The enemy within?

March 2012 Access Control & Identity Management

Many organisations across SA have introduced modern access control technologies to cut the losses caused by economic crime in the workplace. For example, within access, attendance and payroll solutions, the use of fingerprint-based identity control is now commonplace in environments ranging from mines and factories to warehouses and ports.

The proven business benefit being delivered by this technology is straightforward: it cuts the recurring losses caused by unauthorised access and activity. In terms of ROI, the technology not only pays for itself, it provides on-going returns through continued loss reduction.

Marius Coetzee of Ideco Biometric Security Solutions champions identity control as a practical business discipline that can deliver immediate returns in terms of risk reduction and loss prevention.

Marius Coetzee
Marius Coetzee

Many of us are familiar with fingerprint applications in the workplace and we have seen their widespread use as a replacement for traditional access cards and PINs within access systems as well as in time and attendance solutions. Coetzee says that we should now perhaps be looking at fingerprint applications beyond the proven successes within these two specific areas of workplace security. He says, “Identity is at the heart of almost everything we do in the workplace and is an integral part of so many business processes.

“The recent cyber theft of R42 million from Postbank illustrates the dangers of inadequate identity control and clearly shows us how identity impacts so many other areas of our working lives beyond physical security and payroll management.”

Failures can be costly

The Postbank theft provides two examples of how identity was abused in order to perpetrate the crime. It seems that towards the end of 2011 the villains opened multiple bank accounts using false identities. These mule accounts would later be used to receive the funds that were transferred to them at the start of the new year. This represents an initial failure in identity control – the processes that govern account opening were apparently unable to accurately verify the identities of the people opening them.

The second identity control failure appears to have occurred in the transfer of funds from Postbank to the mule accounts. Media reports early in January suggest this was achieved by the exploitation of bank employees’ IT access credentials. Once the mule accounts were established, it seems that the passwords of Postbank staffers from Rustenburg were used to increase withdrawal limits on the mule accounts and to make fraudulent transfers to them.

R42m in cash was then apparently withdrawn from ATMs across the country during the first three days of 2012. Postbank acknowledged the theft in mid-January and the government has set-up a team to investigate.

A security culture

From the point where a person is considered for employment, through to when then they leave a company, Coetzee suggests that they should be included within a programme of identity control. “The first step is to confirm their identity and carry out some background screening.

Further identity-based controls should then be applied to govern who can do what, when and where. Coetzee points out that the effectiveness of such policies is entirely dependent upon being able to identify the employee accurately and consistently and to create an irrefutable identity trail.

And this is where fingerprint-based identification makes an enormous contribution to the whole process of identity Control. “Traditionally, organisations have relied on access cards, PINS and passwords to identify their employees,” says Coetzee. “But this creates a fundamental weakness in the process because anyone can use your card or your password.

One area where increased identity control is obviously critical is within corporate IT systems – which are almost universally protected with nothing more than a password, PIN or card. Since these credentials are constantly exploited to enable illicit access and activity – from making fraudulent payments to stealing sensitive data, Coetzee says: “It would make sound commercial sense to remove this glaring loophole in workplace security by replacing traditional IT access credentials with fingerprint-based identity control.”


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Defending against SIM swap fraud
Access Control & Identity Management
Mobile networks must not be complacent about SIM swap fraud, and they need to prioritise the protection of customers, according to Gur Geva, Founder and CEO of iiDENTIFii.

Access Selection Guide 2024
Access Control & Identity Management
The Access Selection Guide 2024 includes a range of devices geared specifically for the access control and identity management market.

Biometrics Selection Guide 2024
Access Control & Identity Management
The Biometrics Selection Guide 2024 incorporates a number of hardware and software biometric identification systems aimed at the access and identity management market of today.

Smart intercoms for Sky House Projects
Nology Access Control & Identity Management Residential Estate (Industry)
DNAKE’s easy and smart intercom solution has everything in place for modern residential buildings. Hence, the developer selected DNAKE video intercoms to round out upmarket apartment complexes, supported by the mobile app.

Authentic identity
HID Global Access Control & Identity Management
As the world has become global and digital, traditional means for confirming authentic identity, and understanding what is real and what is fake have become impractical.

Research labs secured with STid Mobile ID
Access Control & Identity Management
When NTT opened its research centre in Silicon Valley, it was looking for a high-security expert capable of protecting the company’s sensitive data. STid readers and mobile ID solutions formed part of the solution.

Is voice biometrics in banking secure enough?
Access Control & Identity Management AI & Data Analytics
As incidents of banking fraud grow exponentially and become increasingly sophisticated, it is time to question whether voice banking is a safe option for consumers.

Unlocking efficiency and convenience
OPTEX Access Control & Identity Management Transport (Industry)
The OVS-02GT vehicle detection sensor is the newest member of Optex’s vehicle sensor range, also known as ‘virtual loop’, and offers reliable motion detection of cars, trucks, vans, and other motorised vehicles using microwave technology.

Protecting our most vulnerable
NEC XON Access Control & Identity Management Products & Solutions
In a nation grappling with the distressing rise in child kidnappings, the need for innovative solutions to protect our infants has never been more critical. South Africa finds itself in the throes of a child abduction pandemic.

Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.