18 October 2017
James Stickland

Biometrics and Banking

James Stickland - Veridium

4Posts 24,120Views 1Comments

Taking bold steps to protect high-value trading

10 May 2017  |  3586 views  |  0

Trader fraud is on the rise. Last year, the Security and Exchange Commission announced it filed 868 enforcement actions exposing financial reporting-related misconduct by companies and their executives. The announcement noted that 2016 had the most ever cases involving investment advisers or investment companies (160) and the most ever independent or standalone cases involving investment advisers or investment companies (98).

As the SEC findings suggest, fraud is prevalent in banks today. Google “trader fraud” and there will likely be a recent news story on it describing how one individual (or a bank) committed the crime. So, what’s promoting the rise in fraudulent transactions?

The truth is, when it’s an inside job, trader fraud is “easy” to pull off.  Standard practice is to have an employee authenticate the trade by inputting a password (either their own or a generated "one-time password”) or using a token. But, if the news has taught us anything over the past year and more – passwords can very easily be hacked or stolen. So if a trader approves a fraudulent trade and gets caught, they can easily deny having made the transaction. Using these current methods, there’s no way to prove otherwise: after all, someone indeed could have stolen it and used his account to authorize the transaction.

Passwords and tokens are insufficient security measures in themselves because they cannot authenticate who requested the authorization. If a trader is required to authenticate a trade with a biometric identifier – like a fingerprint – there would be no question about its ownership. Biometrics provide the legal non-repudiation needed to significantly reduce trading fraud.

Biometrics alone, however, may not even be enough. If financial institutions truly wish to practice strong security measures, they will adopt the one-two punch of biometrics and blockchain. With biometrics, we can prove transaction signing is safer, but if the log itself is rewritten – biometrics cannot protect against that. This is where blockchain comes in: adopting blockchain to store signed transactions makes the log decentralized, untouchable, and more importantly – transparent.

At its simplest, blockchain is a decentralized, global notary ledger.   Information recorded on the blockchain can be later retrieved, verified, exchanged, transferred, decrypted, or used as a proof of possession, non-repudiation, or for attestation depending on the use case and context. If blockchain technology is used, fraudulent transactions could have never taken place. Even if, say, someone could replicate someone’s biometrics, with blockchain, the fraudulent activity would be recorded for everyone to see.

 With increasingly sophisticated techniques used by hackers, adopting cutting-edge technology to thwart these efforts is no longer optional for banks and financial institutions – it’s an operational imperative. This is particularly true when protecting against trader fraud. Top-notch security measures like these make it not only incredibly difficult to commit fraud, but also discourage those from taking practice in it. Fraudulent transactions cost banks – and individuals – millions each year. Let’s stop trader fraud in its tracks with adopting the best-of-the-best security practices.

 

Comments: (0)

Comment on this story (membership required)

Latest posts from James

Using Fingerprints to Bank the Unbanked

06 September 2017  |  5590 views  |  1 comments | recomends Recommends 1 TagsMobile & onlineFinancial inclusion

Want to Stay Ahead of the GDPR? Utilize Biometrics

06 July 2017  |  6464 views  |  0 comments | recomends Recommends 0 TagsRisk & regulation

Taking bold steps to protect high-value trading

10 May 2017  |  3586 views  |  0 comments | recomends Recommends 0

Enterprise Cybersecurity Is Like Building Castle Walls, But Everyone Has A Key

07 April 2017  |  8481 views  |  1 comments | recomends Recommends 0 TagsSecurityInnovation

James's profile

job title CEO
location London
member since 2017
Summary profile See full profile »
As CEO of Veridium, James is tasked with driving business revenue and investment growth, as well as leading the company's global go-to-market strategy for its flagship solution, VeridiumID.

James's expertise

Member since 2017
0 posts1 comments
What James reads

Who's commenting on James's posts

Ketharaman Swaminathan
Mark Sitkowski