|
BIO-key delivers the
tools needed to integrate secure, convenient authentication NOW! Results of recent
studies reveal consumer concern and the significant increase in identity theft. Additionally these studies find that consumers prefer to
replace existing, less secure, less convenient methods of identity
authentication with biometrics.
Click to read details on:
DHS
Secretary Chertoff recommends using fingerprint biometrics to
protect from stealing an individual’s identity.
Accenture Study:
recommends
the use of biometric solutions, specifically, fingerprint readers to prevent
ID theft.
Independent Study: Vast majority of U.S. consumers trust convenience
& security
benefits of fingerprint ID
Unisys Study: Consumers
Overwhelmingly Support Biometrics for Identity Verification
IBM Study: Consumers
Concern Over Identity Theft and Credit Card Fraud- cite biometrics to protect ID
TSSI Systems
Study: UK
Study Reveals Dramatic, Positive Shift in Public Perception of Value of
Biometrics
KnowledgeStorm Study: Sophisticated Password Schemes
Are "High Maintenance" and Not Effective
Consumer Strategy Report:
Majority of bank customers concerned about security of PINs&
Passwords
Identity Theft
News: 2008 Data Breach count
up 69% over 2007, reaching an all time
high
Retailers, Financial Institutions, Solutions Suppliers:
Click here to learn how you can quickly
& easily meet these consumers
preferences!.
Concerned that the personal identities of millions of U.S. citizens
are far from secure, DHS Secretary Michael Chertoff has recommended
that the country essentially embrace three-factor authentication --
which he called "the three D’s: description, device, and digit"
-- to make it harder for thieves to steal an individual’s identity.
Chertoff offered this suggestion during remarks he delivered on Aug.
13 at the University of Southern California, where he emphasized the
importance of securing one’s identity.
"In the 21st Century, the most important asset that we have to
protect as individuals, and as part of our nation, is the control of
our identity, who we are, how we identify ourselves, whether other
people are permitted to masquerade and pretend to be us, and thereby
damage our livelihood, damage our assets, damage our reputation,
damage our standing in our community," Chertoff declared.
To guard against identity theft, Chertoff said, Americans are
accustomed to using two traditional approaches, either separately or
in tandem: an official card or document (such as a passport or a
driver’s license) or a specific piece of unique identifying
information (such as an individual’s social security number).
Unfortunately, he argued, both of these approaches are far from
perfect.
Documents can be forged, false IDs can be acquired illegally, and
"sometimes we allow people to identify themselves using documents
that are even unofficial," he observed.
Specific identifying data, such as social security numbers, pose
their own risks. True, a social security number, in and of itself,
doesn’t reveal anything personal about its holder; it’s simply an
identity authenticator. "Yet, if you think about it," Chertoff told
his audience at USC’s National Center for Risk and Economic Analysis
of Terrorism Events, "using a number or a word as an authenticator
carries its own inherent vulnerability because as you give the
number to people who are going to authenticate you, they now
have the number."
Chertoff recommended that our society continue utilizing the tools
of the 20th Century to "harden" these two forms of identity
protection -- by making it more difficult to counterfeit an
official card or document and by making it harder for thieves to
gain access to unique social security numbers.
"We’ve put chips in passports. We’ve created pass cards. We’ve put
bar codes in. We’ve embedded certain kinds of holograms, all of
which are designed to make it more difficult for people to fabricate
these cards," explained Chertoff. "And we’ve required higher
standards through things like our Western Hemisphere Travel
Initiative which governs what people need to show when they cross a
land border or our Transportation Worker Identity Card or even the
Real ID Initiative to strengthen the security of our driver’s
licenses."
In addition, Chertoff said he supports the use of encryption to
safeguard social security numbers and bank account PIN numbers, but
recognized that encryption is only a partial solution.
"I want to remind you, every time you get on a telephone, and you
give your credit card to somebody in a company as a way of
validating your identity, you are trusting that the person on the
end of the line is not going to misuse it," Chertoff warned.
Chertoff does not strike me as the type of person who easily trusts
an anonymous voice at the end of a telephone line. That’s probably
why he is advancing the notion of adding 21st Century tools
to further strengthen our citizens’ personal identities.
That’s what brings Chertoff to his three D’s – description,
device and digit.
Of course, the notion of three-factor authentication is not new and
startling within the U.S. security community, but Chertoff probably
thought the concept was worth explaining to a broader audience of
Americans.
"Description means some piece of information or something
known to you, and not to anybody else, that can separate you from
the other person," he said. (Your mother’s maiden name or your
favorite pet’s name are classic examples.)
A device could be a traditional credit card, but it could
also be a cell phone that carries a token which serves as an
identification tool. "Many of you actually use cell phones as
identification devices now because you can get on the Internet with
your BlackBerry," said Chertoff. "You’re using an identification
device. So this is not some startling insight by me. It’s a
recognition of where we’re headed."
A digit, namely a person’s fingerprint biometric, could
serve as the third leg of the stool. "Your fingerprint is unique and
the ability to use that as an identifier, as we do, for example,
throughout the criminal justice system, gives us a third powerful
tool that we can use in order to make sure that we can separate real
people from impersonators," Chertoff added.
The DHS secretary said he can envision a time when individuals who
want to get on an airplane, transact business with a bank or gain
entry to a student dormitory will be asked to authenticate
themselves using the three D’s -- a description, a device and a
digit.
He’s probably right.
To view the article on Government Security News website, click the following link:
http://www.gsnmagazine.com/cms/features/news-analysis/998.html
Return to Top
Stopping ID Theft With Biometrics
June 19, 2008
Wall Street and
Technology
Accenture recommends the use of
biometric solutions — specifically, fingerprint readers -- to prevent
identity theft.
Consumers are pointing to themselves as the greatest threat to
secure online financial services. A recent survey by global
consulting firm Accenture reveals
that 88 percent of respondents
believe that personal irresponsibility is the top cause of identity
theft. Further, nearly half of respondents admit to being
careless with their online security by sharing or not properly
disposing of personal information.
Accenture surveyed 800 U.S. and U.K. consumers who use broadband or
high-speed Internet connections at home. One strategy that Accenture
recommends to counter users' lax attitudes toward security is the
adoption of biometric solutions. Specifically, the firm recommends
fingerprint readers to ensure the security of online transactions.
With the use of solutions such as
fingerprint readers, "The human problem is alleviated because,
unlike passwords, a fingerprint biometric cannot be readily shared,
lost or stolen," explains Rob Blau, VP of development for
UPEK, a fingerprint sensor vendor. "The technology largely removes
the human elements of credential management by shifting the burden
to technology without sacrificing usability."
Vendors such as UPEK are battling barriers to biometric adoption,
including a lack of consumer awareness of the benefits of biometrics
and the cost to financial services companies to deploy and support
fingerprint scanners. According to Blau, however, the attach rate of
fingerprint scanners for notebook computers and mobile phones is
increasing, and the cost of deploying the technology is expected to
subside.
To view the article on the Wall Street & Technology
website, click the following link:
http://www.wallstreetandtech.com/data-security/showArticle.jhtml?articleID=208700637
Return to Top
Survey Shows Highly Favorable Consumer Perceptions for Fingerprint Sensors
Tuesday January 29,
8:00 am ET
Online Banking, PC Security and E-Commerce Rated Highest among Desired
Fingerprint Sensor-Enabled Applications
MELBOURNE, Fla.--(BUSINESS WIRE)--According to a recent consumer survey, a
vast majority of U.S. consumers trust in the convenience and security
benefits of fingerprint authentication, especially as it relates to online
banking, PC security and electronic commerce (e-commerce) applications. The
survey indicates that a clear majority (77%) is ready to begin using
fingerprint sensors as part of their part of their day-to-day activities,
signaling the strong growth potential for broad consumer adoption
The
independent survey of U.S. consumers, sponsored by leading fingerprint
sensor and solutions provider AuthenTec (NASDAQ:AUTH ), shows two-thirds (66%) of consumers trust fingerprint biometrics
as a means of authentication more than traditional PINs or passwords while
68% perceive the use of a fingerprint sensor to be more convenient.
Surprisingly, a similar majority (67%) claimed to have little or no
knowledge of mainstream consumer electronic devices such as PCs and cell
phones that feature a fingerprint sensor, despite their widespread
availability. According to the survey results, 43 percent of respondents
believe that less than one million fingerprint sensors are in use today. In
fact, AuthenTec recently celebrated the shipment of its 25 millionth
fingerprint sensor to the global marketplace in November, 2007.
“The
survey reveals the chasm between strong end-user acceptance for fingerprint
sensor-enabled devices and yet the low level of awareness of the widespread
availability of products that feature our fingerprint sensors,” said
AuthenTec Chairman & CEO Scott Moody. “This feedback is a reminder to the
industry and consumer electronics manufacturers that there is a receptive
buyer eager to enjoy the convenient security of fingerprint sensors.”
Correlation: Adoption and Online Comfort Level
According to the survey, the more often an individual conducts online
banking and e-commerce, the more likely that person is to perceive the value
of using fingerprint sensors and to consider more online activity.
Two-thirds of survey respondents see the advantages of fingerprint sensors
and their associated benefits for online banking and e-commerce, and would
use the technology today to authorize payments and transactions online. As
well, information security concerns among respondents also increased with
more online activity.
Online Banking Rated as Most Desirable Application
-
When asked to rate their most desired
application, online banking was the clear winner with information
security second.
-
75% of respondents said they use online
banking services and 78% of those respondents said that, if available,
they would use a fingerprint sensor to make online banking
transactions more convenient and secure.
-
More than one third of those who do NOT
use online banking would be more inclined to do so if a fingerprint
sensor was part of the experience.
Consumers Think Creatively About Biometrics Applications
The broad consumer openness to using fingerprint-enabled devices revealed in
the survey mirrors the enthusiasm and creative thinking on the part of
hundreds of consumers who recently participated in the international Big
Ideas contest sponsored by AuthenTec. 25 winning ideas, including the Grand
Prize winning idea – a lockable diary that can only be opened by its owner –
were selected by a panel of technology enthusiasts.
Because
of the low cost and small size of AuthenTec’s sensors, many of the contest
ideas for fingerprint sensor uses are already being implemented today – from
fingerprint sensor-enabled PCs to uses in cell phones, GPS navigation
devices, door locks and a host of other consumer and business applications.
AuthenTec’s fingerprint sensors are based on the Company’s patented
TruePrint® technology which reads below the surface of the skin
to the live layer where the true fingerprint resides. The sensors bring
Power of Touch® features including security, convenience,
personalization and navigation to over 17 million PCs and more than 8
million cell phones worldwide.
About
the Survey
The survey, conducted in December, 2007 by independent online service
Zoomerang, sampled U.S. men and women between the ages of 21-55. AuthenTec
sponsored the survey as part of its ongoing effort to track consumer,
business and government market security trends. Complete survey results are
available at
http://www.authentec.com/technology-market-surveys.html.
Return to Top
In the first worldwide survey of its kind to
study consumer security preferences, the Unisys research also found that 66
percent of consumers worldwide also favored biometrics as the ideal method
to combat fraud and identity theft as compared to other methods such as
smart cards and tokens. This finding shows a slight increase from separate
research that Unisys conducted in September 2005, which found 61 percent of
consumers worldwide favored biometrics as the preferred method to fight
fraud and identity theft.
"This research is revealing since many
headlines today seem to question biometric adoption because of legitimate
privacy concerns," said Mark Cohn, vice president, homeland security
solutions, Unisys Corporation. "System developers and owners must address
those concerns so that these technologies can move toward the mainstream on
a large scale with appropriate protection and sensitivity."
The Ponemon Institute, a leading independent
firm that specializes in privacy and security research, conducted the survey
on behalf of Unisys. Additional interesting findings on biometrics include:
* Convenience was the top reason for
biometrics support with 82 percent citing the benefit of not having to
remember separate passwords or other login data. More than three quarters of
consumers cited improving the speed of the identity verification process as
their primary reason for using biometrics.
* Consumers from North America support
biometrics for identity verification more than any other region (71
percent), followed by Europe (69 percent) and Asia Pacific (68 percent). In
contrast, Latin Americans were the least supportive (58 percent).
Return to Top
SOMERS, NY--(MARKET WIRE)-Nov 16, 2005 - Shoppers are concerned that
their personal information is at risk of being stolen when they hit
the stores -- physically or virtually -- this holiday season,
according to an IBM survey of consumers. As a result, these shoppers
say they plan to shop differently, more conservatively and possibly
even spend less. Of those American consumers who plan to shop for
the holidays, almost two-thirds (61%) of respondents say they are
concerned for the safety of their personal and/or credit and debit
card information during the busy holiday shopping season. Nearly
half (49%) of those concerned believe their personal information is
in jeopardy, while another 46 percent worry about their credit card
information being stolen. More than one third (39%) are concerned
about having their debit card information stolen.
When asked what would
help alleviate their fears, nearly half of all consumers (49%) said
that biometric technology (a fingerprint ID system) would be helpful.
Click
here for full story
Return to Top
Biometrics gains British approval; 3 in 4 people now say they
would welcome its use...
October 17, 2006
M2 Presswire
The UK public is now overwhelmingly in favour of wider
biometrics use. Seventy-six per cent are more in favour of
biometrics than they were one year ago. The striking opinion
change comes after a year in which the UK has thwarted an
airline terrorist plot and 15 months after the London transport
bombings of July 2005.
Personal safety was identified as the
biggest driver for the change: three-quarters of people believed
it was important for combating terrorism. However, there is
widespread public confusion about what biometrics means in
practice, with the majority of people confused about the
terminology. In addition, concerns about civil liberties were
highlighted by almost a third of respondents.
These are the key findings of the TSSI
Biometrics in Britain Study 2006, undertaken by TSSI Systems,
Britain's document and identity security specialists.
Danny Chapchal, CEO of TSSI Systems said:
"I was astonished by the dramatic change in public opinion.
Eight in ten people changing their opinion in the last year is a
huge increase and can only be attributable to the terrorist
attacks. These have no doubt forced acceptance of biometrics
upon the nation, but a positive campaign of education is needed
to allay fears about its use."
Safety concerns Personal safety was
identified as the biggest driver for the change. Three-quarters
of people believed it was essential or important for combating
terrorism, with only 17 per cent viewing intelligence
information as more important to fight terrorism than
biometrics. 79 per cent of people were in favour or more
accepting about the introduction of biometrics for any travel
abroad.
A strong pattern of ambivalence was
evident over usage of biometrics in everyday situations, such as
in the rail, tube, retail and airline networks. People's primary
concern was for the safety of the individual, so that usage of
biometrics in airports received a resounding seal of approval.
Eight out of ten (77 per cent) approved of its use, with only
nine per cent actively against and the remaining respondents
undecided. Almost half approved of usage of biometrics in
Britain's underground tube networks. However, usage of
biometrics in banking and retail was rejected by 59 and 63 per
cent respectively.
Biometrics confusion The survey also
highlighted public confusion about what biometrics means in
practice. For example, when respondents were asked whether they
knew that they may be subjected to biometric checks when
travelling abroad, the majority (58 per cent) claimed ignorance.
However, nearly the same number (63 per cent) claimed they were
aware of the pending introduction of new international standards
that will mandate the logging face and optionally, fingerprint
data (ie, biometric data) on passports.
Civil liberties Concerns about civil
liberty infringements remain a pressing issue in the minds of a
significant proportion of the population. Nearly a third (28 per
cent) rejected the creation of a Government biometric database -
even if it led to better crime detection rates. While 54 per
cent were convinced of its benefits, a further 18 per cent
remained undecided and could join either camp with persuasion.
"Peace of mind is the biggest factor in
the change. But the trade off between security and convenience
is also an influence. The catastrophic delays and stringent
measures after the thwarted terror attack on UK airlines in
August 2006 appear to have pushed the British public towards
applications of convenience. Would they rather stand in a
security queue for hours at Heathrow, or be subjected to
biometric checks and get through quickly to the shops? It seems
people are now overwhelmingly opting for the latter," said
Chapchal.
Methodology TSSI surveyed 1000 people
between the ages of 18 and 60 at mainland stations in the UK in
September and October 2006. The TSSI Biometrics in Britain study
2006 management report with full details of the findings, issues
raised and recommendations can be requested from the following
website:
http://www.tssi.co.uk/biometrics.html .
Return to Top
Global research firms Nucleus
Research and KnowledgeStorm study released 10/17/06
One in three people write down computer passwords, undermining their
security, and companies should look to more advanced methods, including
biometrics, to ensure their systems are safe, according to this study performed
by global research firms Nucleus Research and KnowledgeStorm. The study went on
to report that companies' attempts to tighten IT security by regularly changing
passwords and making them more complex by adding numbers as well as letters had
no impact on security. Staff still had a tendency to jot down passwords
either on a piece of paper or in a text file on a PC or mobile device.
"This is really a lot like mom and
dad buying a great new security system for the house and junior
leaving the combination under the door mat," David O'Connell,
senior analyst at Nucleus Research, told Reuters. The study,
which surveyed 325 U.S. employees, found that a single sign-on
system is just as effective as more complex schemes and that
user education on the importance of proper password protection
did not deter employees from their lax habits.
"Passwords are high maintenance. People forget them, people lose
them, they have to be reset. Resending passwords is time
intensive and costly. It takes up time at a help desk," said
O'Connell. The report suggested companies look instead to
biometrics, such as voice recognition devices or thumbprint
scanners, .
"It's these higher order techniques that companies need to shift
to in order to get away from passwords," said O'Connell
Bank Customers Call For Tighter
Security
July 8, 2008
Customer Strategy
More than half
of bank customers (61%) concerned about the security of PIN, passwords and
‘secret data’ when used to confirm ID over the phone with a contact centre
agent and four in ten (42%) of people using telephone banking believe their
banks don’t take enough security measures to prevent fraud or identity
theft.
These are the key findings of a new survey from Speechstorm and Genesys that
investigated consumers’ attitudes towards current telephone banking security
measures and voice biometrics. The survey’s results send a clear message to
banks that they need to be more proactive in the use of technology, as over
a third of respondents would be inclined to move to an alternative bank if
it offered a more secure service such as voice biometrics as an identity
verification measure.
The research was conducted by SpeechStorm and Genesys during May and June
2008 under the guidance of University of Ulster’s Head of Voice
Authentication Research, Professor Michael McTear. During 30-minute
face-to-face interviews, 41 per cent of respondents revealed that they
believe their personal information is more secure when using an automated
systems than speaking to a live agent (36 per cent) when handling PIN and
passwords. Eighty six per cent of the candidates said they would be happier
to use either voice biometrics (28 per cent) or a blend of both voice
biometrics and PIN/Password (58 per cent) measures for telephone banking
identification and verification.
Return to Top
Identity Theft News: 2008 Data Breach Count is 69% Greater Than 2007
Thursday, 17 July 2008
ITRC Breach Meter Reaches
342, more than 69% greater than same time last year
Identity theft experts at The Identity Theft Resource Center (ITRC)
found that the data breach count has reached an all-time
high. Between January 1st and June 27th,
the total number of data breaches recorded by the ITRC is
342, more than 69% greater than the same time period in
2007. The actual number of breaches is more than likely
higher, due to underreporting, and the fact that some of the
breaches reported, which affect multiple businesses, are
listed as a single event. The BNY Mellon and SunGard data
exposures are examples of these “multiple” events. In one
case, the customers and/or employees of at least 45
“entities” were affected by a breach that the ITRC reported
as a single event.
1. The ITRC breach report sub-divides and tracks all breaches
into five categories. The following is a comparison of 2008
(as of June 27th) with annual totals from 2007
and 2006 identity theft statistics.
-
Business:
2008 - 36.8% 2007 - 28.9% 2006
- 21%
-
Educational:
2008 - 21.3% 2007 - 24.8% 2006
- 28%
-
Government/Military:
2008 - 17.0% 2007 - 24.6% 2006
- 30%
-
Health/Medical:
2008 - 14.9% 2007 - 14.6% 2006
- 13%
-
Banking, financial, credit:
2008 - 10.0% 2007 - 7% 2006 -
8%
2. In 2008, ITRC’s current report reveals that 58.8% of breach
events published the number of records involved, and that
39.4% of those having data exposures did not disclose the
number of records potentially exposed.
3. To date, electronic data breaches account for 80.7% of breach
events, and paper breaches are 19.3%.
4. ITRC further categorizes data into five types of data breach
scenarios. Some breaches, due to their nature, may be
counted in more than one category, and some may not be fit
into any of these categories. While human error and poor
data handling policies and procedures certainly played a
role in the 2008 data exposures, it appears that theft of
data, either by external or internal sources, is the primary
way information has been compromised.
ID Analytics, the leader in on-demand identity intelligence, also
cooperated with ITRC in its 2007 breach study, and found
that 39% of data exposures in 2007 were related to missing
or stolen devices. More importantly, the ID Analytics
analysis showed that the “malicious intent” categories
(Internal Data Theft / Internal Hacking or Intrusion /
Account Level Malicious Access / External Theft) comprised
25% of the total data exposure events. ITRC believes that
this indicates an increasing awareness by thieves of the
monetary value of personal identifying information
-
Insider Theft (stolen by someone inside the company):
2008 – 15.8% 2007 - 6.0%
-
Data on the Move (laptop, thumb drive, PDA, etc.):
2008 – 20.2% 2007 - 27.8%
-
Subcontractor (stolen or lost by a second party):
2008 - 13.5% 2007 - 11.4%
-
Hacking (stolen by someone outside of the company):
2008 - 11.7% 2007 - 14.1%
-
Accidental Exposure (inadvertent Internet/Web posting):
2008 - 15.2% 2007 - 20.2%
5. The Identity Theft Resource Center only included verified
breaches listed in newspapers and websites.
State AG listings have made public some breaches that would
otherwise have been unreported. ITRC would encourage more
states to publicly list all notification letters so that a
more complete record of known breaches can be compiled and
studied.
ITRC focuses primarily on the number of breaches, and not records
exposed. In almost 40% of breach events, the number of
records exposed is not reported or is not fully disclosed
publicly. This means the number of affected records is
incomplete, therefore misleading. The use of potentially
affected records, versus the number of breaches, generally
causes more concern and is exploitive. However, for a
reliable and credible report, ITRC focuses upon the number
and types of breaches. This is also the reason that ITRC
does not list the top ten breaches of the year. To list only
those who took the time to audit records and/or expose the
true number of potentially affected people is inaccurate.
To view the reports used to compile this study, go to the ITRC
website:
http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml
Return to Top
BIO-key gives retailers, financial institutions and
application
providers tools to easily build a secure, convenient authentication
solution!
BIO-key’s implementation
team can guide you through the steps to implement this extremely cost effective,
secure alternative to passwords, tokens and PINs, while maintaining a
smooth user experience.
BIO-key gives you the ability
to positively identify users before granting them access to your valuable
corporate resources, web portals or applications in seconds. Powered by our
patented Vector Segment Technology™ our solutions help you seamlessly integrate
fingerprint biometrics into your applications. Compatible with most major
operating platforms and databases, BIO-key development tools deliver a tangible
return on your security platform investment that:
·
Quickly & Accurately Identifies Users
·
Improves User Convenience
·
Lowers Operating Costs
Click Here to contact your BIO-key account team or email us at
sales@bio-key.com
Return to Top
|
Register
to receive our Newsletter
