15 December 2017
James Stickland

Biometrics and Banking

James Stickland - Veridium

6Posts 34,180Views 2Comments

Want to Stay Ahead of the GDPR? Utilize Biometrics

06 July 2017  |  6734 views  |  0

The soon to be enacted General Data Protection Regulation – better known as GDPR – has been a cause for concern for many financial institutions. Although it represents good news for consumers by strengthening their data privacy, for financial organizations all over the world, it has imposed quite the challenge. Those who do not comply with the new regulation will face fines of up to 20 million euros (about $22 million) or 4 percent of their annual sales  ̶  whichever is more. It’s no wonder many financial institutions are scrambling to prepare for its 2018 enforcement.

There is a silver lining, however, for those scrambling to comply. The new regulation poses an opportunity for financial institutions to strengthen and protect their greatest assets – the massive amounts of personal data they collect. For many large institutions built from aggressive acquisition strategies, this data is stored in legacy architecture that is difficult to access, hard to manage, and almost impossible to sort through. This is where the silver lining is – institutions now have the mandate they need to “clean out their closet” so-to-speak, update their existing architecture and make their institutions more secure.

To do this, financial organizations must utilize next-generation technology. One key way of doing this is by embracing biometrics to better identify individuals and control privileged user access to data. Building your access control environment and enforcing that environment will require more than passwords and tokens; it will require biometric authentication to truly identify an individual. Looking at last year’s five biggest data breaches, all involved compromised, weak, or reused passwords. Accessing your personal or financial information using something you ARE is always going to be better than something you KNOW. For example, companies are increasingly implementing multi-factor authentication – introducing biometric technologies, such as iris, fingerprint, behavior, and voice authentication – to strengthen their legacy systems.

Not only will biometrics help enforce secure data access and control, but it will help in the auditing and forensics process as well by creating traceability. The ability to be able to reconstruct an event has been a challenge in the banking industry for a number of years already, but it will become especially important under the GDPR. By utilizing biometrics, financial institutions will be able to recreate every step in a process from logging in, to data access and control, to time stamps, location stamps and right through exit and control and even distribution. Under the GDPR, this will require forensic analysis. Having a biometric identity stamp and certified stamp on each of these access and control records will mean financial institutions will have legal non-repudiation that they can stand on in court. Having a timestamp of a user ID and a password is fine, but having a biometric stamp that supports it even further will provide key proof of the person behind that ID.

The GDPR will be enforced in May 2018, but rather than stress, financial institutions should use this as a time to get educated and look at the new regulation as an opportunity to strengthen themselves against attack. Hackers continue to wreak havoc and steal sensitive information, but financial institutions can utilize the GDPR as an opportunity to evaluate their legacy architecture and create a more secure environment. The savviest institutions will consider biometrics as a first step in strengthening their data access management and control. 

 

TagsRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from James

Biometrics for the Unbanked

08 December 2017  |  4150 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineFinancial inclusion

Data Breaches: The Definition of Insanity

18 October 2017  |  4614 views  |  0 comments | recomends Recommends 0 TagsSecurity

Using Fingerprints to Bank the Unbanked

06 September 2017  |  6186 views  |  2 comments | recomends Recommends 1 TagsMobile & onlineFinancial inclusion

Want to Stay Ahead of the GDPR? Utilize Biometrics

06 July 2017  |  6734 views  |  0 comments | recomends Recommends 0 TagsRisk & regulation

Taking bold steps to protect high-value trading

10 May 2017  |  3797 views  |  0 comments | recomends Recommends 0

James's profile

job title CEO
location London
member since 2017
Summary profile See full profile »
As CEO of Veridium, James is tasked with driving business revenue and investment growth, as well as leading the company's global go-to-market strategy for its flagship solution, VeridiumID.

James's expertise

Member since 2017
0 posts2 comments
What James reads

Who's commenting on James's posts

Ketharaman Swaminathan
Mark Sitkowski