TODAY: 9th Sep 2010
NEWS & WHITE PAPERS   |   STANDARDS   |   VIEW VIDEO   |   NEWSLETTER   |   HOME  
KeCrypt
NEWS & WHITE PAPERS

As the UK’s leading developer of dynamic biometrics signature verification systems, we will seek to publish the latest news and development information as a service to OEMs.
COMPANY HIGHLIGHTS
Keep Informed: If you would like to be kept informed about security developments and applications, subscribe to our Newsletter ...more

KeCrypt Systems Limited
PO Box 10455,
Colchester,
Essex
CO1 9GP
United Kingdom

Tel: +44 (0)20 3287 4301

   
   
NEWS ARTICLES  
The Unsecured State of America

Unique biometric security option to solve online banking fraud

 

Online fraud is a growing threat worldwide – especially in the US where Banks are reluctant to adopt new technologies.  Introducing ever more complicated PIN, username and password combinations merely antagonises the customer without deterring the fraudster.

 

Biometric solutions are seen to be the answer.  But the traditional, user-friendly signature is dismissed as being too easy to forge.   Except that a UK company – KeCrypt Systems – has just made forgery impossible.

 

 

KeCrypt  - impossible to fake, fool or forge.

 

The KeCrypt Solution is unique in identity management in that it doesn’t ever record an image or a template of the signature.  So there’s nothing to copy or steal.  It’s all done by recording the dynamic biometric components of the signature – such as its speed and pressure. 

 

These dynamic biometrics are simply impossible for someone else to recreate, no matter how much time they might have.  A KeCrypt Signature cannot be faked or forged.  The verification process cannot be fooled.

As a number of major trials have already proved, this patented solution is 100% secure. *

 

The Unsecured State of America

 

The 2005 Identity Fraud Survey by the US Better Business Bureau indicated that 9.3 million American adults were victims of identity theft/fraud within the last 12 months, and that it had cost the U.S. $52.6 billion.  In January, Gartner - probably the world’s foremost IT research analysts - reported that almost half of internet users said that concerns about online attacks had affected their online shopping behaviour.

 

So in August the US Federal Financial Institutions Examination Council (FFIEC) published a guidance entitled Authentication in an Internet Banking Environment (see www.ffiec.gov/pdf/authentication_faq.pdf). Its aim is to spur US Banks into moving beyond simple password-based authentication and into providing more secure access to Web-based financial services by the end of the year.

 

However, Gartner estimates that while most US Banks may have improved their authentication procedures by the target date, only about 25% will have actually invested in more effective technology.

 

Not putting the customer first

 

Naturally Banks assess the benefits to them against the cost of implementing any new system.  It can be cheaper to complicate the process at the customer end, and so give the impression of greater security, than invest in new technology that will actually deliver it.

 

So all in all it’s not surprising that, as Gartner observes, It won't be the "gold rush" that authentication vendors are hoping for because 60 percent of U.S. banks will respond by implementing homegrown security solutions. In the end, user profiling and transaction anomaly systems, accompanied by out-of-band authentication for the riskiest transactions, will win market share, because this strategy is the most effective.’  

 

What this ignores, however, is that customers resent any additional hurdles that Banks impose between them and accessing their own money.  Worse still, customers resent banks using different systems, obliging them to remember a plethora of different procedures.  And at the end of it all, many of the systems are themselves complex, tedious – and still not that effective! 

 

Gartner ends with the ominous warning that ‘thieves will continue to find ways around most stronger authentication implementations.’

 

Authentication – finding the genuine article

 

Authentication methods fall into three broad types:

  • Something you know – a password, PIN, a piece of personal information…
  • Something you have – a token, a swipe card, a smart card, a passport…
  • Something you are (a biometric) – your voice, fingerprint, signature, a face or iris scan…

 

PINs and passwords are vulnerable to being forgotten, given away, observed by others, or otherwise obtained (“social engineering”).  Cards can be stolen and/or forged.  It’s true that a combination of these methods can help against fraud. Combine either with a biometric and both usability and security are improved.  This assumes, though, that the performance and capability of the biometric technology is sufficiently high.

 

Biometrics get thumbs up from customers.  But which is best?

 

In May 2006 a Gartner survey of 5000 online customers found that ‘using devices for authentication was the least preferred security method.’  It also identified biometrics as providing the greatest degree of security – so, attractive from the customers’ point of view. Unsurprisingly, they felt that they also had the highest cost of implementation – so not so attractive to the Banks.

 

Now that was mainly due to the biometric systems that Gartner chose to evaluate.  Their choice was between fingerprint, iris and facial scanning, voice analysis and typing rhythm.  Unfortunately, even under the best conditions, these are subject to false positives and can be affected by an individual’s state of health, environmental conditions, hardware problems, eye colour and even their occupation.  Fingerprint and eye scans have even been accepted without the presence of their owners!

 

The survey, however, overlooked the most obvious biometric contender – the signature!  It’s a method that’s natural, familiar, authoritative and easy to use.  They’re unique to an individual, cannot be lost or damaged and can be easily up-dated when customers change their names.

But signatures have an obvious flaw.  Biometric signature solutions have always depended on storing an analogue template, which makes them vulnerable to abuse.

Until now, that is. 

KeCrypt, a British company, has perfected a new dynamic technology which overcomes this fundamental flaw.  It is the simplest yet most robust biometric solution available.

 

KeCrypt on trial

 

To assess the viability of the KeCrypt signature verification in a working environment, a trial was carried out in the pharmacy departments of a number of London hospitals.  Within a pharmacy and prescribing environment a signature is used to authorise a wide range of activities.  Apart from demonstrating its effectiveness in workflow management, the trial showed that the KeCrypt biometric signature has a high level of user acceptance plus a high level of accuracy - and most importantly, all attempts at forgery were rejected.

 

A copy of the NHS Trial White Paper can be downloaded at www.kecrypt.com/news.php

 

Bank on KeCrypt

 

To confirm Europe’s lead in this area of online security, a major UK Bank is already looking at KeCrypt Signature in workflow and online banking environments with the view to trialling next year and rolling out to customers soon after.

 

For a more detailed analysis of online verification systems, take a look at this News item on our KeCrypt website:

http://www.kecrypt.com/news_view.php?mode=news&opt=read&lid=35624

 

 

*Sign up for your own KeCrypt test

 

There’s nothing like a demonstration to prove the point.  If you have a Tablet PC or PDA then you can install the KeCrypt Signature demo.   Just follow this link to our Contact Us page and ask for our Demo CD - http://www.kecrypt.com/contact.php

 

Then record your signature and challenge anyone in the office to forge it. As you’ll discover, NOBODY will be able to copy what you do!

 

 

 

About KeCrypt Systems

 

KeCrypt Systems is the UK’s leading biometric signature security company focusing on Identity Management. The KeCrypt Solution is unique in identity management in providing a user verification process that’s impossible to fake, fool or forge.

 

KeCrypt Signature is available to Financial Institutions as a simple plug-in to any Identity Management application.  Recognition and authorization is equally straightforward, whether done at home or at any intermediary location, such as a retail outlet.

 

About John Dale

 

John Dale is Managing Director of KeCrypt Systems Ltd, a company he founded to ensure the commercial development of a unique e-commerce security product.  This was based on a patented software suite developed during the seven years in which John headed up Marconi’s Military Communications Division.  This software enabled safe communication from remote computing devices to a secure web site - anytime, anywhere.   It was, in fact, the world’s first successful full implementation of RSA secure communication technology on a remote device.

 

With over 25 years’ business and IT experience in the management of high security systems for multi-million pound enterprises, John Dale is now regarded as one of the UK’s foremost exponents of security biometrics.  In 2006 he was appointed to serve on a BSI committee as part of the UK contribution to the International (ISO) standards on biometrics.

 

 

 

KeCrypt Systems Limited

Business & Technology Centre

Bessemer Drive

Stevenage

Hertfordshire SG1 2DX

UK

Tel: +44 (0)1438 791026

Fax: +44(0)1438 791086

 

Website: www.kecrypt.com


Published: Thu.02.Nov.06
© 2010 KeCrypt. All rights reserved.