A secure way for banking

Losing data is as bad as losing money. The '2014 Cost of Data Breach Study' released by the Ponemon Institute reveals that the average cost of data breaches to a company is $3.5 million, 15 per cent more than what it cost last year

In mid-December 2013, US retailer Target experienced a colossal security breach and reported that debit and credit card information of 70 million Target customers was exposed to hackers. This news came on the heels of another massive data breach at Adobe that potentially impacted at least 38 million users and exposed their account information, including encrypted customer credit card records, as well as login data to hackers and social engineers. For companies throughout the world, data breaches are occurring with alarming regularity.

Banks have every reason to be doubly cautious. The 2014 Unisys Security Index identified identity theft as the leading area of security concern globally. It is one of the top areas of concern in 10 of the 13 countries surveyed. Bank card fraud is also a leading issue, with concerns about unauthorised access to credit or debit card information being one of the top areas of concern in 10 countries.

This is where multi-factor authentication comes in.

While the breach at Target was traced back to a malware attack resulting in stolen network credentials at one of Target's vendors, the incident has forced financial institutions to revisit their authentication and layered security systems and processes for their customers, employees, and vendors - anyone with access to internal systems. Authentication techniques have certain limitations, which, if adequately addressed, could have prevented several of the high profile breaches. Indeed, the severity and variety of attacks call for a multiplicity of authentication measures. Multi-factor authentication (MFA) - a technique for enhancing security systems using two or more unrelated forms of authentication to verify that a user is who they say they are - helps financial institutions take a zero trust approach to fraud and threats.

How does it work?

Security experts have long called for authenticating transactions using three factors - something you know (password); something you have (credential or token); and something you are (facial recognition, voice). As financial transactions get more personalised and comfortable with biometrics, banks can start looking at a scalable identity framework that integrates fingerprint, face, iris and signature for identification, verification, and watch lists.

In recent years, several innovative ideas have gone into MFA to increase its effectiveness. Further, iris recognition has seen rapid improvements, and is today used in large mainstream implementations for national identity schemes in India and Mexico. Facial recognition systems are also being improved to overcome sensitivity to image quality (for instance, lighting, angle, resolution and obstructions).

MFA, as a solution, needs a framework. Security must be balanced with facilitation and convenience. The security market is flooded with thousands of vendors providing frameworks for various biometric security solutions. An ideal framework provides an effective and efficient mechanism that can closely integrate with the traditional authentication system. Banks especially need a state-of-the-art, component-based, product-line architecture that uses a flexible workflow engine and technologies for image capture, biometric identification and secure document production and issuance.

Organisations must also educate their employees in security best practices and ensure that they know their role in securing business data.

In sum, the era of zero trust has necessitated the use of layered security solutions based on a secure framework that ensures optimum security. All businesses, big or small, for-profit or not need to ensure they incorporate tools and technologies that make themselves a harder target for internal and external threats.

By John Kendall, security programme director, Unisys Asia Pacific