Secure identification and authentication

Issue 3 2020 Financial (Industry)

While a brief review of the round table is printed before this article, Nicolas Garcia from IDEMIA was unable to attend in person. Instead, Hi-Tech Security Solutions sent him some of the questions we asked the attendees and he submitted his answers in writing.

Hi-Tech Security Solutions: What is identity and what does it mean to verify someone’s identity? What does it mean to authenticate someone? Where are the two(verification and authentication) used and for what purpose?

Garcia: According to Forbes: Identity is generally accepted as an amalgamation of any or all attributes and information available that binds a persona to a physical person.

Verification is proofing, typically done during onboarding. Authentication is done afterwards, when we validate against the identity captured during onboarding.

Authentication is the process through which we prove who we claim to be. It determines if one or several of the following elements or authenticators used to claim an identity are valid and belong to the same individual previously identified.

• What I have: mobile phone, smartcard, security token…

• What I am: fingerprints, face, iris…

• What I know: password, PIN code….

Authentication occurs each time a user wants to access a service or perform transactions, such as payments, wire transfers or a contract signature. It is also used in the physical world, such as when you want to access a building.

Biometric systems offer a secure and easy-to-use solution to build the bridge between physical and digital identities. It enables enterprises to mitigate the risk of identity theft or impersonation, by ensuring the person is really who he/she claims to be and is present at the time of transaction.

Hi-Tech Security Solutions:Currently, what is the norm in commercial environments to verify and authenticate an individual’s identity when it comes to physical and digital identities?

Garcia: Today’s customers expect total convenience without sacrificing security. Because of this, we are seeing an increase in the uptake of digital authentication of an identity (physical/digital) using biometrics in both physical and digital environments.

PINs, passwords and 2-factor authentication are the more common ways that commercial organisations authenticate a person. Leveraging the power of mobile phones and their biometric capabilities (such as camera and fingerprint technology), enterprises can remotely verify their customers’ identities. IDEMIA’s MorphoWave Compact is an alternative portable biometric reader.

Hi-Tech Security Solutions: Facial recognition/verification is getting all the attention these days, but is this a reasonably secure and reliable identity verification/authentication mechanism for physical and digital security?

Garcia: Today, state-of-the-art biometrics algorithms, certified, by independent agencies such as the National Institute of Standards and Technology (NIST) and leveraging machine learning capabilities, outperformed average human capabilities when it comes to recognising unfamiliar faces.


Nicolas Garcia.

The ideal solution is to combine man and machine to achieve the best results. Also, 3D facial recognition technology is one of the best ways to neutralise environmental conditions and reach better results than 2D information.

For a financial services provider, it may not be reliable enough to solely rely on one type of information to verify the legitimacy of an individual identity claim. Indeed, they may lack some type of information, for instance their credit history may be limited, they may lack some ID documents or, in some cases, they may not wish to share their biometrics. Besides, static Personally Identifiable Information (PII) may have been compromised. Furthermore, data available and validation requirements depend on the geography and regulations. That’s why a reliable digital identity requires a layered identity-proofing approach.

Organisations can pick and choose which of the layered measures to take based on their customers’ profiles, their risk policy and identity assurance requirements. Such a multi-layered onboarding approach uses a combination of identity document authentication and biometric verification and other background checks.

Hi-Tech Security Solutions: When it comes to financial institutions, what are organisations these days doing to more accurately verify/authenticate customers’ identities to avoid issues like people opening bank accounts under false names etc.?

Garcia: With fake accounts being a major concern for financial institutions, biometrics deduplication is crucial for fighting against fraud. It enables service providers to check whether a unique individual has opened multiple bank accounts under different, false names.

Financial institutions could also rely on mobile operators for risk scoring, to help their fight against identity theft and account takeover. In fact, many banks rely on a customer’s mobile phone as a method of verification. When logging into an account, customers are often asked to verify their identity through an SMS OTP (one-time password).

Leveraging in-branch biometric devices or readers, a bank can match a customer’s biometrics against their ID to verify a customer (or potential customer) that they are who they claim to be.

Hi-Tech Security Solutions: What is happening in terms of remote and mobile identity verification/authentication? As companies try to reduce ‘in-person’ visits and encourage people to transact via the Internet or their mobile devices, how are they trying to ensure the person is who they claim?

Garcia: Adopting a multi-layered approach, combining ID document authentication, biometrics and liveness detection and more, enables banks to reconcile security, compliance and user experience.

For example, a bank would typically mix different technologies and methods in their processes, depending on the level of security required for respective applications/requests. Some banks might agree that a PIN code might be secure enough to give access to an account balance, but a combination of face and code might be preferred for transfer of a large amount of money. In addition to that, banks might limit sensitive transactions to pre-approved devices only.

Hi-Tech Security Solutions: What about privacy? Should we give up the idea that we have any? If not, how can we retain some privacy without negatively impacting security? How does the industry support privacy while still producing identity technologies?

Garcia: People have a right to their own privacy and when it comes to facial recognition and biometrics, they need to be assured that a proper policy framework is in place to safeguard their data and restrict who has access to it and how it can be used. Public and private entities have to collaborate to define this regulatory framework.

The solutions developed by IDEMIA incorporate privacy by design principles. This protects consumers and guarantees the highest possible level of data protection that can be used for identity verification and authentication technologies.

Security and respect of data privacy are in the DNA of IDEMIA. As such, our biometric access control products comply with a wide range of industry and privacy regulation, including the recently adopted GDPR, the European data regulatory framework. This places the end-user at the centre of all consideration. Our systems only keep absolutely necessary information required in an encrypted form, called a template, which cannot be reverse engineered to recreate a face or a fingerprint and can be deleted on demand. To add to that, it is important to offer an end-to-end encryption solution to ensure that data remains safe.

Nicolas is the sales director for biometrics terminals at IDEMIA, leading the business in the Middle East and Africa region. An expert in the topic of biometric access technology, Nicolas also penned a book explaining the technology terms to the man on the street.

For more information contact IDEMIA, +27 11 601 5500, sec.san.contact@idemia.com, www.idemia.com


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Contactless at the game
Issue 5 2020, IDEMIA , Access Control & Identity Management
IDEMIA partners with JAC to successfully test frictionless biometric access technology at Level5 Stadium in Japan.

Read more...
Focus on touchless biometrics
Residential Estate Security Handbook 2020, Hikvision South Africa, Saflec, IDEMIA , Suprema, Technews Publishing , Access Control & Identity Management
The coronavirus has made touchless biometrics an important consideration for access control installations in estates and for industries globally.

Read more...
Frictionless access with a wave from IDEMIA
Residential Estate Security Handbook 2020, IDEMIA , Access Control & Identity Management
Platinum Sponsor IDEMIA displayed its frictionless biometric reader, the MorphoWave Compact, at the Residential Estate Security Conference.

Read more...
Frictionless fingerprint access
Residential Estate Security Handbook 2020, IDEMIA , Products, Access Control & Identity Management
The MorphoWave Compact acquires four fingers in 3D for maximum accuracy, with one pass of the hand over the sensor.

Read more...
IDEMIA launches VisionPass facial recognition
Issue 4 2020, IDEMIA , Editor's Choice
IDEMIA has launched its VisionPass facial recognition solution in Africa, offering secure and contactless access control to companies of all sizes and in all markets.

Read more...
Integrating security with financial operations
Issue 3 2020, Technews Publishing, Hikvision South Africa, Cathexis Technologies, Axis Communications SA , Financial (Industry)
Hi-Tech Security Solutions approached a number of companies to find out what they are doing to enhance the value their security technology provides to financial companies.

Read more...
Physical access you can bank on
Issue 3 2020, Turnstar Systems , Financial (Industry)
The Citadel Security Portal is designed for use in high-security installations with standard features including automatic operation as well as bullet-resistant glass.

Read more...
T&A for Bank of Ceylon
Issue 3 2020, ZKTeco , Financial (Industry)
Bank of Ceylon deploys ZKTeco technology to centrally manage time and attendance for more than 8500 employees at 628 branches.

Read more...
Know your customer’s face
Issue 3 2020, ZKTeco , Financial (Industry)
Biometric facial recognition is becoming the most powerful way to secure identity verification and authentication.

Read more...
Safe premium collections in cash
Issue 3 2020 , Financial (Industry)
Local company RubiBlue has developed a solution to the problem of cash collection for premiums and subscription fees called easiPoint.

Read more...