ISO 19092:2008 - To increase security, biometrics is now being increasingly recognized as a method for authentication and a reliable identification method. The International Organization for Standardization (ISO) has published a new standard ISO 19092:2008 Financial services-Biometrics-security framework. “This standard establishes the security requirements for the implementation and management of state-of-the-art biometric identification technology within the financial industry.” This standard will make transactions more secure in the electronic era for the financial sector.
According to a Unisys survey, 66% of worldwide consumers preferred banks, credit card companies, healthcare companies, and government organizations to use biometric identification over passwords, smart cards, and security tokens. Most consumers surveyed found biometric solutions extremely convenient and secure as they would not have to remember passwords and also not have to deal with password misuse.
Passwords fail - There are many ways to gain access to passwords, which include simple means such as casual conversations to more sophisticated software. Data and systems security cannot be dependent on passwords. In certain work environments, such as banks or financial institutions, multiple users share a computer with their individual log-in credentials to do their jobs. If a user forgets to log-out of the system the next user could misuse this to create fraudulent transactions or trades using the previous user’s log in. The ERP system would only have the record of the transaction being carried out by the first user under his login.
Biometrics authentication: The reliable solution for security - SAP users can mitigate fraud by using bioLock (from realtime North America), the certified biometric solution using fingerprints. Even if log-in passwords were obtained, the fraudster would not be able to do anything with the passwords because the biometric authentication system would deny him access to perform transactions. Even if an ERP system uses multiple passwords for each user to control access to specific modules, that approach is no match for a biometric system able to control access even to the transaction, field or data level. The biometric approach is crucial for maintaining segregation of duties when employees gain new responsibilities.
Societe Generale Bank case study - The fraud at Societe Generale Bank is a classic example of how compliance with IFRS and Basel II was not enough to prevent the fraud which could have been prevented if they used SAP and a biometric system like bioLock to protect them.
What went wrong?
Jerome Kerviel worked in the back office and in the middle office from 2000 to 2005, prior to becoming a trader. He had in-depth knowledge of their systems and procedures.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.