The topic of using biometrics at ATM machines has come up quite a lot lately in this blog, but from finding some interesting statistics on the matter, lets visit it again! It has been revealed that although users at ATM machines are dissatisfied with the level of security available, banks are still not administrating new procedures to combat the pressures while other competitive bank follow suit.
In fact, fraudulent activities at ATM machines are most likely to occur when the conventional magnetic-strip/PIN combination is used. Other countries such as Poland, Japan and Nigeria have all showed the initiative to change their security measures in relation to what their users want. Reluctance to switch has not been directly pinpointed, but in these times of apparent austerity, the main reason must be money. However, it has been suggested that the least popular reason for reluctance is privacy. For a long time now in this blog, rambling has been in major part due to end users not understanding the measures behind biometrics and therefore feared for their biometric data being stolen. Alas, this era seems to have come to an end.
Even with the abundance of different biometric forms; fingerprint, iris, facial, vein, voice, palm and gait people seemed to have grasped that with the widespread use of biometrics in their workplace, shopping centres, schools, nurseries and banks, there is nothing to be scared of.
Statistically, ‘finger-vein’ technologies have been installed in approximately 80,000 banks and almost 50% said they were unhappy with the system (never pleased are we!). Although (yet again) no direct reason was supplied as to why they are unhappy, we would like to think it’s because of the technology itself. ‘Finger-Vein’ technology is incredibly unreliable in relation to the original ‘biometric finger’ reader, because firstly the technology is quite new and hasn’t been fully developed. Biometric fingerprint readers have been around for a long time and in this instance ievo (of course) uses a renowned and superior form of technology called multi-spectral imaging. Therefore, perhaps it would not be such a crazy assertion to suggest that if Banks installed fingerprint biometric systems instead of vein, not only will the percentage of dissatisfaction decrease, users will feel more secure about their banking.
It is just a matter of taking this leap. People might then invest their trust once again into banks instead of constantly losing hope in a potential reform.
Biometrics will become the focal point of all security measures from now until the Olympic games begin on 27th July. Biometric data will be collected from all athletes, ticket holders and visitors coming into the UK for the games. This is going to be the first time a host nation has undertaken such a drastic biometric intervention.
Fingerprint recognition will be used to log all visitors to the UK for the Olympics
It has been estimated that 10,000 Olympic athletes and their coaches will have their fingerprints and faces scanned upon arrival to the games. If they decline to have their biometric data taken in their own country in order to gain access into the UK they must have it registered when they arrive. People fear however, that would-be terrorists or illegal immigrants may use the influx of people to their advantage. This fear coincides with the Governments plans to raise the national terror threat level to ‘sever’ instead of ‘substantial’
Aside from the Home Office believing that biometric data will increase security it is incredibly effective that this is the largest security operation, and that fingerprint recognition is being used alongside facial scanning instead of iris, vocal, palm and vain biometric forms. With fingerprint software being at the forefront of this security plan, it shows how reliable and trusted they are among other contenders.
The big question here is, will the data be kept and logged against the persons details and country of origin? UK residents do not need to worry about this because it only affects athletes and visitors coming into the country. Let’s evaluate the facts. If the data is kept, who will have access to it and will it be used in the future? If it is, this could create a moral panic surrounding biometric security including fingerprint scanning. Not only could this damage the security industry but affect the correct usage of biometric systems for everyday security purposes such as access control and time & attendance.
If the biometric data is not kept on file, will it be disposed of accordingly? Athletes and visitors will be coming into all parts of the UK not just London Heathrow, so will these procedures be carried out all across the country and if so, again will they be disposed of correctly using the same procedures simultaneously?
There are a lot of questions here that need answering and although it provides a great sense of security in knowing that the Government has risen to the situation, all of these need to be addressed, because if not, the security industry could hit a major blow.
To find out more information on the Ievo product range, visit the Ievo website www.ievoreader.com
To find out more information on the blog topic, visit http://www.independent.co.uk/news/uk/home-news/biometric-scans-for-all-overseas-games-athletes-6795258.html
Believe it or not fingerprint recognition can be used for purposes other than providing a secure door access system. They are widely used by the Police to identify re-offending criminals. This is perhaps one of the major reasons why some people are sceptical of registering their print when their employer installs a new security system. However, this is not the topic or debate at hand, instead.. Police forces in America will be carrying mobile fingerprint scanners to identify criminals at the scene of a crime because often they deter them with false information in order to escape conviction.
This seems like an awfully wonderful idea. Fingerprint access control readers being used to put a person on a criminal database. While I was researching this, I found no evidence what so ever as to what crimes the individual had to commit in order to become registered. I am not preaching here that some crimes aren’t worth noting, instead where will they draw the line.
If you are speeding and pulled over by the Police, will you have your fingerprint registered then? Or what about a minor car accident where Police are called out to access damages and individuals involved. Perhaps it is a good time to bring up the previously squashed debate over registered fingerprints.
When a new biometric door lock is installed at your work or health club etc and you have your fingerprint registered for future use, the image of your print is not stored. It is in fact a numerical code calculated from numerous points in your fingerprint. It is virtually impossible to reinstate an exact image of your print from the code the algorithm made for you. But, I presume that when you commit a crime, offence or receive a warning from a Police official in America, you will have your fingerprint registered that will link to a database on you. For example previous liaisons with them.
That way they will be able to keep track of your history and identify who you are. Whether this is simply due to practicalities like saving time and money will we ever know? But the argument at large remains, where will the line be drawn and for how long will our fingerprints be kept on file.
Even more importantly will this deter or drive up crime rates? Being the optimist perhaps it will prove to be the prior, but who knows. One sure thing is though, if everyone is not well enough informed on the procedure and processes, people are going to start talking that their access control reader at work is keeping logs on them in conjunction with the Police. This could cause a major moral panic!
To find out more on Ievo’s leading entry systems visit www.ievoreader.com
Today we will be taking a short break from investigating security dilemmas (fear not – it’s back on Thursday!) because instead I would like to share with you an interesting blog post featuring our fingerprint readers. No not written by us, instead by an intrigued security installer who witnessed an ievo demonstration from one of our account managers. So as I sit back and relax, read ATEC™ Security perception of the ievo ultimate™.
From Flaky Fingerprint Readers to Bullet Proof Biometrics
I had a demonstration today of a new biometric reader and it really opened my eyes. Thankfully it wasn’t iris recognition – I’m not sure the “pun-ometer” could stand that.
To be frank I have tended to steer clear of anything to do with fingerprint reading in the past, as it has had a reputation for being unreliable.
The issue is that the optical sensor technology used looks at the surface of the fingerprint, which is easily altered by dirt, dust, grease and other common substances.
Today I witnessed a reader reliably recognising a finger through a layer of latex gloves which adds a whole new dimension of convenience and robustness.
MULTI-SPECTRAL IMAGING
Multi-spectral imaging captures radiation at a range of different frequencies, not just visible light which optical sensors are confined to.
Just as radio telescopes allow us to see deeper and deeper into space, multi-spectral fingerprint sensors allow us to see deeper into the surface of the finger – up to 4mm deep in this case – so the reader is not just looking at the surface fingerprint.
The results of this are low false rejection rates (about 1 in 1000) and extremely low false acceptance rates (around 1 in 10 million) well suited to high security applications.
RESISTANCE TO SPOOFING
ATEC have had a lot of experience with hand geometry readers, a technology popular on construction sites as it deals well with dirty hands. It is however quite bulky, needs an inconvenient housing when fitted outside.
More importantly to some it can be easily spoofed – we managed to fool one in our lab with a false hand made for the purpose. Because the multi-spectral technology allows us to see deeper inside the finger, it allows for some robust anti-spoofing measures, including looking for oxygenated blood which would be difficult to fake.
DATA PROTECTION CONCERNS
Fingerprints are a sensitive data protection issue. People are quite rightly concerned if their biometric data is going to appear on a database in readable form. Often this is addressed by putting the biometric data an access control card in encrypted form.
In use the template is loaded from the card and the reader performs a 1:1 match. This requires less processing than a 1:many match and is more secure because it requires two credentials (card and finger) but is fundamentally less convenient for the same reason (it’s difficult for most of us to forget to bring our finger to work).
This reader uses the 1:Many matching principle, but crucially doesn’t store a fingerprint as such. It takes key points from the finger print and stores those.
Also the finger data is never stored in the same place as the personal details – the two are only associated with a card number. This should address privacy concerns but sometimes perception can get in the way of the facts and there may still be some barriers to overcome.
SUMMARY
A good biometric reader should offer convenience and robust performance in the designated environment. With the help of multi spectral imaging fingerprint reading technology seems set to leave it’s flaky reputation in security applications behind.
About ATEC™
If you would like to read more of ATEC™ Blog Posts and view what security services they have to offer, visit http://www.atec-security.co.uk - It’s definitely worth a look, this year they won Large Security Installer of the Year at the SEA – after winning three consecutive years in the Small to Medium Security Installer category!
Banking will become even simpler within the next month or so as Barclays are lunching a new App which will allow us to make payments, transfer money and check our bank balance all from the comfort of our smart-phones. However, how safe is this App and what happens if our data becomes compromised?
The new Pingit App from Barclays
The new App promises to make our lives a lot easier. Although at first it will only be available to Barclays customers, within a month it will be available to anyone with a bank account and personal smart-phone. In hindsight, it’s a great idea! How many times have we eaten with our friends only for someone to pick up the tab while everyone re-pays the money back to the unlucky individual. Situations like these could disappear. Think about how you could instantly make a transfer to your friends account while they’re paying for the meal. Simple, but effective!
The bank’s head of current accounts, Dan Wass, said: ‘This is the first service of this type to be launched across Europe. It is like having a bank in your pocket all the time.
‘It allows you to send payments to anyone in the UK, simply by knowing their mobile number.
‘It makes sending and receiving money as easy, quick and convenient as sending a text.’
But let’s think about how this could be detrimental to our security. If we lose our phone or leave it behind somewhere, can unidentified users gain access to the account? According to to Richard Hurley of the Fraud prevention Service CIFAS, well only if we’re careless. He adds,
‘Users must ensure mobiles are password protected and locked at all times and should encrypt any stored data’
If you are planning on downloading the App or already have it, look into the CIFAS and check out their regulations on fraud prevention. You may just be thankful some day!
If you would like to find out more information on Ievo and our entry access systems visit the Ievo website www.ievoreader.com. We have a range of biometric fingerprint readers that you might just be interested in for current projects or your own use.
Recently, scandal has been prominent within the world of journalism, and not just stories that have been circulating about celebrities, but of course..security! The phone hacking debate has been stirring for years, but only within the last six months or so it has boiled over board. Every day we hear of another innocent family or troubled celebrity that have fallen victim to phone hacking. But, have you ever wondered how it actually happens? Well, after trawling the internet for an explanation, we’ve found one! Not that we need to worry, but then again, who knows? Perhaps us unsuspecting biometric manufacturers or fingerprint system installers could be hacked right now…
What’s really being discussed is illicit access to voice mail messages. There are a number of possible methods to gain access to someone’s voice mail illicitly. In the UK at least, given the original police inquiry into the News of the World scandal, mobile network operators improved their security mechanisms to increase protection of users. The good thing is, you can test out these mechanisms yourself. If your operator hasn’t taken steps to close down the basic loopholes, ring them and tell them!
A lot of the problems that arose in the voicemail scandal arose from the use of well-known default PINs for voicemail access. In fact, you as a customer may never have used a PIN for accessing your voicemail. That is because on most mobile phones, the network recognises that it is your phone calling in and makes life more convenient for you. So you would never even think that someone could access your voicemail by just dialling a number and entering a well-known default PIN.
These PINs can be found across the web – they naturally needed to be publicised to customers so they knew how to get remote access if they wanted. This was one of the mechanisms allegedly used by the News of the World ‘phone hackers’ to get access to people’s voice mails without their knowledge. If you’d never setup a PIN, the attackers would get in via well publicised default PINs. If they came up against someone who was using their own PIN, they would then use social engineering techniques to trick the operator into resetting the PIN to the default.
Another not-so-well-known method of accessing voice mail is to actually call your own mobile number.
Claims about the voicemail hacking scandal say that one journalist would call up a celebrity to engage the phone while another would then go into the voicemail using this method. This seems pretty likely as a lot of celebrities’ phones are looked after by personal assistants, not the celebrity themselves so it could look fairly legitimate to call up the PA.
One of the security measures that have been introduced is to notify the customer more often by SMS when something goes on that they should know about. Remember that if a third-party was accessing your voice mails remotely, you as a customer wouldn’t normally get to know that anyone had been there. In some cases, the attackers deleted the voice mails. The type of notifications you could get could tell you that there has been a remote access to your voice mail, that there was an invalid PIN code attempt or that your voice mail PIN has been changed – all useful bits of information!
This is something that has been borrowed from the banking industry. It is a simple, effective early warning mechanism that something could be wrong. Because it shouldn’t happen very often, you shouldn’t be plagued by messages, equally you are the best person to know if it is dodgy activity or not.
However, always be careful with any message you receive. The best thing to do if you are unsure is to ring the customer helpline of your operator who’ll be able to tell you whether the message is genuine.
Sadly, there are always people who want to find out what others are up to, illegally. The methods for doing this are continually evolving. Some of the newer methods involve faking a phone’s displayed number so it can trick access to voicemail. This technique has been used in the USA and recently in the Netherlands to get access to the voicemails of politicians. To block this attack, you need to setup a PIN to access your voicemail. By doing this you prevent automatic access to your voicemail (as if you were ringing from your own mobile).
Explanation provided by Naked Securty
Ievo manufactures access control systems specialising in fingerprint scanners. Both products Ultimate and Micro are available globally. To find out more visit www.ievoreader.com and visit the products page
LinkedIn has become the subject of a recent security scam, one which anyone using the site is vulnerable. The spam message tries to make you believe that one of your connections is on an unplanned business trip and had their possessions stolen. The message then asks you for money to pay for their hotel bill. The deviant messages looks something like this -
The spam LinkedIn messages to watch out for
One way the spammer tries to con you is through the use of making phone contact. This is a common pattern among spammers, because obviously, the first thing you would do if you received this message was try and get hold of them in any way possible. Only to find out that it’s a fake. That is why they cleverly tell you in the message that the hotels phone system is down.
‘Stranded’ scams as they are called have appeared in numerous social networking sites, including Facebook. Tricksters have even tried to break into the email accounts of US senators to try and retrieve money from innocent people. The only way to protect yourself from this is either; don’t set up social networking sites (who needs them anyway!) or look after your details and keep them original and private.
If we have said it once we have said it a thousand times..wouldn’t biometric password entry solve this problem? Okay it’s a long shot and might not become a normal part of our social networking or banking routine for another couple of years, but if any time we needed to enter a familiar pin, we simply scanned our fingerprint, vicious attacks like this would potentially disappear.
Fingerprint software is so far advanced now that even fake fingerprints cannot dupe some superior biometric devices, making fingerprint access systems even more reliable, robust and trustworthy than ever before!
If you would like to find out more information on the Ievo door access devices, then visit www.ievoreader.com to download technical information, end user guides and watch our compelling biometric fingerprint reader test videos.
The latest security scandal to capture our minds has of course been the phone hacking enquiry, and this has perhaps overshadowed the ‘Man in the Browser’ (MitB) attack which lets face it we are more vulnerable to than a journalist hacking our mobile phones. But yet, there are so many people out there that haven’t even heard of this security breach and it is potentially destructive. This is why..
According to the BBC Click investigation, customers of banks such as HSBC and Barclays which use remote calculator devices are particularly vulnerable of being tricked by an offer of training in the ‘new security upgrade’ only for the holders details to be accessed by the Mitb, but this is hidden from the user.
However, these banks issued a statement claiming that as long as the user has an up to date anti-virus they will not be susceptible. This is not true! Because the hackers will learn how to crack the anti-virus’ software to gain access to your details. One security company even admitted that if this threat had come from a source not known to be bad and started communicating with a web address also not on the black-list of “bad” sites – until they had discovered and analysed it – it probably would have beaten their protection.
The BBC investigation used a test witness to try and figure out if normal users are at risk. They found that the threat does not strike until the user visits particular websites and is not specific to any one individual bank. Basically, the malware lives in the web browser and can get between the user and the website, altering what is seen and changing details of what is being entered. Some versions of the MitB will change payment details and amounts and also change on-screen balances to hide its activities. With the additional security devices, the risk of fraud is only present for one transaction, and only if the customer falls for the “training exercise”. But once entered into you are automatically vulnerable.
Although very alarming, most banks in the UK will refund victims of online security fraud. But take some precautions to try and alleviate the threat. Continue to use online security anti-virus’ and internet security, only accept advice from official bank pages and monitor the patterns of your online banking system, because most banks have software which logs your banking patterns and if they deviate alarm bells will start ringing.
To find our more on Ievo and view our product lines, visit www.ievoreader.com
Detecting a lie has been at the forefront of police and lifestyle television investigations for quite some time. But, for several hundred years now, numerous methods have been used to try and crack an individual into telling the truth, from torture to polygraphs to voice biometrics. But are any of them really successful, and can we really tell if someone is telling the truth or just outright lying?
The tradition began as oath taking prior to testimony which tested peoples moral codes by swearing by the religious gods. Obviously, practices as such still exist today, when a person gives evidence they can swear by the Bible, although not compulsory. The difference between one person telling the truth in the court of law and otherwise might not necessarily be religiously influenced, therefore, other methods have been developed to try and figure out if the subject is fibbing.
The polygraph is still considered the gold standard when it comes to lie detectors. In case you don’t know the exact methodology used, it measures several physiological indices such as blood pressure, pulse, respiration and skin conductivity, while the subject is asked a serious of questions. Although based on psychology, the method uses scientific methods, to produce a quantifiable statistic.
An interesting method adopted by many psychologists is the kinesic interviewing technique. Where the interviewers themselves look for specific behavioural techniques which would lead them to believe if the subject is lying or not. Some would say that if the individual looks up and to the left while speaking they are formulating a lie. While a glance in the opposite direction indicates truthfulness. This stems from Neurophysiologists school of thought that certain areas of the brain activate when recalling memories, while others are stimulated when we’re being creative, e.g. lying. The idea is that a lie requires some creative thought, while answering a question truthfully relies only on memory.
However, some interviewers refute this method, saying that you must study the individuals behaviours first before trying to decide whether they are being truthful or not, because you cannot possibly generalise peoples behavioural patterns.
So..what has this got to do with biometrics? Well, people have been trying to figure out what is the best form of lie detector and some would believe that it is voice biometrics. Although these can be used as forms of access control systems, researchers have found that from the subjects voice, computers can analyse variations in speaking, pitch, volume, tempo and syntax to determine the questions answered are truthful, or even if the individual is stressed, angry or drunk!
Okay, so when voice recognition is used in entry systems, it won’t be detecting if what your saying is a lie or if you are in a particularly bad mood that day. But it is interesting to think that our voice actions can be analysed in order to create an assumption about ourselves.
However, the best method is probably an excellent interviewer. Wouldn’t everyone love to be able to differentiate between a lie or truthful statement. Albeit, it could cause problems at home or in the workplace. But then again, a little white lie here and there does nobody any harm.
