Biometrics becoming the norm for Aussie banking > Biometrics > Biometrics & Forensics > News > SC Magazine Australia/NZ

Log into online banking at the blink of an eye.

Australian banks are taking a closer look at biometric authentication as a means of reducing fraud, thanks to an improved business case, increased consumer concerns about personal data and some impressive breakthroughs in technology.
In June, National Australia Bank became the first Australian bank to roll out a biometric-based solution for customer authentication, implementing a voice-based system for telephone banking customers.
Tim Cullen, head of direct channels with NAB, said the voice authentication has "far exceeded expectations."
"Nine out of ten customers when offered it are taking up the service," he said.
Cullen said the bank initially experienced some technical problems with the biometric-based technology when attempting to enrol users, but eventually managed to iron these issues out. The bank is now hoping to expand the option to mobile phone banking users, he said.
"Expanding voice biometrics into mobile Internet banking just seemed a logical extension from a usability perspective," he said.
Cullen said he would also consider deploying the solution to an online payments environment in a bid to help reduce card-not-present fraud.
As banks around the world gradually deploy chip-based cards with PIN authentication, Cullen points out fraud is simply shifting to card-not-present environments.
"For us it's about real-time monitoring of card-not-present transactions...but we certainly could move to voice and outbound (calls) for certain transaction types."
Beyond voice
Voice is just one of many biometric identifiers that can be used for the purposes of identification and authentication. In the US, biometric security specialist Global Rainmakers has been targeting banks with its HBOX iris scanning system.
Iris scanning is different to retina scanning, which requires the emission of light and close contact between the scanner and user.
Former Bank of America executive Jeff Carter now sits on the board of Global Rainmakers and says by the first quarter of 2010 the company will have the technology deployed in a mobile phone to allow remote authentication.
"It will go into a phone that has a high enough resolution to complete the registration," he said.
Fraud remains a major driver for banks considering the use of biometric-based authentication.
Customers have high expectations of the way banks manage their data said Cullen. "I think while banks are very protective over data, some other organisations aren't. So having a biometric protecting your identity provides added peace of mind."
"One of the questions we ask is what inconvenience are customers willing to accept for peace of mind, and I think tolerance in today's world is reasonably high, especially in terms of online banking" said Cullen.
In this case however, Cullen said the successful acceptance of voice biometrics has largely been as a result of its ease of use.
"There's probably not a lot of new technologies out there that create a safer experience that are easier to use or create a better customer experience."

A National ID card in 2010?

A new attempt at immigration reform may require a biometric ID card for all working Americans. Privacy advocates aren't pleased

National identification cards, long feared by privacy advocates, may soon become mandatory for American workers. In a bipartisan effort to curb the hiring of illegal immigrants, Sens. Charles Schumer (D-NY) and Lindsey Graham (R-SC) have proposed legislation that, if passed, will require all working Americans to carry biometric ID cards containing fingerprint records and other personal information. Sen. Schumer calls the measure "the nub of solving the immigration dilemma." But Chris Calabrese, an American Civil Liberties Union lawyer, warns the cards would be a "massive invasion" of privacy. Are national ID cards the solution to our immigration woes — or an unacceptable intrusion into our lives? (Watch Ron Paul chime in on the national ID card debate)

This is an affront to our freedom as Americans: Not only would this "ghastly" plan be a frightening invasion of privacy, says Alex Nowarsteh in Fox News, it "would treat every American like a criminal by requiring them to enter their most intimate and personal data into a government database." This is a "naked government power grab," and it must be stopped.
"5 reasons why America should steer clear of a national ID card"

The privacy concerns make no sense: If we're ever going to improve our national security, the "infuriatingly nonsensical" hand-wringing over privacy needs to end, says Donn Tennant in IT Business Edge. Many non-criminals, including members of the armed forces and "most public servants," are already fingerprinted, and their liberty remains intact. And having to show "a national ID with your biometric information" at the airport is no more "loathsome" than showing a driver's license.
"National ID cards: Pointless privacy argument is getting old"

Issuing every American an ID card would be wasteful: Instituting the national ID cards now, says Megan Carpentier in Washington Examiner, would add "hundreds of millions of dollars" to the federal debt, and impose painful costs on employers. All that just to keep "less than 4 percent of the total population of the United States from accessing the job market. Apparently, cost-benefit analyses aren’t the rage on Capitol Hill these days."
"The government would like to see your papers, please"

It won't pass, anyway: Privacy advocates aren't the only ones who don't want this bill to pass, says Jack Cafferty in CNN. The aim of worker ID cards is to make it harder for employers to hire illegal immigrants. "If you think the corporations that make huge profits on the backs of an illegal alien workforce are going to let something like that get through, think again."
"Are worker ID cards a good idea?"

Howard Schmidt Dismisses Cyberwar Fears

Howard Schmidt Dismisses Cyberwar Fears

White House Cybersecurity Coordinator Howard Schmidt isn't buying into the grim forecasts that the United States is ill prepared to defend the government's and nation's critical information assets from an immense virtual attack by political adversaries or cyber criminals. 

Schmidt, in a face-to-face interview with GovInfoSecurity.com, said the federal government and the private businesses that control 85 percent of the nation's critical IT infrastructure are better positioned than ever to fend off massive digital assaults.

The Obama administration's top cybersecurity official was responding to questions about recent comments made by former National Intelligence Director Michael McConnell that the United States would lose a cyberwar and a simulated cyber attack known as Cyber ShockWave, aired last month on CNN, that disrupts smart phone service to 20 million customers, shutters an electronic energy trading platform and cripples the power grid along the Eastern seaboard.

"How would we fare in some sort of a massive cyber intrusion and attack like that? I think we're much better prepared now than we were in the past," Schmidt said in the interview held during the RSA 2010 IT security conference in San Francisco.

IT security professionals protecting key systems know of the existence of the vulnerabilities and are taking steps to mitigate them to lessen their impact, he said.

BioVault: biometrically based encryption

BioVault: biometrically based encryption

Article Abstract

	Title:	BioVault: biometrically based encryption
	Author:	B.L. Tait, S.H. Von Solms
	Address:	University of Johannesburg, Kingsway Avenue, Auckland Park 2006, Gauteng, South Africa. ' University of Johannesburg, Kingsway Avenue, Auckland Park 2006, Gauteng, South Africa
	Journal:	International Journal of Electronic Security and Digital Forensics 2009 - Vol. 2, No.3 pp. 269 - 279
	Abstract:	Biometric-based token authentication is an asymmetric (von Solms and Tait, 2005) authentication technology. This means that the reference token generated during the enrolment process and stored in the biometric database, will never match any freshly offered biometric token exactly (100%). This is commonly accepted due to the nature of the biometric algorithm (Wayman et al., 2004) central to the biometric environment. A password or pin on the other hand, is a symmetric authentication mechanism. This means that an exact match is expected, and if the offered password deviates ever so slightly from the password stored in the password database file, authenticity is rejected. Encryption technologies rely on symmetric authentication to function, as the password or pin is often used as the seed for a random number that will assist in the generation of the cipher. If the password used to encrypt the cipher is not 100% the same as the password supplied to decrypt, the cipher will not unlock. The asymmetric nature of biometrics traditionally renders biometric tokens unfit to be used as the secret key for an encryption algorithm. This article introduces a system that allows biometric tokens to be used as the secret key in an encryption algorithm. This method relies on the BioVault infrastructure. For this reason, BioVault will briefly be discussed, followed by a discussion of biometrically based encryption.