» FIPS-201 Fingerprint Readers
» FIPS-201 Contact Smart Card Readers
» FIPS-201 Contact Smart Card &
Fingerprint Combination Readers
» See All
Biometrics and the Dutch Supreme Court:
To defend against data and identity theft the Dutch Supreme Court utilizes Zvetco Fingerprint Readers password replacement.
Verifi Express Pack!
Fast and Affordable: Get a Verifi fingerprint reader for a special low price.
» Buy Now
The New P5100 Reader.
Sporting the industries largest-based silicon fingerprint sensor, the P5100 can tackle both large and small jobs.
» Read More
Biometric system controls can be enabled using commercially available software such as bioLock™ for SAP®. This is the only product approved by SAP to lock down SAP servers, applications, transactions, even down to the field level!
Biometric system controls can be enabled using commercially available software such as bioLock™ for SAP®. This is the only product approved by SAP to lock down SAP servers, applications, transactions, even down to the field level! This software also requires the presence of Zvetco biometric scanners installed at users’ workstations or mobile devices. These devices transmit the scanned, encrypted biometric template back to the identity management software located in the enterprise host system, which then controls which functions a user is allowed to execute or which data they are allowed to view, according to their biometric security credentials and privilege level. This type of biometric control, based on “who you are”, is the most advanced security technology available today for enterprise systems. It does not replace any existing security but rather, dramatically enhances and enforces it.
BENEFITS OF ZVETCO-BIOLOCK™ SAP SOLUTION
From a computer system perspective, techniques are available to exert more stringent controls which are not based on voluntary compliance, and which use true identity management. This entails the use of biometric verification of the person logging on. A biometric credential such as a fingerprint is unique to an individual and cannot be guessed or stolen, because it is based on a person’s physiology. This category of security techniques is known as “who you are”. Organizations wishing to truly take charge of who has access to their computer system would be well advised to consider the use of biometrics instead of passwords.
Unfortunately most internal policies depend on voluntary compliance by employees, otherwise known as an “honor system”. The deterrent against non-compliance is discipline or termination, again basing the control mechanism on human ethics and emotional drivers. Experience shows that this approach breaks down from time to time when a rogue individual chooses to circumvent approved processes. In the recent case of UBS or the very similar €4.9 billion Société Générale case several years earlier, the individual may have been motivated not by personal gain but by the potential fame of achieving huge trading gains for their employer:
In several recent fraud cases involving Citigroup and Bank of America, personal gain was the driver, where bank insiders embezzled large sums for their own use. Regardless of motivation, these individuals were not prevented from their actions due to an absence of computer system controls.
The aforementioned banks have doubtlessly pursued vigorous internal investigations, of which only few details have been released in news reports. However, we have learned from those news reports that the rogue insiders drastically overstepped their credentials and falsified accounting records, meaning they set up fake transactions, fake customers or fake vendors. This would only be possible in a system based on passwords, and would be impossible in a system using biometric re-authentication as described above. While the financial institutions affected by these losses have publicly announced reexaminations of their policies, and have appealed to their employees for higher professional and ethical standards, unless biometric controls are implemented within their computer systems it is only a matter of time before another employee gives in to temptation. All organizations, whether they have experienced a loss or not, would do well to examine their business processes to identify all areas of risk, and then institute biometric control points at each area of risk.
Most users of corporate enterprise computer systems log on at the beginning of their work session with a profile consisting of username and password, and that is the extent of system control. Password use is a category of security techniques called “what you know”, in other words, a piece of information which could be acquired by anyone including an unauthorized user. The computer system has no way of knowing if the operator that has logged on is the designated user of the profile, or an impostor who has stolen or guessed the password combination. In other words, no true identity management takes place, only validation of a theoretical user profile. Given this inherent vagueness, even when insider fraud is discovered, it is often legally impossible to convict a suspect due to the circumstantial nature of password use.
Security breaches involving large losses are surprisingly common. The recent loss from unauthorized trading at UBS was $2.3 billion as announced on September 18, 2011.
The actions of a single rogue trader are blamed, and UBS has disclosed that the magnitude of the risks taken by the trader was masked by “fictitious positions”.
Granularity is Essential: Using biometric controls is not limited to the moment of logging on to a system, in fact, what happens inside the system is even more important. It should be possible to set up additional checkpoints inside the system whenever a critical activity is performed. This could mean anything involving sensitive data, or large amounts of money, or information that would be of value if stolen. For example, if a user is transferring a large sum of money, or setting up a new trading account, or opening a client’s file with all their personally identifiable information (PII) visible, these activities are critical enough to require the operator to re-authenticate with a fingerprint. This can accomplish several goals: