Thursday, June 22, 2017

Identity solution found for the world’s vulnerable population?

Photo of Turkish refugees in Chios, Greece, 2016


ID2020 is an organization whose mission is to enable the world’s “invisible” population to have a digital identity. An estimated 1.1 billion people have no official documentation of any kind. A disproportionate number of these people are women and children who struggle to access critical social services and benefits. The goal is to work with governments to implement standardized, secure, low-cost identity management solutions.

At ID2020’s “Platform for Change” Summit, recently held at the United Nations in New York, Accenture, Microsoft and Avanade presented a new identity platform solution based on biometrics and blockchain. Blockchain allows digital information to be distributed – but not copied – allowing a secure and credible way to access data such as biometric information.

Accenture has launched a prototype identity system using blockchain technology by Enterprise Ethereum Alliance, running on Microsoft’s Azure cloud computing platform. The system will use fingerprint or iris biometric scans to authenticate identity in a decentralized manner.

The United Nations has supported using biometric registration and background screening to process refugees. This allows countries the security of knowing who is within their borders. It facilitates programs that offer support and services, which helps keep refugees from falling into the hands of traffickers, and makes them less vulnerable to terrorist organizations.

The UNHCR (UN Refugee Agency) has been working to put biometric ID programs in place for refugees around the world, including Thailand, South Sudan and Chad. These programs have been put in place with government collaboration.

ID2020’s first goal is achieve “technical proof of concept and evaluating multiple avenues to scale" by 2020. By 2030, the goal is to provide “every person on the planet” a digital identity. ID2020 is a private and public partnership in support of the UN’s Sustainable Development Goal 16.9.


ID2020 Supporters Create Identity Solution Based on Blockchain, Biometrics

Alex Perala, June 19, 2017, on FindBiometrics.com


ID2020 Summit 2017, July 19, 2017, United Nations, NY


What is Blockchain Technology? A Step-by-Step Guide For Beginners


Monday, June 19, 2017

U.S. Citizens and Legal Residents in Australia, Accurate Biometrics can assist with your background checks

Photo of Sydney Opera House with 2016 postal stamps

Accurate Biometrics is  approved by the Australian Government to provide fingerprint based background checks for Immigration.

Accurate Biometrics is an approved FBI channeler providing  “Identity History Summary Checks” – Departmental Order 566-73, for individuals seeking a background check to live, work, or teach abroad. Accurate Biometrics is able to provide email delivery service of your Identity History Summary Checks to facilitate the process of American Citizens abroad in Australia.

Requirements for Immigration  are outlined on the Australian Government website

Details on obtaining one’s FBI Identity History Summary Check through Accurate Biometrics, are available on our website

For more information: 866-361-9944 or info@accuratebiometrics.com

Friday, June 9, 2017

Hong Kong moving to biometric ID for ATM use?

Photo of Hong Kong at night


Hong Kong seeks to learn from the experience of nearby Macau, a resort town in Southern China known for its casinos and luxury hotels. Macau has seen the number of reports of suspicious financial transactions skyrocket recently, and last month announced it would start facial recognition scanning of bankcard customers using ATMs.

Hong Kong is now studying the use of biometric authentication of its ATM users. The Hong Kong Monetary Authority is interested in fingerprints or facial recognition scanning, but has concerns about reliability. Some question whether the new biometric technology is mature and safe enough. Authentication may end up requiring a pin or password in combination with biometric ID for multilayer security.

Last year the number of police reports of suspicious financial transactions more than tripled in Macau, while the number of convictions decreased by over a third, leaving investigators struggling to cope. The total cash withdrawals at ATM machines in Macau topped out over HK $10 billion in a month (about 1.3 million USD), creating concerns over money laundering and capital flight.

The need for updated technology and security for financial transactions in Hong Kong is clear. Hong Kong would like to prevent displaced financial fraud coming to its shores. Hong Kong is evaluating options, and may soon move ahead with biometric security. Hong Kong has previously announced the introduction of facial recognition scanning at airport departure gates.


Hong Kong considering using facial or fingerprint recognition in ATMs

Justin Lee, May 31, 2017, for BiommetricUpdate.com


Hong Kong Monetary Authority mulls using facial recognition and fingerprint technology in ATMs

Phila Siu, May 29, 2917, for South China Morning Post, Banking and Finance


Thursday, June 1, 2017

Biometric ID update 2017 – secure, convenient and growing rapidly

Photo of Smartphone User


Deloitte Global predicts that the number of mobile devices that include fingerprint readers will top 1 billion this year. About 80% of smartphone users will use fingerprint authentication regularly. An average user will log-on 30 times a day, totaling over 10 trillion fingerprint readings globally throughout the year. While three years ago only premium smartphones had this technology, fingerprint readers are expected to become as standard as cameras on smartphones, tablets and laptops.

Part of the growth of fingerprint authentication is the ease of use. It’s difficult to remember multiple “strong” passwords. By 2020, it’s projected that the average user may have 200 online accounts that require authentication. Fingerprint authentication is easy to set up. Once set up, authentication takes only a second or two as the device checks the matched image stored internally, not "in the cloud". 

While early fingerprint sensors were relatively easy to spoof (fool), newer sensors have ultrasonic technology that captures more detailed images for greater security. Voice readers are hard to use in noisy areas, and voices are easily recorded. Facial recognition works best in good lighting, similar to the original reference picture. It’s sensitive to reflections from glasses or contacts. Facial scans may be spoofed with a photograph. Alternative methods of biometrics authentication account for about 5% of the market compared to 40% for fingerprint readers. 

Current and potential uses of fingerprint ID authentication are growing and include:
  • Financial transactions – 43% of adults in developed markets use their phones to access their bank accounts
  • Retail transactions – a fingerprint reader could be used to provide fast, convenient 1-touch checkout
  • Enterprise use – a fingerprint reader could be used for building access, online intranet access, or timesheet authentication
  • Media access – a fingerprint reader could be used to allow access to paid premium online news and entertainment, and prevent sharing of passwords
  • Government – biometrics including fingerprints could be used to authenticate and simplify tax payments and enable e-voting
Along with fingerprint readers, smartphones and mobile devices can have enhanced security with behavioral biometrics. The device learns the user's typing habits and location information, and checks against that profile when user authentication is needed. Blended use of different biometric inputs, known as multifactor authentication, is expected to become increasingly popular.


Biometric Security Comes of Age 

By  Paul Lee and Duncan Stewart, a Deloitte Insights Article, published in CIO Journal, Wall Street Journal online, March 16, 2017




Thursday, May 25, 2017

Visa and Neon Bank launch selfie pay in Brazil

Photo of a woman shopping via cell phone

Facial biometric identity authentication has been in use by Neon Bank’s 100% digital customers for their bank transactions for almost a year. Now biometric identity authentication by selfie will be used to approve internet purchases. The expected level of accuracy is 99.5%. 

Fernando Mendez, vice president of emerging products for Visa Latin America says the new selfie pay service will facilitate remote payments and be in in sync with consumer trends. Selfie pay will combine security with convenience, improving the customer’s shopping experience.

Using selfies will not replace PIN numbers or fingerprints for physical purchases. A selfie would be required only if the retail establishment requires it for identity verification before completing a transaction. Neither the user nor the commercial establishment receive the selfie taken during the purchase process; it is encrypted and sent to the bank’s databank. 

The impact on reducing fraud in e-transactions has not been calculated, but the service is expected to stimulate commerce and the number of transactions. Percival Jatoba, Visa Brazil’s vice president for products expects to see rapid growth for selfie pay in Latin American countries, as well as other new biometric authentication methods, a person’s heartbeat for example.

Visa, Brazil’s Neon Bank Launch Online ID Service Using Selfies

Latin American Herald Tribune article published May 11, 2017

Thursday, May 18, 2017

An update on the world’s largest biometric database – and it's not in the U.S.

Photo of rural Indian women by McKay Savage


India’s government established an ambitious goal – adding its population of over 1.3 billion people to a biometric database which includes fingerprints, iris scans and photographs. The program was largely developed to aid the poor by streamlining benefits and providing a means of identity – needed to get a driver’s license or apply for a bank account. Linking the 12 digit Aadhaar number to a bank card allows the government to directly transfer cash benefits and subsidies, helping to prevent fraud. This amount of change is not without great challenges. Among the concerns are…

Errors
A Twitter account called “Rethink Aadhaar” gives witness to Indians who have suffered because scanners didn’t read their fingerprints correctly, or because their information (such as the spelling of a name) was incorrectly recorded in the database in the first place.

Rapid Expansion
An Aadhaar number is now required to pay taxes, collect pensions, obtain welfare benefits – and it's even needed by children register for school. Those without an Aadhaar number have trouble getting essential benefits, including food. Children who don’t have yet have an Aadhaar number are getting turned away at school registration.  

Problems in Rural Areas
Rural villages don’t routinely register births. Also many rural Indians only have one name. This makes it difficult to get a birth certificate, usually required to get an Aadhaar number. Cell phone reception is also a problem in rural areas. Without the means for a scanner to connect to the internet, how will ID authentication be made? 

Unsecured Data
The Center for Internet and Security in New Delhi reported recently that Indian federal and state agencies had published up to 135 million Aadhaar numbers on unsecured websites. With the possibility for leaks such as this, many are worried that their biometric data is not safe. Unlike a PIN number which is easily changed, biometric data once compromised is compromised for life.

Privacy Concerns
A program that was once thought to be voluntary is now becoming mandatory, but not without legal challenge. In response to lawyers arguing that Indians should not be forced to share their biometric data, Atty. Gen. Mukul Rohatgi “countered that Indians had no constitutional right to privacy and could not claim an ‘absolute right’ over their bodies.” Activists are concerned that government intelligence agencies will use Aadhaar database information to spy on citizens.

Supporters say the Aadhaar program will “transform governance,” saving India billions of dollars by curbing tax evasion, and by ensuring that subsidy money is not stolen by middleman. But it’s important that a program designed to be "hugely empowering" for the poor doesn’t leave the poor behind. That no Indians should be prevented from getting essential services.


India is building a biometric database for 1.3 billion people — and enrollment is mandatory

By Shashank Bengali, Contact Reporter, Mumbai, India. Published May 11, 2017, the LA Times online 


Photo credit: McKay Savage from London, UK [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons (Rural Women)

Friday, May 12, 2017

Could a master fingerprint unlock your mobile device?



No two people are believed to have the matching fingerprints, but could similarities between partial prints be enough to pass the security check on your smartphone or mobile device?

Fingerprint authentication sensors on smartphones are small and only capture a partial print. Also, many smartphones allow users to save several prints to be used for verification. Identity is confirmed when any of these prints is found to be a match.

Nasir Memon, a professor at New York University Tandon School of Engineering, leads a research team that decided to try and see if a master fingerprint could be created that would be good enough to fool current commercial fingerprint verification sensors and software.

Using a sample of 8200 partial prints, Nasir’s team found an average of 92 potential MasterPrints for every randomly sampled batch 800 partial prints. They found just 1 potential MasterPrint out of every randomly samples batch of 800 full prints. (A MasterPrint was defined as a print that would match about 4% of the prints in a random batch of 800.) It was evident that a partial print fingerprint reader had a much greater chance of being spoofed than a full print reader. 

With their created MasterPrints, the team reported successful matches with 26 to 65% of users, depending on how many partial prints were stored on the device, and how many log-in attempts were allowed. In comparison, a hacker trying the number 1-2-3-4 has about a 4% chance of successfully logging in to a random smartphone by PIN number.

The researchers emphasize that their testing was done is a synthetic environment, but their research led them to a couple recommendations. Their high matching results reinforce the need for a multi-factor authentication system. Also, fingerprint sensors on smartphones and mobile devices would benefit by having improved resolution to capture additional fingerprint features. If the resolution is not improved, it’s possible that a users prints can be compromised, and thus the security of the smartphone.


Biometric securityPartial fingerprints sufficient to trick biometric security systems on smartphones 


Published April 12, 2017 on Homeland Security News Wire