Sarbanes-Oxley Act – (SOX): The Sarbanes-Oxley Act became law in 2002 in response to major corporate and accounting scandals. Congress created SOX to increase transparency in financial accounting and to mitigate fraud. Originally, its focus was issues surrounding accounting and finance. In 2005, its focus expanded to include human resources supply chain management and information technology.
Banks and financial institutions may have risk control procedures in place complying with these regulations, but are still exposed to fraud. This vulnerability is due to dependence on passwords for security and negligence in carrying out the security procedures diligently. According to “IT Departments on Data Security: A Research Concepts Survey”, 1 out of 4 organizations surveyed last year had a data breach. Most of these companies viewed security as a high priority. According to this survey, only 1 in every 100 employees consistently follows security policy.
ISO 19092:2008 - To increase security, biometrics is now being increasingly recognized as a method for authentication and a reliable identification method. The International Organization for Standardization (ISO) has published a new standard ISO 19092:2008 Financial services-Biometrics-security framework. “This standard establishes the security requirements for the implementation and management of state-of-the-art biometric identification technology within the financial industry.” This standard will make transactions more secure in the electronic era for the financial sector.
According to a Unisys survey, 66% of worldwide consumers preferred banks, credit card companies, healthcare companies, and government organizations to use biometric identification over passwords, smart cards, and security tokens. Most consumers surveyed found biometric solutions extremely convenient and secure as they would not have to remember passwords and also not have to deal with password misuse.
Passwords fail - There are many ways to gain access to passwords, which include simple means such as casual conversations to more sophisticated software. Data and systems security cannot be dependent on passwords. In certain work environments, such as banks or financial institutions, multiple users share a computer with their individual log-in credentials to do their jobs. If a user forgets to log-out of the system the next user could misuse this to create fraudulent transactions or trades using the previous user’s log in. The ERP system would only have the record of the transaction being carried out by the first user under his login.
Biometrics authentication: The reliable solution for security - SAP users can mitigate fraud by using bioLock (from realtime North America), the certified biometric solution using fingerprints. Even if log-in passwords were obtained, the fraudster would not be able to do anything with the passwords because the biometric authentication system would deny him access to perform transactions. Even if an ERP system uses multiple passwords for each user to control access to specific modules, that approach is no match for a biometric system able to control access even to the transaction, field or data level. The biometric approach is crucial for maintaining segregation of duties when employees gain new responsibilities.