Connect with us

Technology

Why anti-spoofing fingerprint technology is essential for the continued growth of digital payments

Published

on

Anthony Eaton, CTO, IDEX Biometrics

 

The digital payments revolution is being driven by consumer demand for ever increasing convenience. This is leading the global digital payments market towards a value of US$204.1 billion by 2028. However, along with increased convenience, comes an implicit expectation to provide higher levels of security, especially when paying with contactless cards and digital wallets.

According to McKinsey, electronic payments are growing at twice the rate of GDP in North America and Europe. This expanding market has the fintech sector overstretched as they try to address operational risks without hampering customer experience and face increased fraud control expectations. If fintechs struggle to implement effective controls, they are likely to see heightened regulation in the future, which in turn can negatively impact consumer experience.

Amid this burgeoning market, fraudsters are continually looking for new vectors of attack. UK Finance’s 2021 Fraud Report showed that fraud losses on UK issued cards totalled £574.2 million in one year alone. To counteract such fraud, card issuers and digital wallet providers are deploying biometric fingerprint technology, which itself is evolving year-on-year to offer ever-increasing security levels.

The front-door attack

Fingerprint spoofing is considered a front-door attack on the biometric system.  It involves applying a fake finger, or so-called spoof, to the fingerprint sensor. When biometrics were first introduced on the iPhone in 2014 they did not deploy adequate anti-spoof technology. As a result it took just 48 hours before German hackers, the Chaos Computer Club, announced they had bypassed Apple’s new TouchID system with a fake fingerprint.

Attacks of this kind impact both consumer and industry confidence. As such, defending against this has been at the forefront of the emerging biometric payment card standards. Korean technology giant Samsung recently announced its entry into the biometric smart card space, and anti-spoof technology was at the centre of its story. This positioning reflects the need for added security and peace of mind in fraud prevention.

Anti-spoof: the heart of any biometric system

Anti-spoofing technology prevents fraudsters from defeating the fingerprint authentication process with false credentials. Today, it is used to increase security levels across a range of biometric systems, from smartphones to laptops and airport border control kiosks.

The biometric payment card has a compelling value proposition by bringing the biometric authentication process inside the secure enclave of the payment card’s Secure Element chip. The card’s off-grid nature ensures a much more limited surface of attack, compared with that of a highly connected smartphone. However, the challenges associated with implementing anti-spoof technology on this platform are not to be baulked at. The card has no battery and operates with limited on-board processing power. Without the luxury of the smartphone’s supercomputer-like processor a whole new wave of innovation has been needed.

As card issuers and digital wallet providers start to deploy fingerprint biometric payment cards to consumers, anti-spoofing technology must sit at the heart of their offering.

This can pave the way for a more secure future, from payment to digital and physical access, and to digital IDs and digital currencies.

Striking the balance between security and user experience

It’s clear that anti-spoofing technology must be included by default on biometric payment cards to reduce fraud and instil consumer confidence. But, despite the benefit of its added security it’s crucial to limit any potential impact on user experience. When paying for their shopping, consumers want to know that their card is safe, but more than that, they want to know their payment card will deliver a flawless user experience day-in, day-out.

When it comes to balancing security and user experience on a payment card, new design approaches have been required. The traditional approach to anti-spoof uses Neural Networks and Machine Learning techniques to train an image processing algorithm to detect the subtle characteristics of images captured from fake fingers. This requires an optimised processor and can quickly become impractical in a highly constrained smart card.

A second approach is to increase the security level of the traditional biometric authentication algorithm that matches a user’s fingerprint to the reference data captured during enrolment. This is very much a brute-force approach which, while helping to detect fake-finger attacks, will rapidly degrade user experience.

The optimum approach involves designing the fingerprint sensor, the biometric authentication algorithm, and the spoof detection system together – to all work in unison. Taking such a holistic, grounds-up approach opens up the design of biometric smart cards to new possibilities. Requirements can be met with margin allowing designers to achieve security targets and focus on delivering a flawless user experience.

Ready to fuel digital payment growth

To ensure the continued widespread adoption of biometric smart cards, it is important that all fingerprint biometric sensors are deployed with anti-spoofing technology while being optimised for user experience. Fingerprint biometric cards, when combined with anti-spoof technology allow for higher transaction limits and a faster, more secure transaction experience, while introducing increased obstacles to fraud.

Payment providers save money on fraud refunds whilst also increasing revenue thanks to higher limits and an enhanced customer base due to a secure and trusted reputation. The payment industry is already at a high level of security today. But with financial fraud on the rise, we must constantly improve to be ahead of cybercriminals and improve the customer experience for those using biometric payment services to enhance their lives.

Business

Ransomware chokes COBRA: How AI-powered data analysis can support financial services’ plight

Published

on

By Toby Butler, Financial Crime Solutions Manager at Ripjar

 

Ransomware attacks are on the increase in the United Kingdom. Most of the British Government’s COBRA meetings have been convened in response to ransomware attacks, showing how cybersecurity breaches are as pressing as national emergencies and crises. The National Cyber Security Centre’s (NCSC) annual review found this year that the country was hit by 17 ransomware incidents that were so impactful they “require a nationally coordinated response”. That extends to the financial services sector, which saw an increase of ransomware attacks with 55% of organisations hit in 2021.

Where does this leave the sector and how can artificial intelligence and machine learning be instrumental in understanding the risks companies face against future ransomware attacks?

Toby Butler

Company information is being stolen and sold to different threat groups, who prey on the individuals in that organisation who are more likely to pay them. The UK is one of the most cyber-attacked countries in the world and the Government has been criticised for being “ill-equipped” to deal with this exponential rise of fraud cases.

 

Ransomware-as-a-Service

Ransomware is one of the most common forms of cybercrime. Fighting it has become one of the biggest problems that organisations today face during their everyday operations. For instance, Malware (malicious software) encrypts the files of a single computer, then works its way through an entire network to reach the server and inflict maximum damage. Company information is being stolen and sold to different threat groups, who prey on the individuals in that organisation who are more likely to pay them.

When these attacks occur the victims, more often businesses, are left with minimal options. If they have substantial backup solutions already in place, they can attempt to restore the encrypted data to their servers. But if that data isn’t already secured elsewhere, they may need to pay a ransom to the criminals behind the attack. Thereby allowing the business to function once again and restoring their reputation. The cost of paying the ransom will feel considerably smaller compared to starting a business again from scratch. Sophos’ State of Ransomware in Financial Services 2022 report found that 52% of financial services organisations paid the ransom to restore their data, the average remediation cost in financial services was US$1.59M.

Cybersecurity Ventures estimates that ransomware is set to cost global businesses more than $256 billion by the end of 2031. By that token, organisations need to be extremely mindful of the potential threats they may face. Businesses need to understand the methodologies these hackers use, to address the weaknesses within their domain and take measures to isolate and prevent further ransomware attacks from happening again.

 

The rise of WAMs

According to a recent report by security firm CyberSixgill, 19% of the 3,612 cyberattacks that took place in 2021 were traced back to Wholesale Access Markets – or WAMs for short. WAMs are, in essence, underground internet flea markets. These markets are where aspiring attackers come to purchase network access from threat actors – the individual or entity involved in carrying out the cyber-attack. Types of threat actors include insiders, cybercriminals, rival organisations, or even nation states stealing data.

WAMs sell access to multiple compromised endpoints (or pathways) for around 10-20 dollars. Researchers found that WAMs listed access to approximately 4.3 million compromised endpoints in 2021, which include access to both provider and enterprise software (for example, an organisation’s Slack channel) up to 180 days before the attack itself took place. This shows how long these compromised endpoints remain undetected without proper internal analysis.

 

How can Financial Services stay ahead of the curve?

The use of Artificial Intelligence (AI) and machine learning is undisputed across modern businesses and sectors, and continues to revolutionise processes across the board. AI is a significant player in the financial services industry, building the ‘cyber-wall’ against nefarious users. It gives organisations optimal insights into reducing the likelihood of a ransomware attack in the future.

Namely, AI and machine learning collects and analyses vast amounts of messy (structured and unstructured) data from disparate sources. The challenge for the sector is to understand the volume and variety of the raw data collected from any source to build better protection in the future.

Structured information could be best understood as the clear data we see in a table. For example, the following attendees made a business meeting: first name – Joan, surname – Smith, age – 46. But unstructured information is information presented in a complex manner. For example, ‘there were five people who attended the business meeting, one of whom was forty-six and called Joan Smith’. Naturally, due to the complex nature of the prose, it would be more difficult for a machine to process that data into a digestible format for further risk analysis. This is where AI continues to prove invaluable.

AI uses natural language processing to understand the information provided on the web. As the software continues to evolve, natural language processing reads the information in a way a human would to extract the key information from the text. By incorporating AI and machine learning within an organisation’s IT infrastructure, companies operating within financial services can be better equipped to handle cybercrime.

These tools are flexible and adaptable, they can be configured to analyse different types of data from different sources to curate key insights. This collated information provides a better analysis of the organisation’s exposure, allowing them the opportunity to get upstream in preventing future attacks. This kind of approach is essential to processing listings on WAMs.

The power to analyse data to identify weakness is vital in the battle against cybercrime. It gives organisations a better understanding into what they could expect to see in the future. Hosting the correct data, and with the analytical skills, financial organisations can gain a better understanding of the methodologies and weaknesses in-house that attackers use and exploit to hold them to ransom. Organisations can then use this as a reference to pinpoint compromised endpoints, giving them a chance to reduce access before this route can be exploited and ruin their business.

With cybercrime and ransomware continuing to remain prevalent, it’s vital that financial services companies understand how they can get ahead of the curve and build a robust security platform within their IT infrastructure that can withstand an attack. In 2022, a ransomware attack occurred every 40 seconds. The mindset for the sector needs to be one of when, not if.

Organisations need to be thinking about an attack now – before it’s happened. Pre-planning and preparing for the worst possible outcome from future threats and adversaries. The introduction of AI and machine learning in the fight against cybercrime is a must, and the sooner the industry gets behind in implementing AI, the safer it will be through the next decade.

 

 

Continue Reading

Banking

How Banks Can Boost App Innovation, Speed and Compliance

Published

on

By

Steve Barrett, Senior Vice President of International Operations, Delphix 

As new finance and banking applications disrupt the market each day, and customer expectations around speed, privacy and quality continue to grow, financial organization CIOs and DevOps teams have to innovate quickly to bring new apps and updates to market, while remaining strictly compliant to a myriad of regulations. DevOps innovation in financial services requires fast access to accurate, compliant test data, and as anyone who touches the industry knows, data privacy is a highly complex, critical process woven into the everyday world of finance.

Banks and financial services organizations collect vast amounts of data, but using that data for innovation can be challenging due to the vast size and complexity of test data. These challenges can inhibit the adoption of new and transformative technologies and hinder innovation if they are not addressed head on. To address these challenges, many organizations are integrating the use of highly innovative test data management (TDM) tools within their DevOps ecosystems. DevOps TDM provides access and delivery of lightweight, compliant data for DevOps initiatives including digital transformation, software upgrades, cloud migration, artificial intelligence and machine learning (AI/ML), and analytics.

Data – the last automation frontier

Historically, application teams manufactured data for development and testing in a siloed, unstructured fashion. Over time, large IT organizations began consolidating TDM functions to take advantage of innovative tools to create test data. With the rise of modern development methodologies like DevOps and CI/CD that demand fast, iterative release cycles and end-to-end API-driven automation, legacy TDM approaches are often no longer sufficient.

Reliance on a traditionally manual, ticket-driven, request-fulfill model creates time drains during test cycles and slows the pace of application delivery. Consider the payments industry, in which agile technology companies using optimized DevOps processes can release new code hundreds of times per month. In contrast, traditional banks with slow IT ticketing systems may take months to release new features. These manual, legacy TDM approaches exist in contradiction with modern DevOps practices and CI/CD processes that depend on automation and fast feedback to development teams.

TDM for the DevOps Era

DevOps teams rely on TDM to evaluate the performance, functionality and security of applications. However, while processes including storage, compute, and code have all been automated, data has eluded the reach of most DevOps toolchains.

Now, DevOps TDM can help accelerate app releases and increase compliance.by automating the delivery, provisioning, and compliance of data. These practices provide both development and testing teams with data APIs, including the ability to refresh, rewind, bookmark, group, tag, branch, and share test data, to accelerate DevOps productivity and improve application quality. DevOps TDM also includes copying production data, and the masking (anonymization) and virtualization of data through the DevOps pipeline, which helps accelerate app releases and increase compliance.

And as the pace of application development quickens, so does the pace of privacy regulations and efficiently ensuring compliance in DevOps has become a significant challenge for enterprises. Non-production data used for testing software applications, reporting, and analytics can contain up to 80% of an enterprise’s sensitive data. To solve this, DevOps TDM provides integrated data masking to de-identify personally identifiable information (PII) and other sensitive data in non-production environments, eliminating the risk of sensitive data exposure.

The World Quality Report 2022-2023[1] by Capgemini stressed the importance of an enterprise wide approach to test data provisioning (a core component of TDM). The report states, “Over the years, with stringent regulatory and security requirements around data, organizations have increased their focus on provisioning test data safely and securely.”

The report shows that secure test data provisioning remains a challenge, with only 20% of respondents having a fully-implemented enterprise test data provisioning strategy in place to address security and compliance requirements.

Data is the catalyst to innovation

Automation is fueling myriad digital transformations within the financial services sector, but without the right data, these application innovations cannot succeed. DevOps TDM can help further accelerate DevOps initiatives by automatically delivering fresh, complete, and secure test data wherever and whenever it is needed, in minutes. With DevOps TDM, banks and financial institutions can innovate faster, reduce time-to-market for updating legacy applications, and accelerate development and testing of disruptive fintech.

 

[1] Source: https://www.capgemini.com/insights/research-library/world-quality-report-wqr-2022/

Continue Reading

Magazine

Trending

Business13 hours ago

Ransomware chokes COBRA: How AI-powered data analysis can support financial services’ plight

By Toby Butler, Financial Crime Solutions Manager at Ripjar   Ransomware attacks are on the increase in the United Kingdom....

Banking20 hours ago

How Banks Can Boost App Innovation, Speed and Compliance

Steve Barrett, Senior Vice President of International Operations, Delphix  As new finance and banking applications disrupt the market each day,...

Business20 hours ago

SVEA BANK ACQUIRES AREX’S FINTECH OPERATION IN FINLAND

AREX Markets, the data-driven FinTech company that drives financing costs down for SMEs and enables them to get paid quicker, has...

News20 hours ago

ICICI Lombard and AU Small Finance Bank announce Bancassurance tie-up

ICICI Lombard General Insurance, India’s leading private sector non-life insurance company, is entering into a Bancassurance tie-up with AU Small Finance Bank....

Finance20 hours ago

Crypto’s tipping point

Chris George, Senior VP of Product at Somo argues that Crypto needs to improve its scalability to be taken seriously Cryptocurrencies are...

Business4 days ago

Why Procurement is key in delivering your ESG strategy

By Edward Cox, Principal at Efficio Consulting   Environmental, social, and governance (ESG) has shifted from a niche to a...

Finance4 days ago

Skedadle to change the game for advertising with Currencycloud partnership

Currencycloud, the experts simplifying business in a multi-currency world, has partnered with Scottish start-up app Skedadle to provide its users...

Finance4 days ago

How financial services organisations can harness the power of low-code/no-code

By Joman Kwong, Strategic Solutions Manager, Financial, at Laserfiche   The UK’s erratic economy, and its spiralling cost-of-living crisis, have...

Finance4 days ago

SaaScada Top Five Predictions for 2023

From BNPL for business, to sustainability and financial inclusion, 2023 is going to be a year of change as the...

Business6 days ago

Hidden channel costs: how to find and tackle them

By Mark Wass, Strategic Sales Director, UK and North EMEA at CloudBlue     Growth for businesses will always be a...

Finance6 days ago

Is your business ready for finance automation?

Mari-Frances Bentvelzen, Business Head and General Manager of Global SMB at SAP Concur   As managers continue to drive their...

Top 106 days ago

The power of a proactive customer service

By Delia Pedersoli, COO, MultiPay   2023 is shaping up to be another challenging period for B2C businesses. While the...

Business6 days ago

Automation nation: Liberating workers from desks, data entry and the doldrums

Gert-Jan Wijman, VP of EMEA at Celigo.   Just when businesses thought the tough times were over, even more challenges...

News6 days ago

Protean and Fino Payments Bank tie-up to expand PAN card issuance services in India

Fino Payments Bank has tied up with Protean eGov Technologies (formerly NSDL e-Governance Infrastructure Limited), a market leader in universal,...

Business6 days ago

What is the True Cost of SMS Phishing?

Gemma Staite, Threat Analytics Lead   Cybercriminals will recycle attack strategies for as long as they are effective. In Fraud...

Technology7 days ago

Digital Asset Management (DAM) To Transform Enterprise Brand Management

Alexander Rich, Co-founder and CEO – Desygner    Rapid digital transformation fuelled by the pandemic has undoubtedly proven beneficial to...

Finance7 days ago

Cost of living: How to identify vulnerable customers

Ellie Engley is account director at REaD Group   In the current climate, the cost of living crisis is a...

Banking7 days ago

Is traditional business banking the best option for SME finance squeezes?

Airto Vienola, CEO, AREX Markets  The pressures facing business and personal finances alike have been well documented. Stories are now starting...

Business7 days ago

Breaking down communications silos to streamline the customer experience

Dave Tidwell, Head of Technical Pre-sales, DigitalWell   The pandemic has, without doubt, moved the goalposts when it comes to...

Business7 days ago

How growth can be a big challenge when a business becomes multiple entities

By Paul Sparkes, Commercial Director of award-winning accounting software developer, iplicit. Organisations don’t just grow in size – they also...

Trending