Protecting people’s money, and their data

May 2019 Editor's Choice, Integrated Solutions, Financial (Industry)

The temptations inherent to the banking sector, and financial institutions more generally, pit them in an eternal and increasingly high-tech battle to secure themselves against threats from within and without. They also have a responsibility to protect their customers and their data from unauthorised access, and since bank branches are essentially businesses they are seeking ways to improve the customer experience in similar ways to the retail sector.

Addressing all these concerns requires a highly integrated approach that uses the cutting-edge of security technologies across the board. We asked IDEMIA, Cathexis Africa and CA Southern Africa how their companies’ particular areas of expertise are being leveraged in the financial sector.

Nicolas Garcia.
Nicolas Garcia.

“In recent years we have seen a significant shift amongst the world’s largest financial institutions, toward frictionless biometric technology, which is driven by several key factors,” comments Nicolas Garcia, regional director of sales at IDEMIA SA. These factors include security standards compliance and resultant audit pressures which have increased dramatically around the globe in recent years (for both physical and logical security). This has been driven in part by the large number of high-profile insider and outsider breaches/attacks seen in the past five years.

What’s more, the world’s major financial institutions are competing for both the best customers and the best employees. They are always looking for ways to attract top talent, and are focusing heavily on workplaces that are high-tech, safe, and attractive to employees. Also, the access control technology is highly visible to any visitor entering the lobby, and plays a significant role in reinforcing the message of how serious the bank is about security.

There is a need within these entities to securely manage very large workforces, often exceeding 200 000 or 300 000 employees globally. “These employees are of course spread across many sites, but in most large corporate locations there is a need to ensure that tens of thousands of employees can securely access the buildings efficiently at peak times. For example in major cities or at campuses, employees usually arrive in waves during peak hours as they utilise public transport such as subway trains or shuttles. This puts a concentrated throughput demand on the system during these times,” says Garcia.

Another challenge faced by large institutions is the sheer variety of building types and locations in which the access control technology needs to operate. Large organisations need to standardise as much as possible in order to have the best control over their systems, and over costs. The variability, not only from site to site, location (indoors/outdoors) but also by time of day or even by season, has meant that contact fingerprint technology was the most widely adopted solution in the past, due to its immunity to most of these external factors.

Contactless biometrics

“Changing the environment or trying to compete with nature to make a system work is extremely costly, and rarely works, which is why so many facial and iris-based systems have had much more limited adoption in true access control applications,” Garcia continues. “With recent advances in 3D imaging technology, algorithms and processing power, it has become possible to capture more biometric data, more accurately, and without physical contact. The more biometric information you have to analyse, the more accurately you can tune the system for high-assurance matching.”

These gains have become most readily applicable to touchless/contactless fingerprint technology. Since every single fingerprint is unique, by simply waving one’s hand over a sensor, four unique credentials can essentially be tied to one human being, i.e., each of the four fingers, omitting the thumb due to its relative orientation compared to the four fingers. Scanning these fingers in 3D and without contact means more information can be analysed from each finger, without the concerns of hygiene or people having wet or dry fingers, or touching the sensor too softly or too hard.

“Being able to do all of this in even less time, and with less effort than traditional contact biometric systems, has catapulted this technology into the mainstream,” says Garcia. “IDEMIA pioneered the concept of frictionless biometrics over 10 years ago with the first generation of the technology now known as MorphoWave. The intense R&D and field testing over the past decade make this technology fully viable in the real world. As a result, MorphoWave is the most used touchless biometric technology for high-throughput, secure access in the financial sector, including an impressive array of the most recognisable banking and credit brands on the Fortune 500 list.”

Augmented identity

In the workplace, the same frictionless technology regularly extends to time and attendance, cafeteria payments, gym access, parking and other services. This feeds into IDEMIA’s ‘augmented identity’ concept, central to which is the idea that leveraging our identity must be not only a secure process, but also natural and convenient. This extends well beyond traditional access control and security applications into other areas such as eKYC, voting systems, civil ID programmes, border control and passenger facilitation, amongst others.

“IDEMIA’s facial recognition and analytics solutions provide an additional layer of security designed to complement traditional access points by extending the reach of security well beyond the physical doors and barriers. By fusing detection and tracking of persons or objects with accurate facial recognition algorithms, a powerful early warning system and investigative tool provides for much higher ROI (return on investment) of the customer’s existing surveillance infrastructure,” Garcia says. The technology can provide alerts based on any number of watch-lists for a variety of purposes ranging from detecting known bank robbers to identifying VIP customers.

IDEMIA’s biometric technology plays a key role in providing better security to both banks and their customers. Biometrics can be used to verify the identity of a customer when opening a bank account and/or to detect if that same customer has previously existed in the system under a different name. That biometric technology is also integrated into ATMs and branch teller solutions around the world to provide secure authentication of customers.

IDEMIA also offers a secure bank card with embedded fingerprint sensor, known as FCode. This allows a customer to scan their fingerprint directly on their banking card to authorise a transaction, instead of relying on a traditional PIN or signature.

“More major banks and credit providers are now integrating IDEMIA’s biometric technology into the payment experience,” Garcia states. “Secure payments using biometrics bring an important combination of both increased convenience and security at the same time. The expectations of today’s typical banking customer are very different than 10 or 20 years ago.

“Today’s customer grew up with a different level of technology accessibility and most are already completely comfortable using biometrics on their phone for a wide variety of authentication use cases including payments. Today’s customer expects that same capability to extend beyond their phone and into the retail space, whether at a shopping mall, concert or train station.”

Making use of video analytics

Gus Brecher.
Gus Brecher.

Video management software (VMS) specialist, Cathexis Technologies, works with various entities within the financial sector. While its involvement has extended to the likes of institutions like the London Stock Exchange, the biggest component is the banks and their branches, according to Cathexis Africa’s managing director, Gus Brecher.

Integration is a big factor in the banking sector, says Brecher: “We have quite a lot of banking customers and in that sector we do a lot of integration with their fire systems, alarm panels and access control. Depending on the bank, many of them like to have a central monitoring capability, so they’ve got a hybrid scenario where they’ve got distributed recordings on site, a centralised monitoring facility for alarms, and the ability to view and store video off-site on request.”

Over and above access control systems deployed in the back-office areas, Brecher says banks are increasingly making use of video analytics. One way this can be used is to notify a branch manager if someone has entered the customer service area and not been served within a certain period of time, to enable the branch to improve its customer service levels. People counting can also be used to gain more insight into people’s comings and goings.

Analytics algorithms that identify loitering behaviour are also deployed outside banks and at ATMs. “We’ve also done some ATM integration where the standalone ATMs have small recording devices in them which can be correlated with the ATM transactions. However, because of privacy issues addressed by the likes of the PoPI (Protection of Personal Information) Act and GDPR (General Data Protection Regulation), this is typically limited to details like the time and type of a transaction, rather than details about the person performing the transaction,” Brecher says.

Cybersecurity must not be ignored

Gregory Dellas.
Gregory Dellas.

Whether crime is committed with a crowbar or a computer, the number one motivator for an attacker is greed, points out Gregory Dellas, security presales at CA Southern Africa. “It is for this reason that banking and financial institutions face the most persistent threat from the world’s assorted cybercriminals. While data has value and can be breached and sold off, it is the systems that handle the criminal’s true goal – money – that make the best targets,” he states.

According to SABRIC, 16 296 incidents were reported from January 2018 to August 2018 with losses amounting to more than R183 million for the banking industry. This is a 64,3% increase in the number of incidents over the same period in the previous year. On a wider scale, in the PwC 2018 Global Economic Crime and Fraud Survey, South Africa ranked number 1 globally for companies having experienced some form of economic crime, with a whopping 77% of all South African organisations being affected.

The largest increases in the sector were seen in insurance, consumer lending and retail investing. A contributing factor in this trend is the assumption that the established enterprises are the most at risk, when in fact, new entities including cloud-based services and digital banks are also highly targeted. Young organisations seeking to grow quickly and build security later make up the majority of these reported breaches.

Awareness versus alertness

“Awareness of these facts is an important step towards strong security but it is not enough,” Dellas insists. “The attacker is alert, prepared and 100% focused when exploiting systems. The staff of a financial services firm may be security aware but they are acting on routine, are distracted and not anticipating, for example, a potentially fateful social engineering phone call.

“This alertness shortfall can only be overcome with the right tools and a wide safety net strategy. Singapore based DBS bank provides a good case study, where a newly implemented CA Technologies automated identity and access management platform reduced risk of fraud, increased efficiency and improved customer satisfaction.”

Additional layers of defence include tools that manage privileged credentials which are the equivalent of the vault keys in a physical bank. Intelligent risk-based authentication can fill in the alertness gap should attackers gain access to systems or possession of employee credentials; they can be blocked based on thousands of hours of behavioural profiling.

“Many financial institutions are benefiting from benchmarking themselves against peer companies such as DBS. One good industry forum that helps address cybersecurity risk is the Financial Services Information Sharing and Analysis Centre (FS-ISAC). They conduct frequent cyber-range exercises and publish recommendations. Another excellent initiative is the Financial Data Exchange which seeks to create a common standard for data sharing across the financial industry.

“Reaching out to peers and partners familiar with the cutting edge of cybersecurity is an important step in boosting overall security posture. By continually adding additional layers of security, be they tools, processes or collaborative initiatives, best practices will ultimately keep financial institutions safe and secure,” Dellas concludes.

For more information contact:

• CA Southern Africa, +27 11 417 8594, heidi.ziegelmeier@caafrica.co.za, www.ca.com/za

• Cathexis Africa, +27 31 240 0800, sales@catafrica.co.za, www.cathexisvideo.com

• IDEMIA, +27 11 286 5800, sec.san.contact@idemia.com, www.idemia.com


Credit(s)






Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Constructive CCTV contributions to research
September 2019, Leaderware , Editor's Choice, CCTV, Surveillance & Remote Monitoring
Study leads to understanding that we need more recognition and reward for constructive participation in society.

Read more...
Managing staff effectively
September 2019, dormakaba South Africa, iPulse Systems , Integrated Solutions, Access Control & Identity Management
Workforce management solutions allow organisations to track the relationship between productivity and the cost of employment, incorporating issues such as health and safety, T&A, rostering and more.

Read more...
Ensuring a seamless ultra-wideband ecosystem
September 2019 , Editor's Choice, IT infrastructure
FiRa consortium ensures an interoperable ultra-wideband technology ecosystem across chipset, device and service infrastructure through standards and certifications.

Read more...
The hunt for the Carbanak group
September 2019 , Editor's Choice, Cyber Security, News
Tomorrow Unlocked has released a free four-part documentary that tells the story of the notorious Carbanak APT group and its $1 billion bank heist.

Read more...
Genetec to integrate CylancePROTECT
September 2019, Genetec , Editor's Choice, CCTV, Surveillance & Remote Monitoring, News
Genetec has announced it is partnering with Cylance, a business unit of Blackberry, to bring AI-based antivirus protection to its appliance customers.

Read more...
Increase security efficiency, decrease costs
September 2019 , Security Services & Risk Management, Integrated Solutions
Trackforce offers customisable mobile and web applications to increase security operational efficiency and lower costs.

Read more...
X-rays in 3D
September 2019, XPro Security Solutions , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions asked Greg Dixon, director of XPro, for some insights into X-ray scanning and its pros and cons in today?s volatile world.

Read more...
Smart Inspection Unit developed by Roteck
September 2019 , Editor's Choice, Security Services & Risk Management
Roteck has announced a portable personnel and bag scanning unit that can easily be transported, set up and used in almost any location.

Read more...
Securing ATMs 24/7
September 2019, Hikvision South Africa , CCTV, Surveillance & Remote Monitoring, Financial (Industry)
To be effective, most ATMs need to be in public areas and open all hours, and they hold cash, making them an attractive target.

Read more...
Keeping our changing environment secure
August 2019 , Editor's Choice, Security Services & Risk Management
For a crime to take place there needs to be a victim and a criminal who sees an opportunity. For a cybercrime to take place we need the same set of circumstances.

Read more...