ImageWare Systems - Security as a service: a licence to beat hackers
While there is much debate about the merits of different biometric security systems, there is no doubt that they are the future of authentication and identification in the financial services sector. We speak to solution provider ImageWare Systems CEO, Jim Miller, about how software-as-a-service biometrics can deliver better protection, more flexibility and reduced cost.
Enhanced security is a priority for most large enterprises, but perhaps for banks more than any other. It is widely agreed that the future will be dominated by biometric authentication systems, among which there are many competing solutions. In the not too distant future, PINs and passwords will be consigned to history, but questions remain about which biometric technologies to invest in, and how to strike the right balance between performance and cost-effectiveness.
One solution provider has invested great time and effort into making the implementation of biometrics security simple, quick and cost-efficient. At the same time, it is giving large organisations the flexibility to choose what type of solution to use in specific applications. The company is ImageWare Systems and its CEO, Jim Miller, foresees a time when banks will have put up defences that will be almost impossible to breach.
"Large enterprises are hacked to death and many of these hacks happen because of compromised PINs and passwords. You can give up relying on those security measures when you use biometrics systems. This is good for security and can save money. The ubiquitous password reset request that is sent when a customer has forgotten a password entails an alarmingly high cost. It takes a lot of people in the back room to keep passwords safe," he remarks.
"Using PINs and passwords is laughable. They go back to ancient history and so does their vulnerability. The Greek Army used a password in battle in 438BC, and when it was stolen, it resulted in the battle being lost. With the advent of BYOD [bring your own device], passwords are a disaster. A device might have multiple users and no one may know where the device has been. Biometric systems do what PINs and passwords don't - they identify a single, unique user," he adds.
A wide range: different platforms hosting the latest biometric solutions
Since it began, ImageWare has focused on innovative, patent-protected technology that uses open architecture and plug-and-play functionality to provide solutions that work across numerous devices, platforms and applications. The company has built up its credentials in the law enforcement sector, and its interactive, scalable cloud-based solutions have a proven track record.
The company has also just launched its GoVerifyID Enterprise Suite, which brings its versatile biometrics authentication technology into a new market. Compatible with Windows, it is a snap-on to the Active Directory service that can be installed on an enterprise server in under 15 minutes.
"The solution is licenced as a service, so there is no upfront cost. Also, an enterprise can run any biometric system it chooses - voice, face recognition, fingerprints or any other. It is versatile and cost-efficient. The whole idea is to give users the biometrics solution they want for the situation they are in. Fingerprint authentication is good in some places, but if it is cold or if you are in the percentage of the population that has no readable fingerprint then it is not the best choice," says Miller.
"Our back-end biometrics platform enables multimodal authentication. It could be a fingerprint, voice recognition, an iris scan or many other things. The important thing is that the client can use what is best in any circumstance. Face and voice recognition are becoming more popular because most devices have that capability. Mobile devices are coming out in 2017 that will have iris-scanning capability. So, we have made the choice easy for our clients."
Consumers are now becoming more adept at using biometric systems
Pushing forward the viability of biometric systems is the growing familiarity that customers have with the technology. Not only do they see it in more places as part of their everyday lives, but they are also being asked to perform simple everyday tasks to authenticate their identity. Air travellers may have their faces scanned at airports or people may use their fingerprint to unlock a mobile device, and, whether or not we like to admit it, almost all of us have taken a selfie.
"Saying a passphrase or photographing ourselves, these are things we do every day without thinking about it. Using these simple actions, it is easy to prove that a person really is who they claim to be. Password resets usually just require some personal information, which might be bought from somewhere on the dark web, so if you do want to keep using passwords then why not use a biometric authentication system to reset it?" asks Miller.
"For our clients, it is easy to set up a biometric system. We like to say that we built a toaster. Every time you use it, you don't need to know how it works. You just push the button and the toast comes out the same way every time. With GoVerifyID, improved security is a given but equally important is to ease the friction of use. Maybe customers can even have a little fun using it. It is a useful and very usable technology that does not bring much risk with it," he adds.
A simple way to secure the brand and maintain reputation in the process Warren Buffet famously said that 'it takes 20 years to build a reputation and five minutes to ruin it'. "If you think about that, you'll do things differently," he added, and this is sage advice for the banking sector. The number of headlines about high-profile data breaches continues to grow and these stories paint a dismal picture of the cost of failures in security.
Miller points to some high-profile examples of the damage data breaches can do. Firstly, JPMorgan Chase in 2014 was the victim of an attack that compromised data associated with 83 million accounts, including seven million small businesses. This attack is still seen as one of the largest data breaches in history. Secondly, in 2015, a hack on Experian compromised an internal server and exposed data including 15 million social security numbers. For banks, which rely on the trust of their customers, it can be hard to recover from the reputational damage caused by such lapses in security - particularly at a time when the financial services sector is becoming more competitive and switching banks is easier than ever.
"In those examples, hackers broke into the network and accessed poorly stored data. There is growing recognition that banks have a security problem that they must fix. It has become a C-level concern. In fact, CEOs of financial services companies are leaving their jobs over it. We have 15 years' experience in the biometrics field, mostly for government agencies, so we know that it is easy to lock down and secure vulnerable access points," Miller explains.
"Our software answers the crucial question: who is logging on to my network? With the right PINs and passwords, someone could look like me if they are using my device. Our solution is installed in minutes and has no upfront costs, so the risk of adoption is small. It provides authentication in just one second. People trust banks to take care of their money and their personal data. The brand damage of failing to do so, not to mention the fines and other sanctions, could be fatal."
Ready for a fight: showing hackers that there is no entry point
Miller believes that biometrics solutions take the fight against hackers and fraudsters to a whole new level, and he speaks from experience. The technology is already available and ImageWare's own solutions have been used in government applications for over ten years. Some implementations have been running 24/7 since the early 2000s.
"Make no mistake, the hackers are getting smarter and more persistent. They will keep coming, but we are seeing banks' attitudes change. The CEO, the CIO and the CTO are all involved in the decision because they know that their jobs and the success of their company are on the line. As Samuel Johnson said, when a man knows he is to be hanged in a fortnight it concentrates his mind wonderfully," Miller remarks.
"If any bank is afraid of being the first to move, then it should remember that it is not the first. Government agencies use this technology every day. For instance, we designed the Government of Canada's TSA restricted access programme, which has been running in every airport for nine years. It is much easier now for financial services organisations to avail themselves of the technology because it has a track record of proven operation."