Jonas Andersson, Head of Standardization at Fingerprints
Data privacy is high on the global agenda. In the wake of data protection policies such as Europe’s GDPR, ensuring the integrity of personal data is an increasingly pertinent subject. This is a governmental and corporate policy reflection of the fact that our lives are moving increasingly online and, with it, our personal data is facing new and increased threats.
For all access to private data or services, we must be authenticated – this is the basis of privacy in the online world. But as PINs and passwords are increasingly viewed as insufficient to tackle this new reality, the world is looking to stronger authentication solutions, such as biometrics.
When implemented in the right way, biometrics will bring multiple benefits. It already enabled consumers to add layers of authentication to personal data previously unsecured in their owned devices – from apps and e-commerce, to our homes and devices. But its potential is phenomenal. Consumer-driven authentication via our phones and tablets is already today by far the largest application of biometrics in the world, with figures in the billions that dwarf government-led identification schemes such as India’s Aadhaar and the FBI database.
Crucially though, it’s a privacy and security measure that consumers have the power and choice to implement. And as third parties, such as financial services, healthcare and enterprise organizations, increasingly accept consumer biometrics authentication for their services, supporting the market’s continued adoption is an important and timely topic. But first, as biometrics creates its own sensitive personal data, there are a few points to clarify and discuss…
Consumers need confidence!
Undeniably, the success of existing applications of consumer biometrics is based on the advantages they offer consumers. Just look at the penetration and use of fingerprint biometrics in smartphones. But the success of future adoption will be determined by how confident consumers continue to feel in new situations. We’re frequently reminded not to use the same password or PIN multiple times, so it’s only natural consumers are beginning to feel concerned of their biometrics integrity as they start to utilize their fingerprint on multiple devices and apps: their phone, tablet, card, USB dongle…
In fact, consumer device authentication utilizes a ‘privacy by design’ approach that inherently protects end-user biometric data with an on-device authentication approach – where biometric data is enrolled, stored and managed all on the same device. The following principles have been fundamental to biometrics’ privacy protection in mobile and are what will enable new benefits for consumers in other personal device-based scenarios:
Translating images to templates
It’s a common misconception that biometric data, such as fingerprints, are stored as images. And in turn, if this image is accessed, the corresponding fingerprint is permanently compromised and unable to be restored or used securely on other applications. You’ll have heard the argument about biometrics: “I can change my password any time, but I only have ten fingerprints; what happens if they’re all hacked?”
In fact, data from a biometric sensor is captured and stored as a template in binary code – or encrypted 0s and 1s. This mathematical representation makes hacking basically pointless as, even if fraudsters could access the template, they can’t do anything with it. Template code cannot be reverse engineered into the original fingerprint image, nor can it be linked to other services and, in turn, other personal data. Moreover, this template is unique to the device it is on, making it impossible to re-use between devices, even if the same fingerprint has been enrolled!
The consumer is in control
This neatly leads on to my next point regarding storage. In consumer authentication use cases, information remains solely on the unique consumer device on which the template was created, remaining physically in control of the user.
Our recent consumer research found 38% were unwilling to share their biometric data but, with this approach, no data needs to be shared with third parties or cloud-based databases as everything is stored, and the authentication process is contained, within a single personal device.
Layers of security
Layering defense mechanisms is standard best practice for a range of security implementations – biometrics is no different. In addition to the transformation of biometric data into an irreversible template, these templates are also later encrypted and further protected by hardware and software both at rest and during the matching process.
The most successful example of a biometrics use case, the smartphone, utilizes the highly secure software isolation of Trusted Execution Environment (TEE) technology for storage and matching of biometric templates on device. The hardware on which it runs is intrinsically secured through its high degree of integration, complexity, miniaturization and specialization.
This approach is also championed by new use cases such as biometric payment cards. Here, the Secure Element (SE) – the chip technology that secures the financial data in your bank card – is utilized to store, process and match biometric information within the confines of the card. This treats biometric templates with the same security as the PIN and other financial data that is stored on our payment cards.
Removing the weakest link
Nothing is ‘un-hackable’, this is the reality of security. With enough time, money and effort, it’s possible to get into anything. A safe, a bank vault. However, attackers take the path of least resistance, and often it’s the end-user that is the ‘weakest link’ in the security chain when it comes to social engineering attacks.
End-users are vulnerable to attacks, such as phishing, where they can be tricked into giving away information such as a PIN or password. With consumer biometrics, the user only presents their biometrics to their personal device and can’t give anything away. This also removes the risks generated by mistakes or complacency, such as creating a password that’s easily guessed.
More authentication = more protection
Biometric authentication can protect a whole host of other sensitive personal data, far more quickly, conveniently and securely than was ever possible with PINs or passwords.
Today however, passwords and PINs remain the most used authentication methods outside of smartphones – something increasingly problematic. The friction created by asking users to create a new password has a significant impact on drop-out rates – especially as new ‘best practice’ guidelines recommend complex requirements such as including numbers, capitals, special characters and length. NIST’s digital identity guidelines outline the importance of usability challenges and stress, fundamentally, “positive user authentication experiences are integral to the success of an organization achieving desired business outcomes.”
6 out of 10 consumers feel they have too many PINs and passwords and worry about forgetting them. Unsurprisingly, 41% also admit to re-using the same PIN code or password across multiple sites, apps and devices. So, not only are PINs and passwords frustrating for consumers, they’re also becoming less secure.
Biometrics can be the authentication silver bullet as it combines security and a convenient UX, with leading fingerprint sensors authenticating in under a second. Its capacity to bring security to devices and processes previously either unsecured, poorly secured, or secured with a poor UX is phenomenal. Mobile is the perfect example of how it has been able to transform a device from being unsecured most of the time, to now only unlocked when in use. And now, just look at how your bank accepts your fingerprint authentication on your phone for access to your account.
With consumer biometrics, its quick and effortless to enroll onto new services and subscriptions. Consumers are happy to authenticate more frequently, because it’s so simple and the action is so intuitive. Plus, you cannot forget your fingerprint…
Consumer biometrics: on the agenda
It’s clear that biometrics is key to many organizations’ plans for privacy and security, but don’t just take our word for it. Many industry and government initiatives are moving quickly.
Europe’s GDPR highlighted biometrics as ‘sensitive personal data’ which clearly needs to be protected in the right way. Meanwhile, the benefits and integrity of consumer device biometric authentication were also recognized by Europe’s financial services directive, PSD2, citing biometrics as a trusted factor under its strong customer authentication (SCA) mandates.
Looking to industry bodies, FIDO Alliance is gaining significant traction in formalizing the quality and security of personal authentication with biometrics. Its work is complementing rising initiatives such as Self Sovereign Identity (SSI) models, whereby individuals or organizations are endeavoring to have sole ownership of digital identities and control how this personal data is shared and used. With an owned, FIDO-certified biometrics-secured device, users can add another authentication layer over stored digital identifiers.
For several years, we’ve also participated in industry body GlobalPlatform’s work to verify and standardize the quality of security protection on TEE. The biometric API extension defines security protections specifically around biometrics and is highly referenced in mobile implementations, and increasingly in new devices such as key fobs and home security devices too. With the dawn of the biometric payment card, we’re also supporting GlobalPlatform to define an SE specification for biometric cards.
The combination of government and industry engagement is setting the scene for so much more to be achieved with consumer authentication using biometrics. Undoubtedly, biometrics’ role in an increasingly data-conscious world has only just begun to take shape, and excitingly, it’s consumers who have the power at their fingertips – quite literally!
AI-Powered Fraud Prevention for Digital Transactions
By Martin Rehak, CEO of Resistant AI
Fraud is on the rise, thanks to the rapid escalation of digital channels in response to the unprecedented challenges created by COVID-19. However, this rapid shift to digital-first operations and transactions has come at a price for banks and financial services organisations. Which is why financial services organisations are increasingly turning to AI to intelligently address an ever-evolving and ever-smarter attack landscape.
If nothing else, COVID-19 helped shine a spotlight on the vulnerabilities of today’s digital and mobile customer platforms that are capable of executing rapid and instant payment transactions, leaving little time to undertake customer authentication or transaction verification. Similarly, the difficulties of Know Your Customer (KYC) and customer onboarding in the digital era is exposing financial services organisations – and the customers they serve – to a significantly increased risk of cyber-crime and financial fraud.
According to a recent UK Finance report, £754 million was stolen from bank customers in 2021 as scammers industrialised the use of authorised push payment fraud to trick individuals and businesses into sending money to bank accounts operated by criminals posing as genuine customers.
The challenge created by automation
The rapid expansion and automation of financial services to minimise friction for customers has created new challenges with regard to verification and risk management policies and practices. Evaluating if a digital interaction is authentic now depends on referencing a huge amount of data from multiple sources – everything from geolocation and session behaviours to data from merchants, bureaus, and customer profiles.
Added to which, today’s financial fraudsters are becoming expert at targeting these complex digital environments and are using innovations such as block chain and instant payments against banks and their customers.
Staying ahead of criminals is an imperative. Especially as directives like Open Banking open up third party access to customer data that further heightens the vulnerability of finance firms to fraudulent activities if this process is not appropriately monitored and managed.
Financial organisations spend vast amounts of money protecting their information and IT, yet the automated processes that deliver access to money are often the least protected. Traditional approaches to fraud prevention that rely primarily on human intervention have proved inadequate for preventing the activities of today’s sophisticated digital criminals, who are capable of exploiting vulnerable automated systems at scale.
In response, the finance sector needs to enable real-time identity forensics that brings together state-of-the-art document and customer behaviour evaluation to uncover synthetic identities, account takeover attempts, money laundering and other emerging types of fraud plaguing financial services.
Strengthening onboarding and KYC processes
Attaining a deep understanding of the end-to-end customer journey is now mission critical for combating fraud and financial crime. Onboarding and KYC represent key cornerstones in the mission to prevent scams. However, the shift to digital documents for ID authentication, combined with the relaxation of onboarding verification to expedite customer conversions during the crisis, have created significant opportunities for fraud.
In the onboarding process, identify validation is the first step to affirm an applicant actually exists. Next comes verification, which links that person to the information they provided in the validation stage. In many automated workflows there are risks from forged or manipulated documents that support the customer journey in online lending, trading, insurance, financing, factoring and payments.
Typically, 17% of bank statements used for lending applications or KYC purposes have been tampered with and 11% of UK payslips submitted as part of digital loan applications have been altered or are forged. Similarly, 15% of company registration certificates submitted worldwide when opening a bank account are fakes and 9% of utility bills submitted as proof of address are forged.
By protecting automated processes that use unauthorised documents from third parties, institutions can gain certainty that all digital documents are genuine. Similarly, continually assessing transactions will instantly alert teams to potentially fraudulent activities. These anomalies encompass behavioural, device characteristics, unusual switching between accounts and more.
Providing an intelligent shield for automated financial systems, AI powered fraud prevention delivers a convenient customer onboarding experience while limiting the generation of false alarms – ensuring that fraud and cyber analysts need only investigate genuine priority alerts.
Advanced fraud insights
Today’s AI-powered real-time identity forensics are capable of detecting advanced fraud and manipulation and are adept at joining the dots to uncover previously unidentified vulnerabilities and gaps in third-party systems, so that future potential exploitations can be deterred.
With financial criminals continuing to up their game, banks and finance organisations are leveraging AI technologies to strengthen the validation, verification and transactional processes that deliver enhanced security without compromising the customer journey or experience. With the right financial automation oversight technology in place, they’re better positioned to predict, detect and deter criminal adversaries and stay one step ahead of evolving new risks on the horizon.
SMART WEARABLES IN HEALTH TECHNOLOGY
Gavin Bashar, UK managing director at Tunstall Healthcare, discusses smart wearables in health and social care, the benefits, and what the future holds.
For many years, technology has been integrated into every sector in the economy, from banking to shopping, to enhance the experience of customers.
However, health and social care services have fallen behind in terms of technology adoption and innovation, for reasons including fragmented structures, limited resources, and reluctance to change.
Yet person-centred technology has the power to transform lives, not only enabling the ongoing delivery of support services to vulnerable people, but reshaping the health and social care sector as a whole.
Technology-enabled health and care is the service of the future and the ongoing and unprecedented rapid acceleration in the adoption of care and health technology has demonstrated the numerous benefits in practice.
Why wearable technology?
Wearable technology enriches the lives of a range of cohorts, including people living with long term conditions such as dementia, and connects vulnerable individuals to key stakeholders such as clinicians and family members.
The better application of technology and wearable devices can deliver significant benefits including improved patient outcomes and service-user experiences, a reduction in the strain on staff and carers, and potential cost savings or avoidance.
Wearable devices and the systems they’re linked to use wireless and digital technology to enable support services to be efficient, flexible, responsive, and tailored to the individual. The unobtrusive devices also ensure that care delivery is discreet and won’t interrupt the daily life of service users.
Proactive healthcare is also easier thanks to wearable technology. Service users become much more engaged with their own health and have greater opportunity to develop a proactive approach to their health monitoring, rather than reacting. Technology can be used to enable intervention at an early stage by identifying irregularities before they become more significant health or care issues which require expensive care and treatment.
There is significant evidence that wearable technology offers users greater choice in terms of the care they receive and prevents incidents in the first place, by recognising an emergency as soon as it occurs. Community alarms and telecare services in particular are effective methods of signposting to clinicians and additional services when a user requires care, and this has been particularly important during the pandemic.
Wearables in a home and residential care setting
When providers are presented with unique opportunities to drive the adoption of digital health solutions such as wearables, there must be a focus on designing holistic services which fit seamlessly into the user’s life, work with clinical practices, and ensure any data that is collected is stored securely.
There is a huge range of wearable technology and devices available which perform a number of functions and can therefore be tailored to suit the needs of an individual and their stakeholders, such as carers and clinicians.
Small, discreet pendants available on the market can raise alarm calls in emergencies, and protect users living independently at home or in group living environments. Features can include integrated alarm buttons, LEDs for visual reassurance that a button has been pressed, easy to wear options, and auto low battery monitoring and alerts.
Falls are the main reason that older people are taken to hospital and unaddressed fall hazards in the home are estimated to cost the NHS over £430 million1. Smart wearables use advanced technology to allow users to raise an alarm from anywhere in their home or care setting if they are in difficulty. Some devices can also automatically raise an alert if a fall is detected.
This technology offers confidence to individuals who are at risk of falling, such as people with limited mobility, the elderly, and people with long-term conditions such as epilepsy, diabetes and Parkinson’s disease.
Wearable technology not only benefits vulnerable individuals living at home, but also those in residential care settings and their carers. Nurse call systems which are integrated with smart wearables can be personalised to ensure individual safety with minimal disruption to other care home residents. It also respects dignity while improving management insights, workflow efficiencies, staff morale, and care quality.
Devices can also be worn which protect users when away from home, automatically detecting falls, offering an SOS function and providing the user’s location.
The benefits of managed technology and smart wearables
Technology can require equipment from a range of manufacturers. Identifying, purchasing and managing devices from multiple sources can prove challenging and resource intensive for local authority community alarm centres.
Nottinghamshire County Council (NCC) has a managed healthcare service which includes home units, telecare sensors and wearable devices which are all tailored to the needs of individual service users.
All connections are monitored and referrals are made to the NCC Responder team, nominated contacts or the emergency services, as appropriate. NCC also has Reablement Assessment flats with telecare in place to support people leaving hospital, helping them to increase wellbeing and regain skills to enable them to return home.
Between October 2019 and December 2020, significant benefits and improved outcomes have been observed. Over 280 cases where a high and immediate risk of admission to residential care were avoided, and over 650 cases which required additional community care costs were avoided.
In total, savings of over £2.2 million have been achieved after additional service costs, costs of homecare for people diverted from residential care, and loss of client contributions have been deducted.
The next generation of wearable technology
The deployment of smart technology, including wearable devices, enables vulnerable people to live safely and independently for as long as possible. However as demands change, the care journey is now evolving rapidly and healthcare services must adapt accordingly.
We’re beginning to see the next generation of predictive care technology and smart wearable devices, and over the next few years this will encompass integration that enables diverse and scalable models of health and social care. Using AI and taking data-driven insight from multiple sources, providers will use this next generation of solutions to optimise Population Health Management programmes by providing personalised and anticipatory care.
Smart wearables in health and social care are designed to improve quality of life and empower individuals to take control of their health, while supporting the NHS and additional stakeholders by reducing the number of required GP visits, ambulance callouts, hospital admissions, and demand for local authority funded residential care
For more information on how wearable technology can support the ongoing delivery of proactive and effective support, please visit www.tunstall.co.uk
AI-Powered Fraud Prevention for Digital Transactions
By Martin Rehak, CEO of Resistant AI Fraud is on the rise, thanks to the rapid escalation of digital channels...
The future of retail trading
Joe Jowett, CEO of StrikeX The 2020s look set to be the decade of the retail trader. As the...
Dissecting the expansion of online checkouts
Daniel Kornitzer, Chief Business Development Officer Card payments have long existed as the preferred payment method for online consumers....
How bug bounty programs can help financial institutions be more secure
Rodolphe Harand, Managing Director at YesWeHack Financial services have been one of the most heavily targeted industries by cybercriminals...
Resolving the unintended friction of Web 3.0
Marten Nelson, CEO, M10 Networks Media is buzzing about Web 3.0 and the metaverse. Companies and investors are scrambling to get...
Predictions for Alternative Data in 2022
Neil Chapman, CEO of Exabel 2021 saw various firsts for alternative data. The $1.6bn flotation of SimilarWeb evidenced the...
Why Zero Trust and securing the supply chain is key to post-pandemic recovery
Jim Hietala, Vice President, Business Development and Security at The Open Group Banking and finance have grown to provide...
Five predictions set impact the finance teams in 2022
By Rob Israch, GM Europe at Tipalti The CFO now has a very different set of responsibilities in comparison...
Three ways to reduce uncertainty in financial services marketing
By Patrick Costello, Senior Product Strategy Director, Optimizely According to Bain & Company, uncertainty is one of the key factors affecting marketing...
Bringing Automation to Banking
Ron Benegbi, Founder & CEO, Uplinq Financial Technologies Automation is everywhere you look these days; from supermarkets to warehouses...
Why financial services is stepping into a new era
by James Mingard, Head of Retail & Finance at Maintel When comparing industries, financial services has arguably fallen behind when...
FINANCIAL MARKETS IN 2022: INFLATION, ENERGY PRICES, AND THE CONTRASTING PERFORMANCE OF STOCKS
Bob Jenkins, Head of Research, Refinitiv Lipper Anyone hoping for a reprieve from the chaos and uncertainty of the...
FINTECH TRENDS TO LOOK OUT FOR IN 2022 WHICH WILL CHANGE THE WAY WE DEAL WITH FINANCE!
Embedded Finance is estimated to be a $3.6 trillion market opportunity (Matt Harris, Bain Capital Ventures) Embedded Finance means it’s...
THE GREEN REVOLUTION IN INVESTING
It can’t be denied how quickly environmental sustainability has become a focus among everyday consumers, whether they’ve become noticeable through...
INVESTMENT IN INNOVATION: 2022 TRENDS AND OPPORTUNITIES
Author: Michael Kodari, Founder and CEO of Kodari Securities (KOSEC) Moving into 2022, while COVID is still front of...
HOW TO CONSOLIDATE INVESTMENT REPORTING OPERATIONS AFTER A MERGER OR ACQUISITION
By Andrew Sehulster and Abbey Shasore The reason why senior management make an acquisition is to compete better or...
FUNDING R&D IS STILL A PRIORITY FOR COMPANIES DESPITE THE PANDEMIC
By Emma Lewis, Myriad Associates HMRC regularly releases statistics that look at the numbers of R&D Tax Credit claims...
Mitigating the insurance risks of climate change through geospatial data visualisation
Richard Toomey, Senior Manager, Commercial Insurance at LexisNexis Risk Solutions UK and Ireland In the lead up to the...
From compliance to the metaverse: Investment trends to look out for during the year ahead
By Rami Cassis, Founder and CEO of Parabellum Investments In the investment world, the old saying, knowledge is power,...
NutreeLife triples production with finance from Siemens Financial Services
Plant-based snack manufacturer NutreeLife has massively increased its production capacity with the help of a hire purchase solution from Siemens...