider which uses AI-based...

Finance leaders must act against increasing fraud 16 Finance leaders must act against increasing fraud 17
Finance5 hours ago

Finance leaders must act against increasing fraud

By David Thorley, Director of Customer Development, FISCAL Technologies The COVID-19 pandemic has resulted in a whole host of increased...

NextGen Communications – the future of customer experience 18 NextGen Communications – the future of customer experience 19
Technology5 hours ago

NextGen Communications – the future of customer experience

By Andrew Beatty, Head of Global Next Generation Banking at FIS As software development increasingly resembles push updates in services,...

The UK Property recovery has begun 20 The UK Property recovery has begun 21
Finance8 hours ago

The UK Property recovery has begun

By Jamie Johnson is the CEO of FJP Investment, The UK property sector will be integral to the country’s economic...

The Derry Group launches new employee engagement and communications app 22 The Derry Group launches new employee engagement and communications app 23
Technology13 hours ago

The Derry Group launches new employee engagement and communications app

The Derry Group, a one stop shop for the distribution, storage and order picking of chilled and frozen products has...