The soon to be enacted General Data Protection Regulation – better known as GDPR – has been a cause for concern for many financial institutions. Although it represents good news for consumers by strengthening their data privacy, for financial organizations
all over the world, it has imposed quite the challenge. Those who do not comply with the new regulation will face fines of up to 20 million euros (about $22 million) or 4 percent of their annual sales ̶ whichever is more. It’s no wonder many financial institutions
are scrambling to prepare for its 2018 enforcement.
There is a silver lining, however, for those scrambling to comply. The new regulation poses an opportunity for financial institutions to strengthen and protect their greatest assets – the massive amounts of personal data they collect. For many large institutions
built from aggressive acquisition strategies, this data is stored in legacy architecture that is difficult to access, hard to manage, and almost impossible to sort through. This is where the silver lining is – institutions now have the mandate they need to
“clean out their closet” so-to-speak, update their existing architecture and make their institutions more secure.
To do this, financial organizations must utilize next-generation technology. One key way of doing this is by embracing biometrics to better identify individuals and control privileged user access to data. Building your access control environment and enforcing
that environment will require more than passwords and tokens; it will require biometric authentication to truly identify an individual. Looking at last year’s five biggest data breaches, all involved compromised, weak, or reused passwords. Accessing your personal
or financial information using something you ARE is always going to be better than something you KNOW. For example, companies are increasingly implementing multi-factor authentication – introducing biometric technologies, such as iris, fingerprint, behavior,
and voice authentication – to strengthen their legacy systems.
Not only will biometrics help enforce secure data access and control, but it will help in the auditing and forensics process as well by creating traceability. The ability to be able to reconstruct an event has been a challenge in the banking industry for
a number of years already, but it will become especially important under the GDPR. By utilizing biometrics, financial institutions will be able to recreate every step in a process from logging in, to data access and control, to time stamps, location stamps
and right through exit and control and even distribution. Under the GDPR, this will require forensic analysis. Having a biometric identity stamp and certified stamp on each of these access and control records will mean financial institutions will have legal
non-repudiation that they can stand on in court. Having a timestamp of a user ID and a password is fine, but having a biometric stamp that supports it even further will provide key proof of the person behind that ID.
The GDPR will be enforced in May 2018, but rather than stress, financial institutions should use this as a time to get educated and look at the new regulation as an opportunity to strengthen themselves against attack. Hackers continue to wreak havoc and
steal sensitive information, but financial institutions can utilize the GDPR as an opportunity to evaluate their legacy architecture and create a more secure environment. The savviest institutions will consider biometrics as a first step in strengthening their
data access management and control.