Authenticity Through Biology: Biosignature
By Jeff Maynard
“Banks Heap Suits on Target Over Breach” read a recent headline in the Wall Street Journal story. By the time the story broke, seven financial institutions had filed class action suits against Target, alleging it did not sufficiently protect its customer’s data. In fact, they might have a good case. Target had recently announced that 40 million customers’ private credit information might have been compromised, despite the fact it was encrypted.
Target is far from alone in this. The Risk Based Security and Open Security Foundation reported a record number of 2,644 breaches in 2012. Of these, 70 percent were due to external hacking. A total of 267 million records were exposed, and according to Javelin Research, the dollar amount stolen was $21 billion, a three-year high. Obviously, “business as usual” will no longer suffice when it comes to online protection. To reassure and retain skittish consumers, any entity that engages in e-commerce must employ security methods that go beyond ordinary PIN and passwords.Biometric-signature authentication is one such option. Biometric is a more secure approach to providing greater accuracy in customer verification. Given that the latest systems require no additional hardware; entail no extra expense by users; reside “in the cloud” outside of the company’s business system; and allow for the monitoring of fraudulent activity, biometric verification is emerging as a strong new defense.
“We have utilized signature biometrics for nearly three years with over 10,000 student users, and it has exceeded our expectations,” says Dr. Mark Sarver, CEO of eduKan, a consortium of community colleges offering online courses and degrees. “It provides an identity-proofing means that is transparent to our students while respecting their privacy, is available anytime, and stays cost-effective for the institution.”
Advancing Toward the Next Level in Customer Authentication
Identification-checking modalities currently fall into three basic categories:
1. Something (presumably) only the user knows, such as a PIN or password.
2. An item the user has in his or her possession, such as a flash drive or a token that provides random authentication codes, credit cards, and personal ID in various forms including a phone.
3. Biometrics, something physically or behaviorally unique to the individual.
Of these, the first modality is a proven failure. Cybercriminals have repeatedly proven that it’s easy to crack passwords and PINs. The second modality also presents a problem: requiring a user to possess a verification tool, like a flash drive, entails the cost of purchasing, producing and distributing the necessary hardware. These items also break, get misplaced or can be stolen. Once stolen, the owner’s information is compromised because the device is all that’s required to access their records.
This leaves biometric verification. Examples of biometric verification include fingerprints, iris scans, facial recognition, and even vein scanning. While this offers near-absolute verification, this type of identification requires sophisticated, costly hardware.
Within biometrics, there are numerous possibilities that we expect to see increasing in usage. Biosignature typing via handwriting is one such possibility. Identification is accomplished by having the user hand write letters or numbers within a confined space by moving his or her finger, mouse, or stylus. Unique writing attributes such as length, angle, speed, height, and number of strokes are assessed and stored in an encrypted database. Software algorithms compare this data against patterns collected by the user’s subsequent logins, confirming whether or not they match.
Many retailers and e-tailers have not implemented better security measures because they don’t want their clients to spend additional time going through extra security. Extra time may mean loss of clients and sales. But consider this: in 2010, Consumer Reports said there were 50 million people paying $120–$300 yearly for identity theft protection. It seems likely these same people would be willing to spend a little additional time if it meant a higher level of security for their personal data.
Ultimately, no matter what method proves superior, there is no doubt that online security concerns will continue to increase even as hackers become more sophisticated. It seems likely that biosignature ID verification will play an increasingly important role in helping to prevent organizations from becoming the next target for a cyberattack.
Read the full article here