|
|
|
||||
|
Return to Article List Return to Article Search Email this page to a friend |
One Finger at a Time: Best Practices for Biometric SecurityApril 2009 One Finger at a Time: Best Practices for Biometric Security Vance Bjorn, DigitalPersona Inc. Financial institutions in the United States lose about $48 billion a year in identity-related fraud, according to the Federal Trade Commission. Such statistics, coupled with today’s troubling economic climate, leave consumers questioning how to add greater security to their finances, as well as how to protect their identities. The banking industry plays an important role in lessening doubts by implementing efficient, cost-effective measures such as biometric security. This best practices approach to user authentication not only ensures continued, excellent customer service, but provides an additional level of security that keeps customer data confidential and access safely managed. Passwords: Still Sufficient for Your Needs? From encryption to multi-factor authentication, banks are forced to provide and utilize various security solutions to secure their customer and company-sensitive information. A common trait among all of these systems is a reliance on the use of passwords, PINs or tokens for identity verification. It may appear that passwords are sufficient in securing critical information and, when effective password management and rotation are practiced, they often are. However, how often are password management and rotation rules followed? The Computer Emergency Response Team reports that 80 percent of the security attacks it investigates are password-related. Why? Because we’re human, and humans are fallible and predictable. In addition, the NTA Monitor Password Survey estimates that the common consumer has approximately 21 accounts requiring passwords. This volume often leads to people using the same password across multiple accounts and not rotating them on a consistent basis, making them susceptible to compromise. Fingerprint Biometrics: An Answer to the Common Password Problem Previously thought of as a “James Bond” approach to security, fingerprint biometrics are not only broadly available to the average consumer, they are the easiest and most cost-effective method of biometrics. A variety of vendors offer fingerprint identity protection suites that ensure the people accessing customer or company information are, in fact, who they say they are. Passwords, PINs or tokens cannot provide this assurance, as they are easily shared, stolen or mishandled. A fingerprint, on the other hand, is uniquely identifiable. Other options for biometrics security include facial recognition, voice recognition or retinal scans. While many of these options are not yet widely available for consumer use, all provide corporations with significant improvements over traditional password-based authentication. Biometrics are currently being used at banks throughout the country. Some use the fingerprint systems at their brick-and-mortar locations, while others deliver fingerprint readers to their customers, allowing for safe online banking and decreasing the threat of compromised accounts. While biometrics and the security provided by implementing this measure into your overall information technology security strategy sounds like a good idea, how can you evaluate potential options and select a solution that meets your organization’s needs and return on investment (ROI) requirements? When selecting biometric security solutions for your organization, it is crucial that you take a hard look at not only the biometric solution, but also the solution vendor. Evaluation of the security vendor is crucial, as those considered should have a good track record within the banking industry, including a deep understanding of the industry’s needs. Additionally, considered vendors should have a solution base that allows them to quickly adapt to future security threats and utilize multiple forms of biometrics if necessary. Best practices are emerging that can help you narrow your choice of vendors. First, identify your organization’s “must haves” and targeted users of the biometric solution. Common questions for identifying them include: · Will employees and/or customers use these systems? · Does the solution’s platform integrate into the existing identity management infrastructure? · Is the solution easily modified should organizational needs change? · Does the solution have immediate cost savings associated with the deployment? · How big of a factor is cost? Impact on the Bottom Line: Biometrics as an ROI and Business Driver Finally, consider your organization’s requirements. For instance, it is estimated that 25 percent to 50 percent of help desk calls are for password resets due to forgotten or compromised passwords, with each reset call carrying a price tag of $20 to $38. However, this scenario changes if a fingerprint identity authentication solution is deployed. No reset is required, and costs are reduced to zero—a fingerprint simply can’t be forgotten. After all of these questions have been answered and products have been identified, follow up with a product trial period to ensure that the solutions match the defined needs. These steps will lead to implementation of the correct biometric solution for your organization, significantly improving system security and ROI. Identity theft security issues can negatively impact customer retention and acquisition, especially undesirable in these uncertain times. With minimal economic investment in the appropriate biometric solution, your organization can thwart these threats. Biometrics are not only a security tool, but an ROI driver, making them a solution that every organization can justify. As consumers re-evaluate their financial makeup and decide where to place their dollars, make sure your organization provides them with strong security features; customers will repay the favor with their loyalty. Hoosier Banker articles are published by the Indiana Bankers Association. With the exception of official announcements, the Indiana Bankers Association disclaims responsibility for opinions expressed and statements made in the articles published in Hoosier Banker and/or appearing on the |
|