Secure identification and authentication

Issue 3 2020 Financial (Industry)

While a brief review of the round table is printed before this article, Nicolas Garcia from IDEMIA was unable to attend in person. Instead, Hi-Tech Security Solutions sent him some of the questions we asked the attendees and he submitted his answers in writing.

Hi-Tech Security Solutions: What is identity and what does it mean to verify someone’s identity? What does it mean to authenticate someone? Where are the two(verification and authentication) used and for what purpose?

Garcia: According to Forbes: Identity is generally accepted as an amalgamation of any or all attributes and information available that binds a persona to a physical person.

Verification is proofing, typically done during onboarding. Authentication is done afterwards, when we validate against the identity captured during onboarding.

Authentication is the process through which we prove who we claim to be. It determines if one or several of the following elements or authenticators used to claim an identity are valid and belong to the same individual previously identified.

• What I have: mobile phone, smartcard, security token…

• What I am: fingerprints, face, iris…

• What I know: password, PIN code….

Authentication occurs each time a user wants to access a service or perform transactions, such as payments, wire transfers or a contract signature. It is also used in the physical world, such as when you want to access a building.

Biometric systems offer a secure and easy-to-use solution to build the bridge between physical and digital identities. It enables enterprises to mitigate the risk of identity theft or impersonation, by ensuring the person is really who he/she claims to be and is present at the time of transaction.

Hi-Tech Security Solutions:Currently, what is the norm in commercial environments to verify and authenticate an individual’s identity when it comes to physical and digital identities?

Garcia: Today’s customers expect total convenience without sacrificing security. Because of this, we are seeing an increase in the uptake of digital authentication of an identity (physical/digital) using biometrics in both physical and digital environments.

PINs, passwords and 2-factor authentication are the more common ways that commercial organisations authenticate a person. Leveraging the power of mobile phones and their biometric capabilities (such as camera and fingerprint technology), enterprises can remotely verify their customers’ identities. IDEMIA’s MorphoWave Compact is an alternative portable biometric reader.

Hi-Tech Security Solutions: Facial recognition/verification is getting all the attention these days, but is this a reasonably secure and reliable identity verification/authentication mechanism for physical and digital security?

Garcia: Today, state-of-the-art biometrics algorithms, certified, by independent agencies such as the National Institute of Standards and Technology (NIST) and leveraging machine learning capabilities, outperformed average human capabilities when it comes to recognising unfamiliar faces.

Nicolas Garcia.

The ideal solution is to combine man and machine to achieve the best results. Also, 3D facial recognition technology is one of the best ways to neutralise environmental conditions and reach better results than 2D information.

For a financial services provider, it may not be reliable enough to solely rely on one type of information to verify the legitimacy of an individual identity claim. Indeed, they may lack some type of information, for instance their credit history may be limited, they may lack some ID documents or, in some cases, they may not wish to share their biometrics. Besides, static Personally Identifiable Information (PII) may have been compromised. Furthermore, data available and validation requirements depend on the geography and regulations. That’s why a reliable digital identity requires a layered identity-proofing approach.

Organisations can pick and choose which of the layered measures to take based on their customers’ profiles, their risk policy and identity assurance requirements. Such a multi-layered onboarding approach uses a combination of identity document authentication and biometric verification and other background checks.

Hi-Tech Security Solutions: When it comes to financial institutions, what are organisations these days doing to more accurately verify/authenticate customers’ identities to avoid issues like people opening bank accounts under false names etc.?

Garcia: With fake accounts being a major concern for financial institutions, biometrics deduplication is crucial for fighting against fraud. It enables service providers to check whether a unique individual has opened multiple bank accounts under different, false names.

Financial institutions could also rely on mobile operators for risk scoring, to help their fight against identity theft and account takeover. In fact, many banks rely on a customer’s mobile phone as a method of verification. When logging into an account, customers are often asked to verify their identity through an SMS OTP (one-time password).

Leveraging in-branch biometric devices or readers, a bank can match a customer’s biometrics against their ID to verify a customer (or potential customer) that they are who they claim to be.

Hi-Tech Security Solutions: What is happening in terms of remote and mobile identity verification/authentication? As companies try to reduce ‘in-person’ visits and encourage people to transact via the Internet or their mobile devices, how are they trying to ensure the person is who they claim?

Garcia: Adopting a multi-layered approach, combining ID document authentication, biometrics and liveness detection and more, enables banks to reconcile security, compliance and user experience.

For example, a bank would typically mix different technologies and methods in their processes, depending on the level of security required for respective applications/requests. Some banks might agree that a PIN code might be secure enough to give access to an account balance, but a combination of face and code might be preferred for transfer of a large amount of money. In addition to that, banks might limit sensitive transactions to pre-approved devices only.

Hi-Tech Security Solutions: What about privacy? Should we give up the idea that we have any? If not, how can we retain some privacy without negatively impacting security? How does the industry support privacy while still producing identity technologies?

Garcia: People have a right to their own privacy and when it comes to facial recognition and biometrics, they need to be assured that a proper policy framework is in place to safeguard their data and restrict who has access to it and how it can be used. Public and private entities have to collaborate to define this regulatory framework.

The solutions developed by IDEMIA incorporate privacy by design principles. This protects consumers and guarantees the highest possible level of data protection that can be used for identity verification and authentication technologies.

Security and respect of data privacy are in the DNA of IDEMIA. As such, our biometric access control products comply with a wide range of industry and privacy regulation, including the recently adopted GDPR, the European data regulatory framework. This places the end-user at the centre of all consideration. Our systems only keep absolutely necessary information required in an encrypted form, called a template, which cannot be reverse engineered to recreate a face or a fingerprint and can be deleted on demand. To add to that, it is important to offer an end-to-end encryption solution to ensure that data remains safe.

Nicolas is the sales director for biometrics terminals at IDEMIA, leading the business in the Middle East and Africa region. An expert in the topic of biometric access technology, Nicolas also penned a book explaining the technology terms to the man on the street.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Deposita's Digitisor SmartPOS devices can grow your business
Deposita Financial (Industry) Asset Management, EAS, RFID
The Digitisor N910 Pro and N700 SmartPOS devices are suited for SMME retailers and suppliers looking to enhance their customer payment experience.

The $600 000 question
Cyber Security Security Services & Risk Management Financial (Industry)
Usman Choudhary, chief product officer of VIPRE Security Group, advises companies to do the basics to protect themselves before looking for cyber insurance.

The benefits of contactless biometrics
IDEMIA Residential Estate (Industry)
IDEMIA displayed its biometric fingerprint and facial readers, focusing on touchless technologies for estate security.

Biometrics deliver added benefits to residential estates
IDEMIA Residential Estate (Industry) Access Control & Identity Management
For years, South African estates have enjoyed the convenience and security of contact biometric technologies, and now they have evolved to offer contactless options for more than access control.

eCommerce losses to online payment fraud to exceed $48 billion
Editor's Choice News Security Services & Risk Management Financial (Industry)
A new study from Juniper Research has found that the total cost of eCommerce fraud to merchants will exceed $48 billion globally in 2023, up from just over $41 billion in 2022.

SABRIC releases annual crime stats for 2021
Editor's Choice News Financial (Industry)
SABRIC, the South African Banking Risk Information Centre, on behalf of the banking industry has released its annual crime stats for 2021.

IDEMIA and Ideco demonstrate their value stacks
Technews Publishing Ideco Biometrics IDEMIA Conferences & Events Access Control & Identity Management News
Ideco and IDEMIA recently hosted a travelling show where attendees were given an update on the companies, as well as the full value stack they offer.

Africa’s largest data centre obtains internationally accredited certifications
News IT infrastructure Financial (Industry)
Africa Data Centres has strengthened the integrity of its day-to-day running by acquiring ISO certifications through the internationally recognised authority in ISO certification, the British Standards Institution South Africa (BSI).

Fire safety in financial organisations
Financial (Industry) Fire & Safety
The data that drives modern finance is physically stored and processed by banks of equipment in cabinets where they give off a significant amount of heat as a side effect to their furious electronic activity.

Keeping a constant eye open
Secutel Technologies Financial (Industry)
A cash management process involves several moving parts, each of which is important to the success of avoiding cash theft by internal staff or external people. Financial institutions must protect their ...