Biometrics a Means to Defeat Sensitive Data Loss?
Biometrics a Means to Defeat Sensitive Data Loss?
December 3, 2007: The HMRC scandal in the UK last month has brought big brother’s data security credentials into question and prompted many industry pundits to speak out. VeCommerce’s General Manager for one has spoken up about reducing the reliance on sensitive data as a means to eradicate fraud.
VeCommerce is a voice recognition and verification specialist, and it claims that when the HMRC (Her Majesty’s Revenue and Customers) office lost the two discs containing the personal details of 25 million UK citizens, there would have been far less cause for concern if there wasn’t such a heavy emphasis on storing personal data for verification purposes.
The firm’s General Manager for EMEA, Brett Feldon, claims that the HMRC incident is just the tip of the iceberg and a manifestation of what is happening on a smaller scale, every single day.
“Unfortunately it has taken a larger breach such as this, to bring the issue to a wider audience. Yes, there were certainly shortfalls in HMRC’s security procedures, but the risks come from the fact that individuals have access to sensitive information,” says Feldon.
“These can include a large range of groups including professional hackers organised crime or even a call centre operative. The question is less about ‘how secure is our data’ but why are we relying so heavily on this data for verification purposes. If we didn’t this whole incident would have been a non issue.”
Feldon says that what should be scruitinsed is not necessarily the actions of the employee or department that lost the discs, but rather how it might be possible to nullify the effects of personal data falling into the wrong hands.
“At present, this type of information, that it is assumed only the legitimate individual has access to, is used to verify someone’s identity and subsequently gives them the power to open bank accounts, make purchases, transfer funds or even apply for a passport under someone else’s name,” he says.
Feldon nominates biometrics as one way identity issues could be attacked, with individual voice prints used to by-pass the need for sensitive data to be stored in, as we see from the HMRC scandal, potentially insecure databases.
While privacy advocates may still have objections on this front, Feldon claims that if a biometrics system is in place, losing this data would be embarrassing for the organisation concerned, but not dangerous.
UK financial institutions are currently looking into voice biometrics as a means of verification, while some insurance firms in Australia are already using these authentication systems.
Feldon adds that access to data should be granted to a few trained IT technicians, rather than to employees en masse. “Isn’t it far more secure and more cost-effective in the long-run to allow just a few trained IT personnel access to this sensitive data, rather than try and train and control literally thousands of call centre staff and administrators, distributed around the world?”
Comment on this story