Connect with us

Top 10

WILL WE EVER WITNESS UNHACKABLE BIOMETRIC SECURITY?

We often hear the word biometric, but what exactly is a biometric? A biometric usually refers to a device that can sense, record, and then process data based on some natural and sufficiently unique characteristics of the human body such as the fingerprint, face, voice, etc. which is stored in a database and accessible via computer. This is generally with the purpose of providing secure and hard to falsify authentication of an individual’s identity.

According to David Orme from Finance Derivative, By 2023, the global biometrics market is predicted to grow by more than 15%, to over $24 billion. This means that not only Americans are embracing the security of biometric authentication, emerging regions such as Latin America, Africa, and Asia are on this trend too. Over the years biometrics are getting sophisticated, just like a laptop to an ultrabook. Well, biometrics are improving too, but is a biometric unhackable?

 

Biometric Data Types

Face recognition

By measuring unique patterns of a person’s face such as face contours. It is widely used in smartphones and laptops, google is currently in the process of opening support to facial recognition with the ChromeOS platform.

Iris recognition

The person’s iris is very unique in that it is considered more secure than fingerprint, an iris is the colorful area of the eye surrounding the pupil, but it’s not widely used because of the high cost.

Fingerprint scanner

This is widely used in smartphones and laptops to unlock screens, it is capturing the unique patterns of ridges and valleys on a finger.

Voice recognition

The device would measure the unique sound waves in your voice as you speak to match in the database for identity, most banks use this to identify your identity when calling the about your account to prevent identity theft.

Hand Geometry

This is typically used in security applications, it’s about measuring and recording the length, thickness, width, and surface area of your hands.

Behavior characteristics

It analyzes the way you interact with a computerized system, like keystroke, handwriting, the way you walk, how you used the mouse, and other movements that can assess who you are.

 

Is Biometric Unhackable?

The truth is, biometrics are hackable. There are many ways to hack a biometric, it’s not that easy but it’s not that hard either. There are many brilliant people out there who always finds a way to hack something, take the anonymous as an example. The biometric manufacturer tries to build a formidable biometric, but someone out there can reverse engineer those and could find loopholes in its security.

 

Problems with Biometrics

Biometrics are not private

You may think that biometrics are sucre, after all, you are the only one owning your eyes, ears, fingerprint, etc. but that doesn’t guarantee safety. Your biometrics are exposed to the public.

Your biometric data features are exposed everywhere, it’s just a matter of strategy on how to get and use them, your fingerprint is found on anything you touch and there’s a way to acquire it, your face can be easily captured and used, your voice could be recorded. Yes, almost all of those are easy to acquire.

Biometrics can be forged

There are many recorded successful hacks on biometrics, in fact, once a hacker gets a picture of your biometric data such as eyes, finger, ears, etc. they can easily gain access to your account. Let’s take Apple’s touchID as an example, famous hacker Jan Krissler beat the technology just a day after the iPhone was released.

It’s very easy to steal anyone’s identification, the hacker just needs a high-resolution photo of your biometric data, one example is the German Minister of Defense Ursula von der Leyens, it only took a photo of his finger and reconstructed the thumbprint using VeriFinger and just like that Krissler gained access.

If you believe that an eye scan is more secure then you are wrong, a hacker fooled Samsung’s S8 iris recognition and it wasn’t even a high priced hack, it was executed by juts placing a contact lens made from a photo of the user’s eye.

Hack consequences on biometrics

The stolen user’s identity can be used to falsify documents, criminal records or passport which could do more damage beyond imaginable. The worst part of biometric data is that if stolen you have another eye, ear, voice, etc. means you can’t replace physical identifiers.

Biometric may provide another level of security but it’s not that foolproof, maybe in the years to come biometric companies could develop more secure identification through the use of biometric to deter inherent downfalls and possibly build an unhackable one.

 

Conclusion

As of now, biometrics have many things to improve. But nonetheless, it provides another level of security, it just a matter of how an organization implements it. Just like any other security, biometrics could be more secure if used correctly, like multiple authentications instead of solely relying on biometrics. We’ll never know in the future, biometric companies may develop an unhackable biometric that would strengthen the security around the globe.

 

Finance

THE OUTPERFORMER’S APPROACH TO FINANCIAL PROCESS AUTOMATION

By Michelle Trapani, Director of Product Marketing at Kofax

 

Achieving more with less is the mantra of our times. C-suite leaders demand greater efficiency. CFOs are looking to reduce costs. Customers and employees expect stellar experiences. The ability to outperform these expectations hinges on your financial operations, a vital area impacting every facet of your business.

For instance, if vital master data is incorrect, it’ll have a negative impact on service level quality, as well as the reputations of the finance and purchasing departments. Without accurate and timely visibility into processes, transparency is reduced, and it’s more difficult and time-consuming to manage compliance. The combination makes it harder to please executives, CFOs, customers, and vendors.

That’s why financial process automation is the key to operational efficiency and the overall success of your business. Even small- and medium-sized businesses are investing in process automation to optimise the financial processes within enterprise resource planning (ERP) systems, such as SAP.

For many, accounts payable is the first financial process to be automated. Like many other financial areas, Accounts Payable (AP) is mired in paper and consumed by highly manual tasks. For these reasons, once AP is automated, the benefits become quickly apparent, leading firms to immediately consider which other financial processes they can optimise. However, outperformers know the approach that yields the greatest return is automation of the entire purchase-to-pay process chain.

Why? Let’s consider what benefits can be gained from automating document-driven and transactional processes tied to an SAP ERP system – in AP and beyond.

 

Why a high-level of automation is an advantage

We don’t have to look far to see how end-to-end automation eliminates labour-intensive work, reduces costs, and increases process efficiency. Organisations with high levels of automation provide indisputable proof of the advantages of the outperformers’ approach.

According to research by Shared Services Link and Kofax, just 12 percent of organisations with high levels of automation manually process their invoices compared to 74 percent of those with low levels of automation. In addition, only 41 percent of highly automated companies experience problems with purchase orders, 24 percent have poor visibility into spend, and 8 percent fail to capture early payment discounts. By comparison, those with low-level automation report these same problems significantly more often: 68 percent, 23 percent, and 24 percent, respectively.

In an age when process automation has become table stakes, there are clear advantages for organisations that optimise processes across the business. “Best-in-class” firms – those with high levels of automation – don’t only become more competitive, they save time and resources as well.

Comparing “best-in-class” organisations to others illustrates the sharp differences. According to Ardent Partners, a “best-in-class” organisation processes 57.1 percent of all invoices “straight-through,” in just 3.9 days at an all-inclusive cost of $2.87 per invoice. By contrast, the gap with other organisations – those with low levels of automation – is wide: Only 16.1 percent of invoices are processed straight-through, and a single invoice takes 17.1 days to close and costs $15.38. Further, “best-in-class” organisations experience 81 percent lower invoice processing costs and 77 percent faster invoice processing cycle times.

 

Why ERP optimisation?

Another reason to follow the outperformers’ approach is to increase the return on investment of Enterprise Resource Planning (ERP) software. Many organisations haven’t fully leveraged their investments in ERP software, like SAP, giving them plenty of hidden opportunities to exploit.

“ERPs are not optimised for all the complex activities occurring today, such as matching printed or electronic invoices with supplier master data, purchase orders, shipping, tax and discount data,” says consultancy The Hackett Group. “Since it can be cost-prohibitive to replace a legacy ERP, companies often augment them instead with document management systems.”

When processes are paper-driven and manual, financial teams struggle to meet the volume-based performance requirements set by their CFOs. Meeting the high bar for raw numbers of invoices and payments processed is exceedingly difficult without automation. Think back to the pain points listed above. Every time the process is interrupted because the PO number is wrong, there’s an invoice exception or an early pay discount is missed, the process slows appreciably – or breaks down entirely.

One option is to use a certified add-on solution providing a single software platform to automate a series of processes directly within the ERP system. For SAP users, this type of solution offers more than integration with the ERP system; it provides the exact same look and feel as any other SAP transaction. It can be presented inside of the SAP GUI, providing non-SAP users an intuitive interface, and offering a real-time view of workloads, pending tasks, document inflow, ongoing transactions, and up-to-the-moment validation against SAP data. Solutions like this are proven to help users become more cost efficient, improve control over financial processes and shorten total processing times.

 

How to dominate your financial process

As the examples above show, expanding process improvement from AP to the entire purchase-to-pay process chain allows you dominate your financial processes in SAP, realise maximum efficiency and take your current ROI to the next level. Whether you’re just starting your automation journey or want to expand past AP, a full-scale strategy for end-to-end financial process automation will enable you to begin working like tomorrow, today.

 

About the author

In her role as Director of Product Marketing, Michelle Trapani delivers market positioning, strategic narratives and go-to-market strategies driving awareness, preference, and growth – bringing an increased level of insight, leadership, and overall execution discipline to Kofax’s growing business. Michelle was most recently with Cinch Connectivity Solutions where she reduced product launch times from eight months to eight-12 weeks. Previously, Michelle was with Adobe, Equinix, IBM, Infogix, iPass, Macrovision and Vision Solutions. Michelle earned a Bachelor of Arts degree at Illinois State University.

Continue Reading

Technology

WHY TECHNOLOGY IS KEY TO THE FUTURE OF AUDITING

By Piers Wilson, Head of Product Management at Huntsman Security

 

The Financial Reporting Council (FRC), which is responsible for corporate governance, reporting and auditing in the UK, has been consulting on the role of technology in audit processes. This highlights growing recognition for the fact that technology can assist audits, providing the ability to automate data gathering or assessment to increase quality, remove subjectivity and make the process more trustworthy and consistent. Both the Brydon review and the latest AQR thematic suggest a link between enhanced audit quality and the increasing use of technology. This goes beyond efficiency gains from process automation and relates, in part, to the larger volume of data and evidence which can be extracted from an audited entity and the sophistication of the tools available to interrogate it.

As one example, the PCAOB in the US has for a while advocated for the provision of audit evidence and reports to be timely (which implies computerisation and automation) to assure that risks are being managed, and for the extent of human interaction with evidence or source data to be reflected to ensure influence is minimised (the more that can be achieved programmatically and objectively the better).

However, technology may obscure the nature of analysis and decision making and create a barrier to fully transparent audits compared to more manual (yet labour intensive) processes. There is also a competition aspect between larger firms and smaller ones as regards access to technology:

Brydon raised concerns about the ability of challenger firms to keep pace with the Big Four firms in the deployment of innovative new technology.

The FRC consultation paper covers issues, and asks questions, in a number of areas. Examples include:

  • The use of AI and machine learning that collect or analyse evidence and due to the continual learning nature, their criteria for assessment may be difficult to establish or could change over time.
  • The data issues around greater access to networks and systems putting information at risk (e.g. under GDPR) or a reluctance for audited companies to allow audit firms to connect or install software/technologies into their live environments.
  • The nature of technology may mean it is harder for auditors to understand or establish the nature of data collection, analysis or decision making.
  • The ongoing need to train auditors on technologies that might be introduced, so they can utilise them in a way that generates trusted outputs.

Clearly these are real issues – for a process that aims to provide trustworthy, objective, transparent and repeatable outputs – any use of technology to speed up or improve the process must maintain these standards.

 

Audit technology solutions in cyber security

The cyber security realm has grown to quickly become a major area of risk and hence a focus for boards, technologists and auditors alike. The highly technical nature of threats and the adversarial nature of cybers attackers (who will actively try and find/exploit control failures) means that technology solutions that identify weaknesses and report on specific or overall vulnerabilities are becoming more entrenched in the assurance process within this discipline.

While the audit consultations and reports mentioned above cover the wider audit spectrum, similar challenges relate to cyber security as an inherently technology-focussed area of operation.

 

Benefits of speed

The gains from using technology to conduct data gathering, analysis and reporting are obvious – removing the need for human questionnaires, interviews, inspections and manual number crunching. Increasing the speed of the process has a number of benefits:

  • You can cover larger scopes or bigger samples (even avoid sampling all together)
  • You can conduct audit/assurance activities more often (weekly instead of annually)
  • You can scale your approach beyond one part of the business to encompass multiple business units or even third parties
  • You get answers more quickly – which for things that change continually (like patching status) means same day awareness rather than 3 weeks later

Benefits of flexibility

The ability to conduct audits across different sites or scopes, to specify different thresholds of risk for different domains, the ease of conducting audits at remote locations or on suppliers networks (especially during period of restricted travel) are ALL factors that can make technology a useful tool for the auditor.

 

Benefits of transparency

One part of the FRC’s perceived problem space is that of transparency, you can ask a human how they derived a result, and they can probably tell you, or at least show you the audit trail of correspondence, meeting notes or spreadsheet calculations. But can you do this with software or technology?

Certainly, the use of AI and machine learning makes this hard, the learning nature and often black box calculations are not easy to either understand, recalculate in a repeatable way or to document. The system learns, so is always changing, and hence the rationale that a decision might not always be the same.

In technologies that are geared towards delivering audit outcomes this is easier. First, if you collect and retain data, provide an easy interface to go from results to the underlying cases in the source data, it is possible to take a score/rating/risk and reveal the specifics of what led to it. Secondly, it is vital that the calculations are transparent, i.e. that the methods of calculating risks or the way results are scored is decipherable.

 

Benefits of consistency

This is one obvious gain from technology, the logic is pre-programmed in.  If you take two auditors and give them the same data sets or evidence case files they might draw different conclusions (possibly for valid reasons or due to them having different skill areas or experience), but the same algorithm operating on the same data will produce the same result every time.

Manual evidence gathering suffers a number of drawbacks – it relies on written notes, records of verbal conversations, email trails, spreadsheets, or questionnaire responses in different formats.  Retaining all this in a coherent way is difficult and going back through it even harder.

Using a consistent toolset and consistent data format means that if you need to go back to a data source from a particular network domain three months ago, you will have information that is readily available and readable.  And as stated above, if the source data and evidence is re-examined using a consistent solution, you will get the same calculations, decisions and results.

 

Benefits of systematically generated KPIs, cyber maturity measures and issues

The outputs of any audit process need to provide details of the issues found so that the specific or general cases of the failures can be investigated and resolved.  But for managers, operational teams and businesses, having a view of the KPIs for the security operations process is extremely useful.

Of course, following the “lines of defence” model, an internal or external “formal” audit might simply want the results and a level of trust in how they were calculated; however for operational management and ongoing continuous visibility, the need to derive performance statistics comes into its own.

It is worth noting that there are two dimensions to KPIs:   The assessment of the strength or configuration of a control or policy (how good is the control) and the extent or level of coverage (how widely is it enforced).

To give a view of the technical maturity of a defence you really need to combine these two factors together.  A weak control that is widely implemented or a strong control that provides only partial coverage are both causes for concern.

 

Benefits of separation of process stages

The final area where technology can help is in allowing the separation and distribution of the data gathering, analysis and reporting processes.  It is hard to take the data, evidence and meeting notes from someone else and analyse it. For one thing, is it trustworthy and reliable (in the case of third-party assurance questionnaires perhaps)? Then it is also hard to draw high-level conclusions about the analysis.

If technology allows the data gathering to be performed in a distributed way, say by local site administrators, third-party IT staff or non-expert users BUT in a trustworthy way, then the overhead of the audit process is much reduced. Instead of a team having to conduct multiple visits, interviews or data collection activities the toolset can be provided to the people nearest to the point of collection.

This allows the data analysis and interpretation to be performed centrally by the experts in a particular field or control area. So giving a non-expert user a way to collect and provide relevant and trustworthy audit evidence takes a large bite out of the resource overhead of conducting the audit, for both auditor and auditee.

It also means that a target organisation doesn’t have to manage the issue of allowing auditors to have access to networks, sites, data, accounts and systems to gather the audit evidence as this can be undertaken by existing administrators in the environment.

 

Making the right choice

Technology solutions in the audit process can clearly deliver benefits, however if they are too simplistic or aim to be too clever, they can simply move the problem of providing high levels of audit quality. A rapidly generated AI-based risk score is useful, but if it’s not possible to understand the calculation it is hard to either correct the control issues or trouble shoot the underlying process.

Where technology can assist the audit process, speed up data gathering and analysis, and streamline the generation of high- and low-level outputs it can be a boon.

Technology allows organisations to put trustworthy assurance into the hands of operations teams and managers, consultants and auditors alike to provide flexible, rapid and frequent views of control data and understanding of risk posture. If this can be done in a way that is cognisant of the risks and challenges as we have shown, then auditors and regulators such as the FRC can be satisfied.

 

Continue Reading

Magazine

Partner Events

Trending

Finance6 hours ago

THE OUTPERFORMER’S APPROACH TO FINANCIAL PROCESS AUTOMATION

By Michelle Trapani, Director of Product Marketing at Kofax   Achieving more with less is the mantra of our times....

Banking7 hours ago

WHY BANKS NEED TO EMBRACE WELLBEING IN THE DIGITAL EXPERIENCE

Howard Pull, Head of Digital Transformation Strategy at MullenLowe Profero   The impact of the COVID-19 crisis on the economy...

Finance16 hours ago

SAFEGUARD YOURSELF FROM FINANCIAL STRUGGLE AND UNCERTAINTY IN THE CASE OF DEMENTIA

Despite the rising incidence of dementia globally – The World Health Organization (WHO) estimates one new case every three seconds...

Technology16 hours ago

WHY TECHNOLOGY IS KEY TO THE FUTURE OF AUDITING

By Piers Wilson, Head of Product Management at Huntsman Security   The Financial Reporting Council (FRC), which is responsible for corporate...

Finance2 days ago

BOOM OR BUST: HOW THE FINANCIAL SERVICES SECTOR IS COPING

by Simon Black, CEO, Awaken Intelligence   Covid-19 has had an impact across all industries and businesses are feeling the...

Business2 days ago

BACK TO SCHOOL – CEOS NEED TO LEARN A NEW LANGUAGE, FAST!

By Simon Axon, Financial Services Industry Consulting practice lead in EMEA, Teradata   Chief Executive Officers of banks know all...

Business2 days ago

REVITALISING THE TOKEN MARKET

By Gavin Smith, CEO at Panxora   With interest rates near zero and fears that whipsawing stock markets are set for...

Business2 days ago

A SLEEPING DIGITAL GIANT WAKES? 4 KEY TRENDS ACCELERATING PAYMENTS TRANSFORMATION IN THE US

Lauren Jones, International Payments Ambassador, Icon Solutions   The US payments industry is undoubtedly ripe for change. Before the unprecedented...

Finance2 days ago

CAN ACCOUNTING DEPARTMENTS WIN THE FIGHT AGAINST FRAUD?

Magali Michel, Director, Yooz   Despite the implementation of increasingly sophisticated security systems, corporate fraud continues to gain ground: half...

Finance2 days ago

REMOTE INVOICE CAPTURE: ADAPTING TO THE NEW WAY OF WORKING

Author: James Adie, Vice President EMEA Sales at Ephesoft   When the government announced a country-wide lockdown on March 23,...

News2 days ago

GALA TECHNOLOGY SELECTS NUAPAY TO ENABLE OPEN BANKING PAYMENTS

Nuapay, powered by Sentenial, today announces it has been chosen by Gala Technology, a payment security solution specialist, to provide Open...

Top 103 days ago

THE ROLE OF OPEN SOURCE IN UNCERTAIN TIMES

Kris Sharma, Finance Sector Lead, Canonical   Financial services are an important part of the economy and play a wider...

Wealth Management3 days ago

SIMPLIFYING THE RETIREMENT FUND DEATH CLAIMS PROCESS

By Dolana Conco, Regional Executive at Alexander Forbes   Losing a loved one is one of the most difficult experiences...

News3 days ago

THE EMBEDDED BENEFITS IN ESEF DIGITAL FINANCIAL REPORTING

The inclusion of a simple link delivers serious gains in transparency, trust and real time verifiability for the whole financial...

News3 days ago

YAPILY AND OZONE API PARTNERSHIP MARKS TURNING POINT IN OPEN BANKING ADOPTION FOR BANKS

Open banking leader Yapily has today announced a strategic partnership with Ozone API, the leading API standards-based platform, to enable banks and...

News4 days ago

PROGRESSIVE SCENARIO PLANNING FOR THE LIBOR TRANSITION

James Gannaway, Head of Financial Services, Board International   The Financial Stability Board have announced that disruption to markets caused...

News4 days ago

AS DIGITAL TRANSFORMATION ACCELERATES, ENTRUST DATACARD BECOMES “ENTRUST”

Entrust name and identity reflect the critical need for trust at the heart of the digital transformation – and the...

Finance4 days ago

HOW TO TAME YOUR FINANCES TO REGAIN CONTROL OF YOUR MONEY

Credit, combined with bad spending habits, means many South Africans find themselves living from payday to payday, but you can...

Business4 days ago

HOW DATA VIRTUALISATION CAN HELP THE FS INDUSTRY REGAIN COMPLIANCE CONTROL

Charles Southwood, Regional VP – Northern Europe and MEA at Denodo    In recent years, the financial services (FS) sector has witnessed a...

Finance5 days ago

HOW TECHNOLOGY IS CHANGING ACCOUNTING

Mike Whitmire is Co-founder and CEO of FloQast,   The fundamentals of accounting have been around for hundreds of years....

Trending