In South Africa the Financial Intelligence Centre Act No. 38 of 2001 (FICA) requires organisations in the financial sector to verify their clients' identities, keep associated records, and report any suspicious or unusual transactions. This applies to both existing and new clients.
Currently, FICA stipulates that one of the following is required from a client to establish identity:
* A South African identity document.
* A passport.
* A card-format driver's licence.
In South Africa, many identity documents and passports are obtained fraudulently and a high level of counterfeiting of these documents is also encountered. Fingerprint biometrics would certainly provide for a more accurate reflection of true identity and would be a huge catalyst in reducing fraud in the banking environment.
Ideally, a bank operating in any country should verify the true identity of a potential client through direct verification against the population register (PR).
Nevertheless, it is anticipated that banks would insist on controlling their own identification systems because a national system would have the capacity to also handle banking-related transactions in realtime.
Consequently, the banking sector would require the implementation of its own automated fingerprint identification system solution (AFIS). Without verification against the PR, this solution would not necessarily allow the bank to establish a client's true identity, but it will allow the bank to determine if a particular client has been registered before, possibly under a different name, allowing immediate detection if this person attempts to open another bank account. Should all the banks then agree to exchange information and use a central AFIS, fraudulent acts become even more difficult, if not impossible, to commit.
For compliance with FICA, and certainly also for any bank's own forensic purposes, the ideal usage scenario for opening a bank account by means of fingerprints would thus entail the following:
* An initial one-to-many (identification) search against the population register to establish true identity.
* An initial one-to-many (identification) search against the bank's own AFIS to establish if an individual has been enrolled before under the same or a different name.
* Enrolment of the client's fingerprints and demographic information in the bank's AFIS.
Once a client has been enrolled in the bank's AFIS, the bank will be able to perform a number of transactions using his/her fingerprint as positive and accurate proof of identity. A few of these types of transactions are briefly highlighted below.
Money transfers, withdrawals and closing of accounts
Fingerprint biometrics can be used for verification of the client's identity for money transfers, withdrawals and the closing of accounts. This will entail one-to-one verification of the client's fingerprint against a claimed identity, which would be linked to a specific bank account from where the money transfer would take place. The claimed identity could be in the form of a name, bank account number, ID or other unique reference, and the bank's AFIS will perform a comparison between the presented fingerprint and the one previously stored in the database for that particular individual or another designated individual linked to that particular account. Only if identity verification is positive will the money transfer be allowed to take place.
The same procedure is also applicable in both money withdrawals and closing of accounts.
On-line banking
As we know, on-line banking enables clients to perform tasks such as viewing account details, statements, inter-account transfers, transferring money to accounts at other banks, paying invoices etc, via the Internet. Banks typically use a combination of username/password or PIN and SMS technology for client authentication, but biometric fingerprint verification would significantly elevate the levels of security.
It is feasible that in the near future on-line banking clients could have these devices on their desktops. This will allow the bank to positively establish the identity of an on-line banking client by means of a fingerprint before allowing access to the bank's services.
Transaction logging
Transaction logging through fingerprint biometrics would entail identity verification of a bank employee conducting a particular type of transaction, eg, fingerprint enrolment of a client and the entire range of banking transactions; this would positively link that operator to a particular transaction.
ATMs
The four main banks in the major European countries are setting the new ATM usage standards with the help of Sagem's biometric fingerprint technology. Readers are being incorporated into the ATMs to make them more secure. This is the way is works: clients using these ATMs are issued with six-digit pin numbers that represent their birth date (day, month and year) these are entered when the client wants to use the ATM. Once this pin number is entered, it brings up the database of those people with similar birth dates. The ATM then asks the client to present his or her finger to the fingerprint reader which searches this smaller database of people to positively identify the user in a shorter amount of time; rather than searching the global database. The client can then perform the required transactions on the ATM as per usual.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version