21 May Securing the financial institutions’ physical and digital assets with biometrics
Gone are the days when the financial institutions’ (FI) only assets considered to be the gold, cash and other valuables in its vaults. With data widely acknowledged as the new gold, ensuring that only legitimate people get access into the FI’s premises and digital databases is more important than ever.
It is standard practice around the world for an individual to positively identify his/herself in a bank branch in order to effect all transactions. Means of identification can include what you know (PIN or password), what you have (ID document) and what you are (biometrics). It is no longer even a competition of which of the methods is considered as the most accurate for positively identifying a person – biometrics wins hands down, literally. Biometrics, usually fingerprints, are used to positively identify an individual when it comes to enabling transactions such as account opening. This is also due to increased KYC (know-Your-Customer) regulation in the financial sector in order to combat illegal activities such as money laundering.
The case for more stringent and accurate identification of account owners is not in dispute. Financial institutions have retooled and upgraded their respective systems to include biometrics so as to meet the needs of the industry. In the same vein, financial institutions should adopt a similarly holistic approach to KYE (Know-Your-Employee) when it comes to further securing access to physical locations and sensitive databases.
And KYE is definitely a topic that deserves a priority spot on the security discussion. In order to look and feel friendlier to customers, some banks have increasingly designed their branches to incorporate open-plan layouts. A more open-plan branch also means more fluid movement of people. This increases the potential of illegal access to restricted areas. Currently access cards and PIN numbers are common solutions to controlling access to such areas. But they are not as secure as biometrics. After all you can always lose an access card and an access PIN can be copied if an employee is not careful when punching in the code.
Protecting a premise is more than ensuring legitimate access. Enabling security to identify person(s) of interest within a set radius of a bank branch dramatically enhances the safety of the facility for its employees and customers. This of course can only be achieved if the security infrastructure comes equipped with facial recognition capability. With banks targeting to deliver a friendlier and more fluid in-branch experience, securing the vicinity becomes even more important.
In addition to enhancing security, biometrics can also deliver efficiency at the point of access. Take for example mining. Though a long way away from the air-conditioned bank branch office, mines are increasingly integrating biometric access technology to their employee access systems to ensure accurate identification of healthy and sober employees entering restricted areas. With contactless biometric technology such as the MorphoWaveTM that offers secure and frictionless access control, accurately processing up to 50 people in a minute, mines are able to manage a smooth and safe change of shift. Coming back to the scenario of a bank branch: enabling legitimate employees frictionless and secure access to restricted areas with contactless biometrics, such as facial recognition or touchless fingerprints, helps to enhance the open-plan, relaxed flow of the branch.
Securing access to restricted areas is step one towards protecting the financial institutions and its customers. Effectively ensuring that only the right people are able to access sensitive databases is key to the security equation.
Access to database still tends to rely on passwords and/or access cards. Currently the common wisdom is to generate a unique user log-in and password for an approved user to access the relevant databases. This process is clearly documented in probably all IT manuals of any private or public institution. Again, the potential for a breach exists and in some cases, such as the case of a reused password for several accesses, this potential is actually very high. According to a survey conducted by Google, as much as 65% of people reuse a password, sometimes for all accounts.
Now if biometrics are used to authenticate customers for transactions, why should it not be used more widely to authenticate employees for access to databases? Biometric technology is already in use around the world to capture time and attendance. Biometric readers are actually more ubiquitous than we expect. For the past few years, it is not uncommon to purchase laptops with integrated fingerprint readers. And for the non-digital natives amongst us, who has actually punched in a PIN or password to unlock our mobile device recently? If biometrics are already a common feature of personal devices, protecting sensitive databases with biometric-powered access control technology should only be a natural upgrade and not a science fiction fantasy.