Biometric banking

By Catherine
Share on LinkedInTweet about this on TwitterShare on FacebookShare on Google+

By Catherine Bolgar

The next frontier for security is likely to arrive at your bank soon: biometric verification of your identity—and you may or may not be aware of it. The global banking sector is expected to spend $2.2 billion (€1.9 billion) on biometrics this year, according to Biometrics Research Group Inc.

Fingerprints, facial recognition and iris patterns are among the methods that could be used, thanks in large part to smart phones that already use fingerprints and that have cameras that can capture information for the second two. Other methods include vein patterns (in fingers, in palms and on the back of one’s hands) and even a solution under development that recognizes the ear cavities of a person by the resonance of sound, says Christy Lin, analyst with TrendForce, a Taipei-based provider of market intelligence on technology industries.

Issues include the cost, ease of use and the amount of time needed to capture the biometric, says Anil Jain, professor of computer science and engineering and head of the biometrics research group at Michigan State University in East Lansing, Michigan. Fingerprints and facial and voice recognition are convenient already. The iris is very accurate and becoming more convenient as more phones incorporate iris readers.

Authorization is faster than presenting a card to a sales clerk and having them swipe it,” says Jain. “It takes three to five seconds.”

There are two ways to create the link between you and your payment data for biometric payments, says Lorenzo Gaston, technical director at the Smart Payment Association, an industry group based in Munich. In either case, a biometrics device captures your biometrics—for example, taking a picture or a fingerprint—then digitizes it, and compares it with biometrics you already registered and enrolled with your payment data.

In one case, you use a device that stores your original biometrics. “Typically, it’s a chip card and it decides whether biometrics captured are close enough to what was enrolled the first time for that particular person,” Mr. Gaston says. The storage device also could be a secure element in your mobile phone. This is similar to using a super-PIN, which is stored only in your personal device under your exclusive control.

A second way is to send the captured biometrics information to an online database storing all the enrolled biometrics data from the users. In that case, a remote server decides whether the right person is gaining access. “The problem in that case is the biometrics are stored in a central database. Biometrics [is] considered very personal information. If somebody manages to hack into that, they can impersonate you,” he says. Resolving the problem could be tricky.

You can change a password, but you cannot change your face or your fingerprint.”

Alternatively, a hacker might change the information, replacing the real biometrics with the hacker’s.

“Online databases must have very strict access-control mechanisms,” Mr. Gaston says. That’s why from a security and privacy perspective, the storage and comparison of the biometrics in your personal tamper-resistant device (chip card, secure element in a mobile phone) is by far a preferable solution, he says.

Financial institutions have tight enough security that breaking in involves a significant investment of time and money, and encryption can further tighten safety, says Darci Guriel, professor of computer information technology at Northern Kentucky University in Highland Heights, Kentucky.

As a result, the people trying to break into accounts aren’t aiming for mass hacking but are grifters, targeting one account at a time. “They’re looking for the weakest link, and the weakest link in banking is people,” Prof. Guriel says.

That could mean winning over a customer-service agent to get a PIN reset. Or finding enough information online to be able to answer private questions necessary to change a password. The elderly often are targeted.

“Biometrics are there to help,” she continues. “To break into a single account at a time, nobody is going to have plastic surgery.”

Some things about you don’t change with age or even surgery—the space between your eyes and that across the bridge of your nose is unique, as is the depth of your eye sockets. For a voice, the sinus cavity and vocal cords don’t change. “The pitch might change, the tone might change, but the physical attributes—which are what get measured—stay the same,” Prof. Guriel says.

Banks probably already have or can easily get your biometrics, she notes. ATMs have cameras. Phone calls are recorded. They can find your picture online.

Some consumers worry that biometric authentication systems would be incapable of distinguishing between living and faked or preserved biological tissues, notes TrendForce’s Ms. Lin. “Biometric recognition systems that only authenticate living tissues would prevent the hypothetical scenario where criminals can use severed body parts (e.g., fingers) to steal money or access sensitive information,” she says.

Making fake biometrics isn’t easy, and phone companies—at the forefront of biometric technology—are making phones harder to spoof, Dr. Jain says. “You can’t just present a photo of me when it isn’t me live. Security is a cat-and-mouse game. Fraudsters will try to circumvent it, and security guys have to come up with ways to fix it.

 

Catherine Bolgar is a former managing editor of The Wall Street Journal Europe, now working as a freelance writer and editor with WSJ. Custom Studios in EMEA. For more from Catherine Bolgar, along with other industry experts, join the Future Realities discussion on LinkedIn.

Photos courtesy of iStock

Hey partner, can you keep a secret?

By Catherine
Share on LinkedInTweet about this on TwitterShare on FacebookShare on Google+

By Catherine Bolgar


Original equipment manufacturers (OEMs) in aerospace and defense depend more than ever on suppliers to deliver innovation. That means sharing information and collaborating closely with third parties.

How can companies protect their intellectual property (IP) in such a fluid environment? The stakes are especially high in aerospace and defense, where technology is key to being competitive and is costly to develop. In addition, the nature of these sectors makes it difficult to apply some of the best practices used elsewhere to protect trade secrets.

“Aerospace and defense companies are somewhat unique in a couple of ways,” says Pamela Passman, president and chief executive officer of the Center for Responsible Enterprise And Trade, or CREATe, a Washington-based nongovernmental organization that helps companies around the world prevent piracy, counterfeiting, trade-secret theft and corruption. “There is the importance of collaboration and sharing across the supply chain” in general, she says. In addition, “there are incentives, at least in the U.S., in Department of Defense procurement to involve small and medium-size enterprises. Increasingly, it’s a highly regulated procurement space. That includes regulations around cyber risk.”

SMEs often are too small and unsophisticated to have adequate cyber and management controls to protect IP, Ms. Passman notes. If they are growing very fast they may not be as rigorous in vetting or training new hires as are some other institutions.

Larger institutions often have someone in charge of protecting IP. “Usually it’s part of the legal or research and development function,” she says. “We recommend having a cross-functional team that includes IP, R&D, cyber security, procurement and supply chain and human resources.”

Human resources’ involvement is important because insiders—who might be direct employees or contractors of either the OEM itself or suppliers—commit a lot of IP theft. A Feb. 2014 report by CREATe and PwC estimated that trade-secret theft amounts to 1%-3% of U.S. gross domestic product. “It’s significant,” Ms. Passman says. The U.S. Federal Bureau of Investigation made a film, “Company Man,” to educate companies about protecting trade secrets.

New hires usually sign agreements not to divulge IP, but those requirements need to be reinforced throughout their employment as well as when they leave the company, she says. That goes not only for employees of OEMs, but also for those of suppliers.

Companies need to be clear about what is protected IP:

It’s only a secret under the law if a company takes reasonable steps to keep it secret,” Ms. Passman points out.

Employees, especially scientists and authors of software, frequently look at their work the way artists do, assembling portfolios of their output to show to prospective employers. The problem is, under most [U.S.] state laws, when the employee creates their work in the course of their employment, the employer owns that work and it sometimes contains trade secrets, says Claude M. Stern, co-chair of the intellectual property litigation practice in the San Francisco office of at Quinn Emanuel Urquhart & Sullivan LLP, an international litigation-only law firm.

Employees might not be acting maliciously or with willful intent, but they would still be subject to a suit, Mr. Stern says, adding, “Companies are relatively rigorous about looking at their markets and who’s doing what. When a company comes up with something out of the blue that’s similar to my secret, I’m going to look at who’s working there.”

One way to protect IP is to be careful about who is privy to it and not to provide all the critical IP to one key supplier. However, companies in specialized sectors like aerospace and defense might not have a multitude of supplier choices. “In the global supply chain, sourcing is very challenging,” Ms. Passman says. “Certain materials or components may only be available in certain parts of the world.”

Companies also have conflicting priorities. While having multiple suppliers might better protect IP, many companies are reducing the number of suppliers in order to cut costs, according to a report by consulting firm Oliver Wymans. Aerospace and defense OEMs are pushing more responsibility and risk onto suppliers, and entrusting them with complete modules and systems, as well as R&D and innovation.

“In order to develop technology, it’s almost inevitable that the developer will disclose trade secrets to its vendor,” Mr. Stern says. “The question is, under what conditions? The protections are, or should be, in the contract.”

Patents help protect IP, but companies also need to protect evolving R&D that isn’t yet ready for patent application, or IP they don’t want to share at all.

Recourse for trade-secret theft can be difficult. The U.S. Defend Trade Secrets Act of 2016 took effect in May, giving companies greater ability to fight IP theft. The law lets companies file civil lawsuits in federal court; previously they had to sue in state courts, where laws varied. The federal government can file criminal charges for trade-secret theft.

The European Council adopted a directive on trade secrets in May to harmonize laws across the EU. Member states have two years to adopt legislation in line with the directive.

Some industries, such as those in mobile phones and business software, sue more frequently than others to protect trade secrets. Defense companies, by contrast, “are frequently, but not always, loath to sue their contractors,” Mr. Stern says. “They’re so close to their partners, they feel it would be mutually assured destruction. But in the appropriate case, we do see lawsuits, even among business partners.”

 

Catherine Bolgar is a former managing editor of The Wall Street Journal Europe. For more from Catherine Bolgar, contributors from the Economist Intelligence Unit along with industry experts, join the Future Realities discussion.

Photos courtesy of iStock

The IoT: Friend or Foe?

By Alyssa
Share on LinkedInTweet about this on TwitterShare on FacebookShare on Google+

wrist screenshot for 3DP

The internet of things (IoT) is transforming everyday physical objects that surround us into an ecosystem of information that is rapidly changing the way we live our lives. From refrigerators and cars, to parking spaces and houses, IoT is bringing more and more items into the digital fold every day. Our homes, to give one example, could soon be tracking everything we do on a daily basis – from locking and unlocking the front door, to automatically ordering the groceries when the fridge is empty.

Whether we want, or are indeed ready, for this new level of automation, is another matter. But it won’t be long before it is the norm and a new evolution in technology once again changes our lives as we thought we knew them.

Olivier screenshot for 3DP with name
For Olivier Ribet, vice president of Dassault Systemes’ High Tech Industry, the key question is: “how do you determine when you allow [IOT] devices to take decisions on your behalf and when don’t you?”

So far, all of these objects have explicitly asked you ‘do you want me to do that for you?’ Now, more and more, you start to see people saying we shouldn’t even question [devices taking decisions our behalf],” Ribet says.

Projections are telling us that within the next decade the internet could connect as many as 200 billion things – and not just machines such as cars or household appliances, but anything that you can fit a chip or sensor into – including humans. While these IoT devices should make life simpler, even healthier, can we trust them to look after us?

This is the question at the core of a new series, What’s Next in the Internet of Things?  We invite you to check out the video, article and infographic that explore the impact IoT devices on humankind.  Can they really change how we interact with one another?  Will they truly keep us more safe – or do they open us to new privacy concerns?  How can testing via the 3DEXPERIENCE platform help companies who are creating these innovative devices better understand every possible and unprecedented scenario before we use the products in real life?

Catch the entire series here, and let us know in the comments below what you think!

 

NOTE: The video, infographic and article were first published as an Advertisement Feature on bbc.com and were created by the BBC Advertising Commercial Production team in partnership with Dassault Systèmes.

 



Page 1 of 212