TrendBiometrics replaces traditional means of identification
Access cards, PINs, and passwords, designed to protect end-users, are not only ineffective against modern day threats, but often end up being used to perpetrate crime; card-based systems will only control the access of authorized pieces of plastic, but not who is in possession of the card; one of the benefits of a biometric technology is that only authorized people — not merely their credentials — are granted access to, for example, a building, a specific part of a building or even a computer or an account
As standard forms of security struggle to keep up with market developments, the use of biometric technology is expected to increase over the next decade, says Vhonani Mufamadi, CEO of Bryanston, South Africa-based Ideco Group.
Mufamadi says devices such as access cards, PINs, and passwords, designed to protect end-users, are not only ineffective against modern day threats, but often end up being used to perpetrate crime. “The use of PINs and passwords require an individual to enter a specific code to gain access, but who actually entered the code cannot be determined as PINs and passwords can also be shared, forgotten or stolen. Card-based systems will only control the access of authorized pieces of plastic, but not who is in possession of the card. It is for this reason that they are easily used by criminals to commit insider fraud,” notes Mufamadi.
Admire Moyo writes in ITWeb that Mufamadi argues that one of the benefits of a biometric technology is that only authorized people — not merely their credentials — are granted access to, for example, a building, a specific part of a building or even a computer or an account.
Mufamadi says with the increase in occupational fraud, especially perpetrated by insiders, there is a growing demand for more effective security, fuelling increased in investment in biometric applications, such as fingerprint sign-on.
He believes fingerprint sign-on is widely regarded as the next level in the protection of consumers. “The term fingerprint sign-on describes a biometric-based system that requires the user to authenticate him or herself by way of fingerprint identification. The system comprises a fingerprint reader, which first takes a ‘reading’ of the fingerprint and then identifies and verifies the user according to the information captured from the print. This process must be successfully completed before a user is granted access to either data or an information technology infrastructure or to a building or location,” says Mufamadi.
He adds that not only does fingerprint sign-on provide authentic identification of the person accessing the service, but also an accurate audit trail with real evidence should a breach occur.
Describing how biometric technology counters insider threats, Mufamadi says the technology holds value as a proven and efficient method to regulate access. Because it works off fingerprint identification, it is difficult for employees to breach company rules with transgressions such as ‘buddy-clocking’ or ‘borrowing’ another person’s access card, he explains.
Moyo notes that, on the other hand, Frans Lategan, a security consultant with Absa, says biometrics is of limited use in arresting cyber crime unless there is a trusted path from the point of acquisition to the point of verification. “Biometrics can be of more use in combating insider fraud and physical access but the Internet is too complex for the technology to identify criminal elements,” he notes.
Lategan adds that biometric technology can also be a dangerous security measure in as far as criminals are concerned. “At times, security does not always work the way we intend it to. If a criminal attacks me and asks for my credit card, for instance, it would be better for me to surrender the card than if he were to cut off my finger for the sake of my print. So I would say though the technology can be useful in preventing crimes, like those related to insider threats, it can also be risky,” says Lategan.
Describing other shortcomings of biometrics, Lategan points out that the technology does not fail well. “Passwords can be changed, but if someone copies your thumbprint, you are in danger, you can’t update it. Back-ups for passwords can also be made, but if you alter your thumbprint in an accident, you also have problems,” he says.