Identity without compromise

July 2013 Access Control & Identity Management, Healthcare (Industry)

The latest Hi-Tech Security Solutions Executive Roundtable Breakfast focused on executives from the healthcare and financial markets, explaining the importance of effective identity management and the benefits of biometrics in reducing fraud and protecting data and transactions.

Clem Sunter. ”The probability of a failed state is therefore no longer a wildcard, but has risen to a significant probability of 25%.”
Clem Sunter. ”The probability of a failed state is therefore no longer a wildcard, but has risen to a significant probability of 25%.”

The event started with a keynote by world-renowned business strategist Clem Sunter, who spoke on the Possible Scenarios in a Future South Africa. Sunter spoke on a similar topic about a year ago in an Executive Breakfast targeted at mining executives and it was interesting to see how his scenarios had panned out. Sadly, they were scarily accurate.

They problem with scenario planning is that it is easy to predict an outcome, or possible outcomes, and judge the accuracy of the predictions after the fact, but it is not helpful. Sunter says the idea of flags or signposts that a particular scenario is happening or about to happen is crucial for strategy planning, whether for business or government – especially when one adds consequences to the flags.

When you have flags as part of a possible scenario, it becomes easier to see the scenario as it happens, allowing one to adapt and make a plan to deal with the situation. Knowing the consequences in advance makes plans for adaptation more important, as well as more accurate than a wait-and-see approach.

Sunter also warned that scenario planning is something that needs to be part of an action. He advises planners not only to have the conversation, but to do something about it and be ready for changes.

Breakfast at the  event.
Breakfast at the event.

Security scenario

While Sunter’s keynote was broadly focused, he started with a scenario all too familiar to the executives present. He says recent US figures note that fraud in companies is committed by insiders over 70% of the time. More importantly, most of these people have no record of criminal activity before committing the fraud.

This means that checking the criminal record of the perpetrators will not flag them as a risk. They can work in a company and legitimately access sensitive data or bank accounts with a valid identity – normally a username and password.

Global and local future scenarios

To see what scenarios Sunter came up with for the global economy and South Africa last year, please refer to the article at*sunter1. There are two primary scenarios for the global economy at present, according to Sunter: Hard Times and Ultra Violet.

Hard Times has the global economy continuing poorly for a long time. Some of the flags include age demographics, with Japan as the poster child of a country with an ageing population. The EU is also in a crisis in this regard, with Italy, for example, showing a population decline over the past eight years. The US is not looking too bad as it has an increasing population of 35 to 45 year olds, which are critical to consumer spending. While this is a tough economy, Sunter noted that if you can offer value for money and innovation in this environment, your business can still thrive.

Ultra Violet is a scenario in which the ‘old economies’ remain flat and uninspiring, while the new or emerging economies recover and grow quickly. China is, of course, a major factor in this scenario. The Chinese flag is if it manages to keep growth to over 8% or not. If this happens, Ultra Violet is likely to be the reality. If not Hard Times are coming.

Sadly, Sunter says he is leaning towards Hard Times at the moment, because things are not too rosy for China. There are three flags that indicate China may not be the boost to the global economy we want it to be:

1. Its one-child policy is going to come back and haunt it in the long term because of the demographic imbalances, even though it has a healthy demographic now. In 20 years, China will have more people over 50 years of age than under.

2. China is also becoming a more expensive economy and it needs to move from replication to innovation to continue its growth.

3. There are many empty properties in China, including a few empty cities, raising the spectre of a property bubble.

So, even while the US is in recovery mode, Sunter says there is a higher probability of the Hard Times scenario.

The local league

Sunter has three scenarios for the future of South Africa. The first is where we compete in the premier league among nations, which are all striving with each other to improve the lives of their citizens. Sadly, while South Africa should be ranked between 30th and 35th in the global competitive rankings, last year we were at number 59. There is also a lack of certainty among foreign investors given recent activity in the country which does not bode well for the future.

This and other factors could put SA in the relegation zone, the second scenario, where the country slides into poor third-world status but remains peaceful. This will have a significant impact on tax revenue and foreign investment, especially in the light of the large amounts of money we require to improve the electricity and water situation.

The third option is a failed state, which will happen if violence breaks out. In this scenario, South Africa will become too violent and unpredictable and will be abandoned by the rest of the world – much like Syria.

Some of the flags for a failed state include nationalisation which seems to be off the table right now, a badly implemented national health system and a media tribunal with secrecy powers. The recent Secrecy Bill is a concern in this regard.

An important flag, possibly the most important, is land grabs. As one minister from Zimbabwe noted, at the first land grab in that country the economy did not slow down, it ‘hit the wall’. Locally, if this happened the rand would most likely soar to R100 to the US dollar, prices would soar and hyperinflation would set in. There is a crucial need to keep this flag down and the uncertainty of this risk is why the probability of a failed state has been raised.

The probability of a failed state is therefore no longer a wildcard, but has risen to a significant probability of 25%.

With the above (and more) as background, Sunter offers the probability for South Africa’s three scenarios (premier league, relegation and failed state) as 50%, 25% and 25%. This is significantly different from last year where the probabilities were 70%, 50% and 0%.

Having the numbers is not enough, however, we need to do something about it.

IT identity crisis

Mark Eardley. “Trust, but verify.”
Mark Eardley. “Trust, but verify.”

Following Sunter’s eye-opening presentation, Mark Eardley, an identity management consultant spoke on the identity crisis the world is facing in the information technology sector.

He started with a quote from George Tenet, the director of the CIA from 1997 to 2004: “We have built our future upon a capability that we have not learned how to protect. We have ignored the need to build trust into our systems. Simply hoping that someday we can add the needed security before it is too late is not a strategy.”

Eardley says that in spite of all the advances in corporate IT in the past 50 years, we are still reliant on the concept of CPPs (cards, PINS and passwords) to identify and authorise activity within our corporate systems. This is an inherent flaw: anyone can use yours and you can use his or hers. What is more, they are routinely lost, stolen or simply forgotten.

The fact about CPPs is that all they verify is that the card or password is present, it can never confirm that a specific person is using the credential. This misuse of credentials is growing on an unprecedented scale. Eardley says Interpol President, Khoo Boon Hui, speaking at an Interpol Conference in Tel-Aviv in May last year, noted that for every dollar lost to robbery, 117 dollars are lost to cybercrime.

Using biometrics to authorise and grant access to the digital world is the only answer to this problem at present. Using biometrics, not only can people be granted access to the appropriate applications and data, but only the authorised person can access them as you cannot lose or lend your fingerprint or face to a third party.

He adds that fingerprint biometrics are the most popular form of biometric identification today because of its simplicity and reliability. The old technology that had a reputation of being unreliable has been replaced and today biometrics are used for the most secure installations.

Of course, he adds that not all biometrics are manufactured equal. When choosing a biometric technology, it is important to choose one with a good reputation (not only a low purchase price) as well as one that has been certified according to globally accepted standards, including FBI, NIST and FIPS standards. Some biometrics manufacturers forgo keeping their certifications up to date, which is a telling sign for the buyer.

Eardley concludes that buyers must educate themselves to be able to ask the right questions to ensure they acquire solutions that will deliver the secure service they require.

In ending, Eardley says these days the first rule for everything related to security is “trust, but verify”.

The business case for biometrics

Alan Goodway, business development executive: innovation at Business Connexion. “The integration of fingerprint biometric technology into corporate applications and systems.”
Alan Goodway, business development executive: innovation at Business Connexion. “The integration of fingerprint biometric technology into corporate applications and systems.”

Alan Goodway, business development executive: innovation at Business Connexion followed with a presentation on the Total Business Case for Modern Biometrics.

Goodway echoed Eardley’s comments on CPPs, noting they have a long history of use in the IT industry, becoming more complex and even being automatically changed at regular intervals more recently. They have even been linked to personal identity numbers (PINs) and more recently, one-time PINs and smartcards. Yet they have not been successful in preventing attacks and significant financial loss.

The three sectors primarily targeted by cyber attacks are the finance, government and telecommunications sectors. Alarmingly, he says that in more than half of the cases investigated, none of the losses had been recovered. Additionally, on average, approximately 5% of company turnover was lost due to these cyber fraudsters. (According to the 2012 International Report Occupational Fraud and Abuse – Association of Certified Fraud Examiners (ACFE) (May 2012)).

Unlike Sunter’s figure of 70% in the USA, Goodway says in almost 90% of cases investigated, the fraudster had no previous history of any fraudulent conduct. Moreover, the longer he/she had been employed, the higher the losses. And sadly, less than 3% of fraudsters are convicted.

Goodway also recommends replacing CPPs with fingerprint biometrics, “as a matter of urgency”. Of all the different biometric options available currently, including face, fingerprint, iris, palm, voice, signature etc., fingerprint is the most advanced and most widely used and trusted.

He recommends using a system such as SuperSign to replace all system passwords and PINs. SuperSign is a locally developed application that replaces passwords with biometric authentication for Windows authentication solutions, as well as Web access (including banking) as well as application and transaction authentication. There’s also the GreenBox authentication and form management solution, (see more in Hi-Tech Security Solutions at or

Goodway adds that there are many mobile terminals currently in use that use biometrics for authentication for a range of applications. These range from:

* Medical practitioner patient identification (biometric) and benefits statement (from in-house application) to prevent patient fraud at service points for a large SA-based medical aid;

* Banking applications (new client engagement, servicing customer base in bank and remote areas such as pensioners, elderly, sick etc., and onetime PIN-enabled Internet banking);

* Population census/voting; and

* Other business application where identity is key, combined with access control or time & attendance.

In summing up, Goodway reiterated the challenges companies face today when it comes to authentication in the healthcare industry. These include:

* Card issuing is labour intensive and time consuming;

* Photo identification not guaranteed;

* Fraudulent activity due to card swop out;

* No access to complete medical history;

* No benefit validation at point of service; and

* Service provider payment not guaranteed due to lengthy claims process and benefits disputes.

The solution, according to Goodway is the integration of fingerprint biometric technology into corporate applications and systems to replace passwords and PINs and their respective identity authentication weaknesses.

The event was closed with attendees networking and talking to the presenters, as well as getting some hands-on experience of fingerprint biometric devices at the Ideco display.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

TAPA: The role of an effective treasury function in business risk management
June 2019, Technews Publishing , News
Neil Le Roux, the Founder of Diligent Advisors will speak at the TAPA SA (Transported Asset Protection Association) annual conference on 26 July 2019.

iLegal 2019: Putting a face on surveillance services
August 2019, Technews Publishing , News, Conferences & Events
iLegal 2019 will be held on 12 September 2019 at The Rosebank Crowne Plaza in Johannesburg. iLegal is the surveillance industry’s premier one-day conference hosted jointly by Hi-Tech Security Solutions and Dr Craig Donald.

Residential Estate Security Conference 2019: Making AI work for you
August 2019, Technews Publishing , News, Conferences & Events
Gerhard Furter will deliver the keynote at the Residential Estate Security Conference 2019, providing a brief introduction into what AI really is and its application in estates.

From the editor's desk: The difference between potential and skills
August 2019, Technews Publishing , News
This issue of Hi-Tech Security Solutions includes our annual Local Manufacturing feature and it’s great to know that local security manufacturers are still going strong, even if the general manufacturing ...

Patient critical – healthcare’s cybersecurity pulse
August 2019, Wolfpack Information Risk , News, Cyber Security, Healthcare (Industry)
The healthcare industry has become one of the leading cybersecurity attack vectors worldwide for several reasons.

HID addresses identification challenges at ID4Africa
August 2019 , News, Access Control & Identity Management, Government and Parastatal (Industry)
Being able to verify people’s identities is critical for a nation’s growth and prosperity and yet HID says nearly half of all African citizens can’t prove who they are to vote, travel freely and receive government benefits and services.

Came acquires Turkish company Özak
August 2019, CAME BPT South Africa , News, Access Control & Identity Management
Came broadens its market horizons and signals growth and consolidation in the Middle East.

iLegal 2019: Enhancing and empowering your control rooms
July 2019, Technews Publishing , News, Conferences & Events
iLegal 2019 will be held on 12 September 2019 at The Rosebank Crowne Plaza in Johannesburg. iLegal is the surveillance industry’s premier one-day conference hosted jointly by Hi-Tech Security Solutions and Dr Craig Donald.

Residential Estate Security Conference 2019: Managing for efficiency
July 2019, Technews Publishing , News, Conferences & Events
The Residential Estate Security Conference 2019 will be held on 20 August 2019, once again at the Indaba Hotel in Fourways, Johannesburg.

Spending to save
August 2019, Technews Publishing , News
As residential estates and complexes grow like weeds across South Africa, often promoting themselves as more secure than a stand-alone house, many are finding that close proximity to a neighbour or a ...