Identity theft is costing South Africa as much as R1-billion per year and has increased by more than 200% in the past six years. It is clear that consumers need an easy to manage security solution, but is biometrics the way forward?
Growing cyber risk has ushered in the need for watertight methods of protecting personal data. According to the South African Fraud Prevention Service, identity theft is costing the country at least R1 billion per year and has increased by more than 200% in the last six years.
Demanding and tech-savvy users continue to exert extreme pressure on companies to solve the convenience versus security conundrum. This is where a seamless customer experience and data security intersects.
In today’s mobile world it is increasingly important to have secure, on-the-go authentication. As a result, many experts feel that biometrics offers the best hope.
A new research report by analyst group BIS, forecasts the global biometric market to grow from $10.08 billion in 2014 to $25.31 billion in 2020.
This steep growth projection is helping to fuel innovation that is evident in how biometrics modalities continue to spread across the human body. It started with fingerprints in the late 1960s and progressed to facial recognition. Today the list includes vein, palm, iris, voice, gait, DNA, handwritten signatures and tattoos.
The new wave of biometrics technology is gesture related and personalised through a combination of wearable technology and geo-location as well as sci-fi inspired implants and ingestible tokens. Facial emotion recognition technology is patent-pending and is pipelined for consumer use. Though these have appeared in films for many years, they are largely unproven in the real world.
A bad rap
Despite its association to the tourism industry’s recent reduction in visitor numbers, biometrics in South Africa is enjoying real-world resurgence.
Speaking at the Biometrics in Financial Services conference, Nick Perkins, divisional director for identity management at Bytes Systems Integration believes the reason is that we have arrived at a time where we need a new solution. “The existing card and pin authentication model has not been replaced because it is simple. The problem is that it’s no longer secure and is being exploited,” says Perkins.
Essentially biometrics is the measurement of a human being through their physical characteristics. Physical biometrics is turned into electronic biometrics when an algorithm converts an image of a biometric subject into a mathematical string that can be best described as coordinates and descriptions of unique identifiable features.
These algorithms then compare a “fresh capture” to the “reference template” which is warehoused in a database. The storage of templates instead of images helps to secure biometric data.
The many biometrics modalities on offer may hold the key to its wider adoption. South African biometrics experts agree that today it is not good enough for banks and other companies to rely on one form of authentication.
PayU COO, Johan Dekker, believes a solution lies in multi-factor authentication.
“The dual-factor authentication model strives to have two of three verifications in place at all times. A pin code is what you know, a smartcard is what you have and a biometric characteristic is what you are. A one size fits all approach would not provide enough adaptability, security and redundancy in the event of an access breach,” says Dekker.
Much work to be done still
Authentication is not the only aspect of biometrics that requires smoothing out. Biometric data can be stolen, lost or otherwise compromised while being stored. Unauthorized access to biometric storage devices through corporate sabotage by disgruntled employees is a growing threat to privacy. So too, is the misuse of a biometric, given that the biometric itself cannot be changed. Once compromised it will continue to be an issue for the life of the donor, as opposed to a password which can be easily changed.
Independent identity verification expert, Dawid Jacobs, highlights a key focus area and potential driver of biometrics today.
Says Jacobs, “The emphasis is on customer experience and how quickly they can be helped. This creates allowance for potential problems which escalate over time, specially with acceptable losses. In my view there is no such thing as acceptable losses due to identity theft. The individual needs to be put back in control of their Identity.”
The rush to ensure users are happy and safe is keeping leading tech companies busy.
MasterCard is currently piloting its new biometrics app, MasterCard Identity Check, which is set for a widespread launch in 2016. The app combines facial or fingerprint recognition as well as the recent human obsession, selfies. It remains to be seen whether Mastercard have solved the problems associated with lighting and background. All fingerprint scans remain on your device and facial scans are linked to the cloud so that templates will transmit and remain safe on MasterCard’s servers.
Apple has applied to use a facial recognition system for photo distribution. This calls into question the company’s pro-privacy stance should it decide to use cloud-based processing or storage of private user info. Apple was also recently granted a US patent that covers a new technology that enables users to unlock future iPhones by…wait for it…taking a selfie.
Closer to home, Standard Bank has debuted its biometric banking app. Capitec has fingerprint details of all 6.2 million of its customers and has linked its biometric database to the Department of Home Affairs’ database, enabling it to verify customer identity. The rollout of Biometric ATMs by FNB is imminent.
Dawid Jacobs is building an independent database of certified living and deceased fingerprint identities. He aims to provide SA companies with full audit trails and to be fully compliant with POPI, ISO and all relevant legislation.
Jacobs says, “The more companies know about their customers and the more they collaborate the less pressure is on state law enforcement agencies who do not have the tech or the capacity.” This will complement the FICA endorsed Know Your Customer initiative which also endeavours to prevent identity theft and money laundering.
Mustapha Zaouini, PayU’s MEA CEO sums up the reality for all users. “The issue of protecting individual data will only grow in importance. In order to reap the convenience benefits users must prepare themselves for more disciplined and multiple information security practices in this brave new world.”
Money talks and electronic gaming evolves
Computer gaming has evolved dramatically in the last two years, as it follows the money, writes ARTHUR GOLDSTUCK in the second of a two-part series.
The clue that gaming has become big business in South Africa was delivered by a non-gaming brand. When Comic Con, an American popular culture convention that has become a mecca for comics enthusiasts, was hosted in South Arica for the first time last month, it used gaming as the major drawcard. More than 45 000 people attended.
The event and its attendance was expected to be a major dampener for the annual rAge gaming expo, which took place just weeks later. Instead, rAge saw only a marginal fall in visitor numbers. No less than 34 000 people descended on the Ticketpro Dome for the chaos of cosplay, LAN gaming, virtual reality, board gaming and new video games.
It proved not only that there was room for more than one major gaming event, but also that a massive market exists for the sector in South Africa. And with a large market, one also found numerous gaming niches that either emerged afresh or will keep going over the years. One of these, LAN (for Local Area Network) gaming, which sees hordes of players camping out at the venue for three days to play each other on elaborate computer rigs, was back as strong as ever at rAge.
MWeb provided an 8Gbps line to the expo, to connect all these gamers, and recorded 120TB in downloads and 15Tb in uploads – a total that would have used up the entire country’s bandwidth a few years ago.
“LANs are supposed to be a thing of the past, yet we buck the trend each year,” says Michael James, senior project manager and owner of rAge. “It is more of a spectacle than a simple LAN, so I can understand.”
New phenomena, often associated with the flavour of the moment, also emerge every year.
“Fortnite is a good example this year of how we evolve,” says James. “It’s a crazy huge phenomenon and nobody was servicing the demand from a tournament point of view. So rAge and Xbox created a casual LAN tournament that anyone could enter and win a prize. I think the top 10 people got something each round.”
Read on to see how esports is starting to make an impact in gaming.
Blockchain is generally associated with Bitcoin and other cryptocurrencies, but these are just the tip of the iceberg, says ESET Southern Africa.
This technology was originally conceived in 1991, when Stuart Haber and W. Scott Stornetta described their first work on a chain of cryptographically secured blocks, but only gained notoriety in 2008, when it became popular with the arrival of Bitcoin. It is currently gaining demand in other commercial applications and its annual growth is expected to reach 51% by 2022 in numerous markets, such as those of financial institutions and the Internet of Things (IoT), according to MarketWatch.
What is blockchain?
A blockchain is a unique, consensual record that is distributed over multiple network nodes. In the case of cryptocurrencies, think of it as the accounting ledger where each transaction is recorded.
A blockchain transaction is complex and can be difficult to understand if you delve into the inner details of how it works, but the basic idea is simple to follow.
Each block stores:
– A number of valid records or transactions.
– Information referring to that block.
– A link to the previous block and next block through the hash of each block—a unique code that can be thought of as the block’s fingerprint.
Accordingly, each block has a specific and immovable place within the chain, since each block contains information from the hash of the previous block. The entire chain is stored in each network node that makes up the blockchain, so an exact copy of the chain is stored in all network participants.
As new records are created, they are first verified and validated by the network nodes and then added to a new block that is linked to the chain.
How is blockchain so secure?
Being a distributed technology in which each network node stores an exact copy of the chain, the availability of the information is guaranteed at all times. So if an attacker wanted to cause a denial-of-service attack, they would have to annul all network nodes since it only takes one node to be operative for the information to be available.
Besides that, since each record is consensual, and all nodes contain the same information, it is almost impossible to alter it, ensuring its integrity. If an attacker wanted to modify the information in a blockchain, they would have to modify the entire chain in at least 51% of the nodes.
In blockchain, data is distributed across all network nodes. With no central node, all participate equally, storing, and validating all information. It is a very powerful tool for transmitting and storing information in a reliable way; a decentralised model in which the information belongs to us, since we do not need a company to provide the service.
What else can blockchain be used for?
Essentially, blockchain can be used to store any type of information that must be kept intact and remain available in a secure, decentralised and cheaper way than through intermediaries. Moreover, since the information stored is encrypted, its confidentiality can be guaranteed, as only those who have the encryption key can access it.
Use of blockchain in healthcare
Health records could be consolidated and stored in blockchain, for instance. This would mean that the medical history of each patient would be safe and, at the same time, available to each doctor authorised, regardless of the health centre where the patient was treated. Even the pharmaceutical industry could use this technology to verify medicines and prevent counterfeiting.
Use of blockchain for documents
Blockchain would also be very useful for managing digital assets and documentation. Up to now, the problem with digital is that everything is easy to copy, but Blockchain allows you to record purchases, deeds, documents, or any other type of online asset without them being falsified.
Other blockchain uses
This technology could also revolutionise the Internet of Things (IoT) market where the challenge lies in the millions of devices connected to the internet that must be managed by the supplier companies. In a few years’ time, the centralised model won’t be able to support so many devices, not to mention the fact that many of these are not secure enough. With blockchain, devices can communicate through the network directly, safely, and reliably with no need for intermediaries.
Blockchain allows you to verify, validate, track, and store all types of information, from digital certificates, democratic voting systems, logistics and messaging services, to intelligent contracts and, of course, money and financial transactions.
Without doubt, blockchain has turned the immutable and decentralized layer the internet has always dreamed about into a reality. This technology takes reliance out of the equation and replaces it with mathematical fact.