Many organisations across SA have introduced modern access control technologies to cut the losses caused by economic crime in the workplace. For example, within access, attendance and payroll solutions, the use of fingerprint-based identity control is now commonplace in environments ranging from mines and factories to warehouses and ports.
The proven business benefit being delivered by this technology is straightforward: it cuts the recurring losses caused by unauthorised access and activity. In terms of ROI, the technology not only pays for itself, it provides on-going returns through continued loss reduction.
Marius Coetzee of Ideco Biometric Security Solutions champions identity control as a practical business discipline that can deliver immediate returns in terms of risk reduction and loss prevention.
Many of us are familiar with fingerprint applications in the workplace and we have seen their widespread use as a replacement for traditional access cards and PINs within access systems as well as in time and attendance solutions. Coetzee says that we should now perhaps be looking at fingerprint applications beyond the proven successes within these two specific areas of workplace security. He says, “Identity is at the heart of almost everything we do in the workplace and is an integral part of so many business processes.
“The recent cyber theft of R42 million from Postbank illustrates the dangers of inadequate identity control and clearly shows us how identity impacts so many other areas of our working lives beyond physical security and payroll management.”
Failures can be costly
The Postbank theft provides two examples of how identity was abused in order to perpetrate the crime. It seems that towards the end of 2011 the villains opened multiple bank accounts using false identities. These mule accounts would later be used to receive the funds that were transferred to them at the start of the new year. This represents an initial failure in identity control – the processes that govern account opening were apparently unable to accurately verify the identities of the people opening them.
The second identity control failure appears to have occurred in the transfer of funds from Postbank to the mule accounts. Media reports early in January suggest this was achieved by the exploitation of bank employees’ IT access credentials. Once the mule accounts were established, it seems that the passwords of Postbank staffers from Rustenburg were used to increase withdrawal limits on the mule accounts and to make fraudulent transfers to them.
R42m in cash was then apparently withdrawn from ATMs across the country during the first three days of 2012. Postbank acknowledged the theft in mid-January and the government has set-up a team to investigate.
A security culture
From the point where a person is considered for employment, through to when then they leave a company, Coetzee suggests that they should be included within a programme of identity control. “The first step is to confirm their identity and carry out some background screening.
Further identity-based controls should then be applied to govern who can do what, when and where. Coetzee points out that the effectiveness of such policies is entirely dependent upon being able to identify the employee accurately and consistently and to create an irrefutable identity trail.
And this is where fingerprint-based identification makes an enormous contribution to the whole process of identity Control. “Traditionally, organisations have relied on access cards, PINS and passwords to identify their employees,” says Coetzee. “But this creates a fundamental weakness in the process because anyone can use your card or your password.
One area where increased identity control is obviously critical is within corporate IT systems – which are almost universally protected with nothing more than a password, PIN or card. Since these credentials are constantly exploited to enable illicit access and activity – from making fraudulent payments to stealing sensitive data, Coetzee says: “It would make sound commercial sense to remove this glaring loophole in workplace security by replacing traditional IT access credentials with fingerprint-based identity control.”
| Tel: | +27 12 749 2300 |
| Email: | [email protected] |
| www: | www.ideco.co.za |
| Articles: | More information and articles about Ideco Biometrics |
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version