Biometrics: the game changer in access control

Biometrics is enabling a future in which authentication and access control is seamless, reliable and risk-free

By Marius Coetzee, CEO of South African Identity management experts Ideco

The principle of using technology for access control is not new – from the first keys to unlock doors, through to cards, access pins and early biometrics – enterprises and individuals have been using it to secure and gain access. What’s changing fast, however, is the way in which identity is confirmed and access is authorised. Advanced biometrics and integrated systems are enabling a revolutionary new way of managing access, which is so effortless, reliable and accurate that users barely know it is there.

Systems such as the new Morpho Wave Compact biometrics reader, which is on display at Securex this week, illustrate how far biometrics has come and what becomes possible in future. This unit, which could be described as the Rolls Royce of biometrics systems, simply requires a person to wave their hand through the device, which then scans four fingers for rapid and accurate identification.

Advanced new biometrics systems like these are being harnessed in integrated, seamless authentication and access control pilot projects around the world, enabling risk free, accurate authentication and unprecedented convenience for individuals. For example, travellers arriving at an airport might have their passports scanned, and thereafter be able to pass through security gates based on fingerprint or facial recognition data from their passports. In the back end, the system could notify the country that the traveller has arrived, and also communicate with the car rental company, which then automatically pings the traveller’s phone with information about where they should collect their rental car. The traveller uses a mobile selfie or biometrics to initiate unlocking of the car, so avoiding queues and lengthy paperwork. These processes become so seamless as to be almost invisible, completely changing the traveller’s experience at the airport.

Advanced biometrics systems can integrate a number of modalities to deliver previously unheard-of efficiency and user experience, fit for purpose whatever the environment. It should be noted however, that not all biometrics modalities and systems are suited to all applications. For example, fingerprint biometrics would not be the ideal choice for call centre use; whereas voice recognition might be very effective in this environment and ’selfie’ facial recognition tools might also be integrated to authorise smaller financial transactions. To select the appropriate biometrics systems for the use case, the enterprise must strike a fine balance between modalities, risk and customer experience.

Whatever biometrics modalities, systems and algorithms the enterprise harnesses; it’s clear that we are now entering an ERA in the biometrics space in which authentication and access control are completely Effortless, Reliable and Accurate. The authentication takes place with just a wave of a hand or by walking past a facial recognition terminal, making the identification process almost invisible. And because biometrics is such a mature technology, its reliability is proven and its cost of ownership has been significantly lowered. In fact, Ideco has customers who have been using the same systems for ten years. In addition, high quality biometrics systems are completely accurate and risk-free; capable of using more than one modality to identify and authenticate a person with 100% level of trust within milliseconds.

Advertisements
Posted in Ideco News

POPIA and electronic visitor identity management in SA

Identity management expert Ideco has announced a significant upgrade to its cloud and mobile-enabled Electronic Visitor Identity Management (EVIM) solution, which makes next-generation visitor management and compliance available to even the smallest sites.

Ideco, long the pioneer for advanced access and identity management solutions in South Africa, has yet again raised the bar for secure, efficient and cost-effective visitor identity management. Building on the successful 10-year track record of the original EVIM system, which has processed over 12 million visitors to date, Ideco is launching its new, enhanced EVIM system with additional features and advanced new functionality.

Set to be available officially in March this year, the new Ideco EVIM system brings to market new third-generation terminals, as well as an entry-level option utilising smartphone technology. The cloud-based system also automates compliance and eliminates the risks inherent in traditional visitor management systems.

“Visitor identity management is a requirement in terms of the Occupational Health and Safety Act,” says Ideco CEO Marius Coetzee. “It is important from a safety perspective at residential estates, but is also crucial at sites requiring stringent security and higher risk sites such as construction areas, where a detailed log of all visitors must be kept and stored for as long as 30 years. However, many estates, office blocks and other facilities still rely on outdated access technologies or even on paper-based visitors’ books – the bane of visitors everywhere.”

The paper-based visitors’ book, often dirty and inconvenient to fill in, can cause delays at the boom and can put visitors’ personal information at risk of being copied. This presents major compliance risks in terms of the Protection of Personal Information (POPI) Act and in some cases is used in identity fraud.

Ideco’s new EVIM solution puts secure and efficient visitor access management into the hands of sites of all sizes: from a ‘Bring Your Own Device (BYOD) version using a smartphone to process information, to a new terminal with embedded biometric fingerprint reader, to the high-end tablet version with embedded fingerprint reader. The EVIM system connects directly to the cloud, so that all data is securely recorded and accessible only by authorised personnel.

“Our return on investment assessments on live sites have indicated that the costs of the paper-based visitors’ book system, if managed responsibly and stored correctly, is equivalent to the costs of investing in our EVIM digital system,” says Coetzee. “There are however no comparrison regarding the quality of the data recorded

The new EVIM systems offers four key benefits:

Improved security and protection of personal information: once the visitor’s entrance has been authorised, the terminal will open the gate or boom, limiting control by the security guard. With no visitor data stored on-site, personal information is fully protected and stored securely in the cloud in line with national regulations and site requirements.

Improved visitor experience: Using unique QR codes generated by the EVIM system, sports facilities, event organisers and individual hosts can supply guests with personalised access tags directly to their mobile phones, allowing for risk-free and effortless access to the site.

Improved efficiency: with visitors’ lanes considered costly real estate, the speed at which visitors can be processed at entrances is critical. In addition to reducing the time needed to authorise access through unique QR codes and fingerprint scanners, the Ideco EVIM system allows for the registration of certain categories of visitors – such as contractors working on site, for example – to speed up processing their access.

Major cost savings: The cost of maintaining electronic systems dependent on unique access codes or PINs, as well as telephonic confirmation between the guard house and host, can amount to hundreds of thousands of rands per month in a large residential estate. Because Ideco’s new EVIM system is fully app-based, the costs of SMSes and calls between guard house and host can be eliminated.

“The new EVIM system is Ideco’s latest identity and access management innovation, offering targeted next generation solutions designed to meet the unique needs of the South African market,” says Coetzee.

Ideco, a pioneer in identity management solutions, is leading efforts to introduce advanced new identity management systems to South Africa to reduce the risk of fraud and identity theft. For more information, visit www.ideco.co.za

Posted in Ideco News

Do villains care about biometrics?

Inadequate biometrics systems could be creating a false sense of security in banks, security estates and office blocks, and in effect rolling out a red carpet to criminals.

By Marius Coetzee, Managing Director of leading identity fraud solutions provider Ideco

Biometrics-based security devices, in particular fingerprint readers, are now widely in use across South Africa. But in many cases, they could be creating a false sense of security among enterprises, and worse – serving to enable criminal activities.

This is because not all fingerprint readers are created equal. Although all fingerprint readers use minutiae points to match fingerprints, not all have the ability to detect the difference between real minutiae of a fingerprint and spoofed minutiae. Typically, enterprises investing in fingerprint readers believe the biggest risk facing them is a scenario in which a fraudster or criminal replicates someone else’s finger or fingerprint, and uses it to gain access to a premises or to authenticate their identity. But because most fingerprint readers are manned by cashiers, tellers or security guards, the chances are slim that the fraudster will have an opportunity to introduce an entire fake finger into the process unnoticed.

A lesser known risk, and one far easier for villains to employ, is to fake or ‘spoof’ minutiae. The simplest methods are simply to wind thin thread around the fingertip, or to introduce a series of cuts to the fingerprint. This creates scores of new minutiae points, increasing the risk that the spoofed fingerprint will be a close enough match to that of an authorised person on the estate or bank database. No one should underestimate the ingenuity of criminals – they know the reader uses minutiae points to match them against a profile, and they also know that by introducing a lot of false minutiae points, they will increase the chances of their matching an existing profile on the system. Only the most advanced technology has the ability to differentiate between typical cuts and true minutiae to determine whether a fingerprint has been spoofed or not.

Performance requirements and consequential recourse

Another major risk lies in the fingerprint system’s performance and standards: in many cases, the images they produce are of a low quality and characterised by noise, or they simply do not meet the standards required by law enforcement agencies and courts. This means that in the case of fraud or a criminal opening a bank account using such a fingerprint reader, the biometric records and images generated cannot be processed against the SAPS criminal record system, or indeed most international law enforcement systems.

Equally concerning is the fact that these systems produce images that are of a quality too poor to be admissible as evidence in a court of law. The mere fact that many fingerprint readers used today are not compliant to international standards for evidence and criminal investigation defeats the entire objective of using fingerprints for proof of identity in the FICA or RICA process.

Inadequate biometrics-based identification and security systems therefore, could not only give villains access to accounts and assets; they could also help them to avoid prosecution.

Organisations need be very careful in their choice of biometric devices deployed for customer identification, security and protection of assets, to ensure they are compliant with all key standards and legislation, and that the systems deliver the security they promise.

When selecting systems, organisations need to ask:

–          Is it fit for purpose at the site, and for effective governance, risk and compliance?

–          Does it fully adhere to regulatory requirements from the process of taking the customer aboard through to post-event audits?

–          Can it be spoofed by added minutiae caused by thread, cuts, wrinkles and blisters?

–          Does the technology discard false minutiae and only process true minutia?

–          Is the data collected by the device, including all records and images, fully compliant to all international standards?

–          Can this data be processed against the SAPS criminal record system?

–          Is this data accepted as evidence in a court of law?

Always remember that mass adoption does not constitute great technology, but rather great sales effort. A simple “show me how accurate it is”, is always recommended.

Posted in Ideco News

Identity ecosystem must learn from banks’ example

There are clear parallels between the development of financial services and identity verification ecosystems, but the identity ecosystem has to take urgent steps to catch up with the banking ecosystem.

By Marius Coetzee, Managing Director of leading identity fraud solutions provider Ideco

The recent high-profile identity data breaches in South Africa are symptomatic of the overall chaos the identity ecosystem currently finds itself in. Lacking a cohesive strategy, an interlinked architecture and a comprehensive regulatory framework, most organisations have been building their own identity verification databases in isolated pockets, using a variety of data sources, standards and protocols.

But in a rapidly digitising world, the identity environment has to take urgent steps to consolidate, regulate and order the ecosystem, before trust is seriously compromised and irreparable damage is caused.

The identity verification environment is developing along much the same lines as banking developed over the years: moving from a handshake to a paper-based token, to a smart card and now to an Identity 4.0-type model, pioneered in South Africa by identity solutions leader Ideco, where a digital token will serve as trusted identity assurance. But the banking sector is far advanced in managing its trusted financial transactions. With the input of self-regulatory bodies, a stringent regulatory framework in place, and a cohesive integrated ecosystem, digital banking systems are a trusted and effective means of connecting the issuer, acquirer and account owner to authorise a secure transaction in real time, anywhere in the world, and with a clear audit trail.

In the broader identity management ecosystem, however, disparate systems still operate in siloes, with legislation and regulations drafted in a reactive manner, and no collective, smart method of facilitating responsible identity information within a trusted ecosystem that allows customer identities to be verified on a global basis without risk to the owner of the identity.

Amid rising customer expectations for secure, seamless, omni-channel engagement, businesses have been compelled to develop their own identity management systems to remain compliant, deliver on customer expectations and mitigate fraud, cyber threats and reputational risk. Identity solutions today are typically driven by vendors and manipulated by available technology. What seems to be an asset has possibly become organisations’ the largest governance, risk and compliance challenge today.

Several factors stand in the way of a cohesive identity verification ecosystem, including legacy frameworks, regulatory requirements and the current thinking that the State owns identities. Changing times and spiralling cyber crime mean action must be taken fast and traditionally, government organisations adapt slowly to change.

While the Department of Home Affairs is the custodian of identity for citizens, for transactional purposes we will likely see the emergence of a small number of trusted, bank-like organisations serving as identity clearing bureaus, although these organisations will have to generate sufficient revenue to be sustainable.

There is also a move in the world for self-sovereign identities, in which consumers will take responsibility for their own identities. However, a trusted authority will still be needed to underwrite that identity.

By following the example set by banks, the identity verification industry should enable the consumer to entrust a custodial organisation with their identity, while retaining ownership over that identity. A cohesive ecosystem must then be enabled to facilitate transactions with an approved acquirer, validated by the issuer but under the control of the identity owner.

To set the foundations of this system in place, urgent steps must be taken to assess how the financial industry is regulated, using the banking environment as a benchmark. Ideco is taking the lead in developing world-first solutions to support the development of this next-generation identity ecosystem, including advanced new identity switching mechanisms and real-time digital identity authentication solutions.  In addition, stakeholder will need to move towards consolidated standards and a sound regulatory framework must be established in collaboration with lobbying and self-regulating industry bodies, to establish a trusted identity framework for the future.

Posted in Ideco News

The greatest asset every person has is his or her identity

Who you are, where you come from, what work you do and where you live are some of the most common questions being asked when meeting a stranger for the first time. And based on these few questions one will form an opinion of your identity and most likely relate to you accordingly.

You can learn even more about the identity by looking at their digital footprint. A quick search on Google, Facebook, Twitter or the like and you have access to a terrifying amount of additional data that defines that person. These technological giants touch almost every part of our existence and continuously harvest vast amounts of data about each one of us. Stitching all these touch points together, they form an accurate profile of your identity without you even being aware of it.

This fuels the never-ending debate between what is personal information and what is private, what is intimate and what is public knowledge? Most of us believe that all our personal data should be regarded as private but with the same conviction we hand out hundreds of business cards with personal information.

Identity is basically defined as whatever makes an entity definable, unique and recognizable. Every person has multiple traits that define them and it is the collective sum of all these traits that makes each one of us a uniquely definable giving each person a unique identity of our own. To manage all of this, governmental identity schemes will assign a unique identity number to each of their citizens.

It is also important to ask the question: What influences the identity? There are obviously some absolutes (such as place of birth, family, gender, etc), but in many cases people find their identity in their association, religion, education and even their property or assets. There are many benefits in having an official and verifiable identity. According to the World Bank, the main advantages for citizens can be summarised as electoral participation, educational opportunities, health and social welfare, banking and economic inclusion.

Trust is however the most valuable attribute of any identity and it is estimated that 94% of all identity verifications are based on visual verification. In other words, if the person looks like the picture presented in the identity document, it is assumed to be the same person. This is why in most cases, proof of identity requires a copy of the identity document and this is exactly where the risk of identity fraud starts.

It is virtually impossible for any individual to “own” his or her identity, if there are hundreds of organisations who deals with a person in his lifetime, each requiring copies of this identity.  The question also remains, how much trust can be associated with this copy if the identity document, even if a Commissioner of Oath certifies it.

The Ideco Identity-as- a-Service (IDaaS) ecosystem offers next generation identity assurance, designed to deliver fraud-proof trusted identity authentication, confirmed with a digital certificate of authenticity in seconds. When this service is used at point of contact with the customer, full trust in the identity is established without any privicy risk to the owner of the identity.

Tagged with: , ,
Posted in Ideco News

New head for Technology Innovation Expert Group

Ideco Biometric Security Solutions director Francois Vermeulen has been appointed as the new head of the Technology Innovation Expert Group (TIEG) for the Biometric Institute. The Group focuses on the provision of accurate and unbiased technical information, training and education to the board and members of the Biometrics Institute.

TIEG is developing a best practice guide to assist members in the implementation and selection of biometric systems. It aims to assist the market with the responsible use and implementation of biometrics.

“The Biometrics Institute is playing a key role with regards to responsible use and implementation of biometrics. I believe that we need to assist the market in harmonising biometric enrolment processes where possible, to stop the continual re-enrolment of the same biometric with numerous entities,” says Vermeulen.

“Continual awareness around biometric image quality standards is essential in today’s environment. Especially with the introduction of new modalities, educating the market in standards becomes essential,” he adds.

With many modalities still in their infancy, the misuse and wrong implementation can cause serious harm, not only to the specific biometric utilised but also to the biometric industry as a whole.

“Over the past year, there has been a significant number of advances in technology and innovation in regards to the use and application of biometrics. This can mostly be attributed to the rapid adoption of biometrics in consumer products, ranging from iris identification in mobile phones to advances in the enrolment of infant fingerprint capturing devices,” he explains.

Vermeulen says there is a drive in the market toward the enrolment and utilisation of multiple modalities for the purpose of verification, identification and creation of foundational registries. “This not only provides the added advantage of additional security but also starts to cater for cases where some biometrics may not be present for a person.”

Governments now require equipment that can cater for the generation of foundational registers containing multiple biometric modalities, leading to advances in enrolment equipment. There is currently multimodal mobile enrolment equipment which caters for as much as six biometric modalities in one device, enabling Governments to create these foundational registries and to provide services to the correct person at the correct time.

“With all the additional biometric modalities being captured by different entities, it is essential to ensure that these entities use capture devices that comply with international image quality standards and that they manage the captured biometrics in a secure and responsible manner,” he concludes.

 

Posted in Ideco News

Ideco strengthens security with two factor authentication

To keep abreast of latest technologies and the ever-evolving security environment, local biometrics solutions provider Ideco has announced enhanced features to its Electronic Visitor Identity Management (EVIM) solution.

The company has introduced OTP verification to protect the portal against unauthorised access and has also included an In-Out daily count on its dashboard.

EVIM is a mnew-evim-(no-background).pngobile data capture and fingerprint scanning device that reinforces security with a digital visitor register, making visitor access management quick and easy. Unlike the traditional paper-based visitor book, this ingenious device captures, registers and verifies all data in real time with the National Centre of Certified Identities (NCCI).

Ideco managing director Marius Coetzee says these new features will ensure a higher level of security. “As with any high security web site, it is essential that only authorised users have access to the password protected areas of the site.”

“We have therefore introduced OTP verification, after entering the username and password on the EVIM web portal, an OTP will automatically be sent via SMS to the user’s registered mobile number which then needs to be entered to gain access to the web portal,” he says.

For terminals that have the ‘Direction’ function enabled, two additional counters have been introduced to the EVIM portal dashboard. These counters will display the number of people who indicated IN as well as the number of people who indicated OUT on the current day.

A growing number of business parks and residential estates are deploying Ideco’s EVIM solution to improve access security and enhance the overall effectiveness of existing services. Not only does EVIM enhance the visitor handling process, it also minimises the risk for criminal behaviour associated with identity fraud and provides improved accountability.

“EVIM gives a whole new meaning to keeping a competent visitor register. This is a fantastic opportunity for gated communities and organisations to implement visitor management within their existing access control systems. At the same time, security at access points can now provide truly effective access control,” he concludes.

For more information contact Ideco on 086 104 3326 (IDECO) or visit http://www.ideco.co.za

Posted in Ideco News