printer friendly version

Stronger identity management to curb fraud?

Fraud in the workplace can be ascribed to a number of factors: economic hardship, criminally minded staff, syndicate intimidation and bribery, opportunistic chance takers and more. The fact is, expecting people to behave honourably when they have no intention of doing so will result in failure.

Yet, while blindly trusting people is counterproductive, there are those who are honest and will not commit fraud even if the opportunity is there. So what is the answer to preventing fraud in the workplace? One does not want to punish the honest just because some people have no ethics.

Could stronger identity management cut down on fraud? But how does one do this without adding to the complexity of the workplace, which will simply lead to users looking for ways to break or work around the processes? Hi-Tech Security Solutions asked two industry leaders for their take on this touchy subject.

Hi-Tech Security Solutions: Can stronger identity management processes make a difference to fraud in the workplace? How would this work and what in what areas would it be appropriate?

Hendrik Combrinck, ZKTeco South Africa: Yes. By implementing digital identity management, an audit trial of all transactions on an entire system can be logged. This will force users to take responsibility for their actions.

Nicolas Garcia, Morpho South Africa: Experience has shown over the past 10 years that adequate identity management contributes highly in reducing fraud in the workplace and although very difficult to eliminate completely, fraud can be reduced dramatically by implementing proper systems. Most areas can be covered, but from a risk management point of view it makes sense to address the most sensitive areas first.

Hi-Tech Security Solutions: Please define what you mean by identity management and identity authentication, specifically related to our topic of fraud prevention in the workplace?

Hendrik Combrinck: Identity management is the management of a person’s identity credential inside the workplace. Whether it be a PIN on a keypad to access a door or a card or a fingerprint to access your computer. With strict credential management, users can be monitored 24/7. This will cut down on fraud and minimise losses for the company.

Nicolas Garcia: Identity management in general is the operation of ensuring who a person is and of gaining access to relevant information pertaining to this specific person. Identity authentication is the operation to verify that a person is who he/she claims to be. Identity authentication is particularly important at the time of authorising a transaction.

Hi-Tech Security Solutions: Would biometric identity authentication work in a busy workplace – specifically with respect to preventing fraud? Are biometrics accurate and reliable enough to use in a commercial setting with untrained users? What forms of biometrics would you say are reliable enough for real world use?

Hendrik Combrinck: Biometrics already plays a big role in the day-to-day workings of many companies. It has proven itself to be reliable and accurate enough for people to get paid by it, why not use it in cutting down on fraud.

No system can work 100% efficiently without the users being trained to use it, this is a normal process in any digital environment. Fingerprints, at the moment, are the most reliable form of digital credential because they are highly accurate and also cost effective for companies to implement in an array of applications. Facial recognition is evolving fast and is proving to be a contender in identity management in the commercial environment.

Nicolas Garcia: Biometric systems have long been used in the workplace and proven to be fast, accurate and reliable. The most adopted technology is fingerprint technology because its use is seamless for the user and fast enough not to congest the workplace. Biometric is also faster, easier and more secure to use than typing a password to authorise a transaction, for instance.

Hi-Tech Security Solutions: Are there simpler, non-biometric ways to manage identities to the level required?

Hendrik Combrinck: There are simpler, non-biometric ways to manage identities, but not to the level required to prevent fraud in the modern workspace.

Nicolas Garcia: There are existing systems which make use of cards. I don’t think they are simpler to use than biometrics, but they are bearing so many disadvantages that they are intrinsically losing out to biometric systems.

Hi-Tech Security Solutions: Are there additional methods of preventing fraud before the person is actually ‘on the job’, such as employee screening, online identity verification with Home Affairs etc.? Can/should these be integrated with biometric identity authentication?

Hendrik Combrinck: Yes, employee screening is very important because that is where the interaction starts for an employer and a potential employee’s identity. This is a crucial step and can definitely be fast tracked with biometrics and online verification. One must also remember that the Home Affairs systems are also run by people and also need to be protected because if the wrong information is captured there it will filter through to potential employers.

Nicolas Garcia: Although fraud attempts cannot be eliminated, it is certainly a good idea to ensure any new staff you bring onboard don’t have a history of committing fraud, especially if they are to work in sensitive functions like finance, etc. Screening solutions are available through credit bureau services or similar organisations and are linked to various government databases to ensure that the applicant is the right person and is clear from any criminal offence.

The screening solution allows you to capture a fingerprint and to submit it to the government systems which in return acknowledges the match or not. Government databases are not otherwise shared with private companies and therefore prevent fully integrated real-time authentication.

Hi-Tech Security Solutions: How does a business person justify the cost of implementing biometrics when the older password method is free and simple? Even tokens or cards/smartcards are cheaper?

Hendrik Combrinck: This has been one of the biggest myths in the digital market in the last two years. Yes, passwords might be free, but does it prevent fraud at a level required by the market. Biometric systems have been proven over and over again to be more accurate and more cost effective than the token or other card based systems. It is all up to the supply chain of these biometric systems in South Africa to stop using biometrics as a cash cow and start implementing cost effective biometric identity management systems in the market.

Nicolas Garcia: Older methods such as password, cards, tokens, etc. might seem cheaper to implement, but have proved to be insecure. The cost of managing cards and passwords are often overlooked but can represent a significant budget every year. A password or a card/token can be communicated, lost/forgotten or stolen hence creating a security breach. One must decide if he is prepared to take the risk to save money.

Hi-Tech Security Solutions: Could using biometrics to prevent fraud be made more cost effective if integrated into other areas of the business such as access control? Can you provide an example of how this may work?

Hendrik Combrinck: Yes it can. A simple example of this is by connecting the access control system to the Active Directory of the company. In essence, a person will not be able to log on to any system in the company if he/she did not clock in at any of the access control points in the building. So, if someone is not on site then his digital credential can’t be active.

Nicolas Garcia: This is called convergence and consists of integrating physical and logical access control in the same system. The idea behind that is to simplify administration and reducing cost by only using one backend, increase security while adding more convenience for all users (only one enrolment).

Security is improved because you can now imagine more secure scenarios e.g. preventing someone from logging onto a PC without first physically entering the building or the other way around, automatically log out of a workstation if the person exits the building after a certain time, etc.

Share this article:

Further reading: