07-04-2011, 09:30 AM
PRESENTED BY
D.SINDHUJA
B.RAJESWARI
[attachment=11821]
Biometrics in the Banking Industry
Gateways for Biometrics
Transaction Security
Securing client transactions and protect their privacy either remotely or onsite
Network Security
Security of the bank’s infrastructure, controls what activities specific individuals or job functions have access to
Access Control
Protecting the physical security of facilities (vaults, safety deposit boxes)
Background Checks
Protect against internal fraud and illegal transactions with applicant background checks
Fingerprints
Most commonly used biometric in the banking industry
Used in all areas of the banking industry
Transaction security
Network security
Access control
Background checks
Advantages
Equipment is cheap
Highly accurate
Disadvantages
Criminal stigma
Universality
Fingerprint (Transaction Security)
Goal: enable clients to authenticate themselves before any transactions are made on their account
Enroll customers when the account is created with their fingerprint
When wishing to access their account, they must first provide their fingerprint to be verified
No ID card is needed
Provides non-repudiation
Uses
In bank, ATM, kiosk, online
Example
Banco Azteca: the first bank to be opened in Mexico since 1995
Allow people with limited incomes that live in poor and rural communities to establish a bank account for the first time.
Sparseness of banks
No form of authentication (driver’s license)
Account ID cards were often lost or stolen
Digital Persona technology was used to protect accounts using fingerprints
1.2 million customers of Grupo Electra are enrolled
Many customers were farmers and construction workers whose prints were damaged and worn
1 out of 4 people failed to enroll because of low quality prints
Fingerprint (Network Security)
Protect against internal fraud (employees tampering with the system)
Enroll and authenticate bank employees before they can access the bank’s network to perform a transaction
Example
Bank of Central Asia (BCA) in Indonesia has around 8 million customers throughout the country
Incorporated Identix fingerprint systems to secure the processing of high-value electronic fund transactions
If a large transfer is initiated, the teller and possibly a supervisor need to be authenticated by the system before the teller can finalize the transaction
Non-repudiation: the teller cannot deny performing the transaction
Duress finger
If under duress, the teller can authenticate with a duress finger (alerting the police)
Fingerprint (Access Security)
Instead of using a key or card to for access, use a fingerprint
Access to the bank, vaults, safety deposit boxes
Example
Deutche bank is a European financial service provider with ~65,000 employees
Installed AC Controls security to establish biometric access to their building
Fingerprint readers determine who can enter their offices and also restricts what areas each person can access
Problem:
A one day visitor would need to enroll with the bank, to gain access to parts of the building
Consumers may be reluctant to enroll their biometrics with multiple organizations
Morpheus technologies: develop a network of secure, licensed enrollment facilities
Standardization + Interoperability
Fingerprint (Background Checks)
Submit requests for backgrounds electronically
Background checks ensure the integrity of the employee base
Example
ING Direct installed live-scan fingerprint readers that channel electronic submissions to the FBI IAFIS database (Identix)
Before background checks took 4-5 weeks
While waiting, the prospective employee would be trained
If the results effect the hiring, much money was wasted during training
Now, checks can be done in 4-5 days
Able to wait this period before training
Voice
Main advantage over fingerprints:
Works remotely (by phone), without special readers
Used for transaction security
Verifying the customer is the rightful owner
Vein Pattern Recognition Advantages
Highly unique to every individual
Patterns are formed at birth and remain constant throughout one’s lifetime
Rapid, non-invasive enrollment and verification procedures
Works only on living, vascularized hands
Vein Pattern Recognition Disadvantages
Injuries or deformations to the hand may cause failure to enroll
Systems which require contact may be considered invasive/unhygienic
Some systems still require PIN or other identification
Vein Pattern Recognition
At Work
Southeast Asia
Several international financial institutions have implemented vein pattern recognition systems from VeID Ltd.
Hand Geometry
Based on measurements of the hand
Robust to environmental changes
Easy to use
Ageing, deformities may affect verification
Hand Geometry At Work
First Bank Puerto Rico
Installed IR Recognition System HandPunch terminals at all branches
Employees must swipe an ID card and verify with a hand scan to punch in and out of work
Attendance and tardiness have been cut down, as well as labor devoted to monitoring these problems
Conclusions
Biometrics are already being used in banks around the world:
North and South America, Europe, and Asia
Biometrics being used include:
Fingerprints
Signature
Vein Pattern
Hand Geometry
These systems can be applied to virtually every aspect of the banking industry:
Transaction Security
Employee attendance
Network and Database Security
Access to facilities
The banking industry is very reluctant to change its existing infrastructures
It is expected that biometrics will take longer to be incorporated into the banking practices