Beruflich Dokumente
Kultur Dokumente
Overview
Current authentication systems Gateways for biometrics Biometrics being used:
Fingerprints Signature Vein Pattern Hand Geometry Voice
Future directions
Bank Authentication
Token based
ID Card
Signature
Fraud in Banking
Internal fraud Employees attempting to withdraw money from a customers account without their consent External fraud An individual assumes the identity of a customer of the bank in order to withdraw money from the account One in twelve online consumers surveyed said they have been victims of identity theft2 1.13 percent of all online transactions are lost to fraud2 Estimates have shown that 70% of fraud is internal1 Financial institutions in the United States lose about $12 billion a year in check fraud (US News & World Report 2001)
1Atalla
Fraud Examples
On 3 February 2005, a Miami businessman filed suit in a U.S. circuit court against Bank of America (BoA). He claimed BoA failed to adequately protect him against risks related to the online theft of $90,000 from his small-business bank account
Online thieves launched a wire transfer out of his account using access credentials stolen from his infected PC. Most regulations for bank accounts, established before the age of cyber crime, dont account for such activity. The customer had reportedly installed a firewall, but the thief got through anyway
Fraud Examples
One con, while in jail serving a state prison term for credit-card theft, actually perpetrated yet another credit card scam over a seven month period, using a technique that allowed him to hide the fact that he was calling from jail He would start off by calling the county-run nursing home saying he was a Bell Atlantic technician to connect to an outside line He then called businesses to get names and phone numbers of customers He tricked the customers to give him personal information He then requested credit cards using this information to make about $25,000 worth of purchases
Network Security
Security of the banks infrastructure, controls what activities specific individuals or job functions have access to
Access Control
Protecting the physical security of facilities (vaults, safety deposit boxes)
Background Checks
Protect against internal fraud and illegal transactions with applicant background checks
Current Systems
Fingerprints
Most commonly used biometric in the banking industry Used in all areas of the banking industry
Transaction security Network security Access control Background checks
Advantages
Equipment is cheap Highly accurate
Disadvantages
Criminal stigma Universality
Example
Banco Azteca: the first bank to be opened in Mexico since 1995 Allow people with limited incomes that live in poor and rural communities to establish a bank account for the first time.
Sparseness of banks No form of authentication (drivers license) Account ID cards were often lost or stolen
Many customers were farmers and construction workers whose prints were damaged and worn
1 out of 4 people failed to enroll because of low quality prints
Example
Bank of Central Asia (BCA) in Indonesia has around 8 million customers throughout the country
Incorporated Identix fingerprint systems to secure the processing of high-value electronic fund transactions
If a large transfer is initiated, the teller and possibly a supervisor need to be authenticated by the system before the teller can finalize the transaction
Non-repudiation: the teller cannot deny performing the transaction
Duress finger
If under duress, the teller can authenticate with a duress finger (alerting the police)
Example
Deutche bank is a European financial service provider with ~65,000 employees Installed AC Controls security to establish biometric access to their building
Fingerprint readers determine who can enter their offices and also restricts what areas each person can access
Problem:
A one day visitor would need to enroll with the bank, to gain access to parts of the building Consumers may be reluctant to enroll their biometrics with multiple organizations Morpheus technologies: develop a network of secure, licensed enrollment facilities
Standardization + Interoperability
Example
ING Direct installed live-scan fingerprint readers that channel electronic submissions to the FBI IAFIS database (Identix)
Before background checks took 4-5 weeks
While waiting, the prospective employee would be trained If the results effect the hiring, much money was wasted during training
Voice
Main advantage over fingerprints: Works remotely (by phone), without special readers Used for transaction security Verifying the customer is the rightful owner Disadvantage Can be affected by outside noise
Example
Banco Bradesco, South Americas largest private bank Incorporated Nuance technology to deploy a speech-enabled bill payment system
Can handle more than 300 simultaneous callers
Bill Payment
Enroll: (account number) Verify: Speak their account number Read the 48 digit bar code on the bill Then the system, extracts the payee, customer name, due date, and the payment amount Able to recognize accents and dialects of all Portuguese speakers in Brazil
Example
Chase Manhattan Bank In bank transactions
Enroll with a standard phrase When entering the bank
Go to a podium housing a modified telephone Swipe the bank card (identification) Speak the standard phrase (verification) Receive a receipt to present to teller
Able to pull the customers file before they get to the teller
Performance
Reported False Reject Rates of 2%
Signature as a biometric
One of the most ancient forms of identification
Sumerians used intricate seals applied to clay cuneiform tablets to authenticate their writings. Documents were authenticated in the Roman Empire (AD 439) by affixing handwritten signatures to the documents. In 1677 England passed a an act to prevent frauds and perjuries by requiring documents to be signed by the participating parties.
Non-invasive, universal, and highly unique to all users Fast and easy to enroll and verify users no need to learn new skills
http://www.flnotary.com/PrintForms.asp
Signature as a biometric
False reject rates may be high
Dynamic nature of signatures can make it difficult for the user to match the template
www.bankhapoalim.com http://www.signature-perfect.com/uk/f_left.htm
http://www.dealtime.com/xPF-Interlink_EPAD_INK_W_ESIGN
http://www.eyenetwatch.com/biometric_users/Bank_Hapoalim_Case_Study.htm
http://www.jetro.go.jp/en/market/trend/market/docs/2005_02_palms.html
Suruga Bank
Chose vein pattern recognition to increase security of over the counter transactions
http://www.veid.net/default.htm
http://www.veid.net/Product/default.htm
Hand Geometry
Hand Geometry
Based on measurements of the hand Robust to environmental changes Easy to use Ageing, deformities may affect verification
http://www.biometricsolutions.com.au/Hand%20Geometry.htm
http://www.recogsys.com/news/casestudies/cs08.htm
Conclusions
Biometrics are already being used in banks around the world:
North and South America, Europe, and Asia
These systems can be applied to virtually every aspect of the banking industry:
Transaction Security Employee attendance Network and Database Security Access to facilities
References
http://www.eyenetwatch.com/biometric_users/Bank_Hapoalim_Case_Study.htm http://www.penflow.com/ http://pr.fujitsu.com/en/news/2003/03/31.html http://www.veid.net/Product/default.htm http://www.findbiometrics.com/Pages/financial_articles/financial_3.html http://www.recogsys.com/news/casestudies/cs08.htm http://www.tml.hut.fi/Opinnot/Tik-110.501/1998/papers/12biometric/biometric.htm