Safer electronic financial transactions on the way

ISO has just published a standard to increase the security of financial transactions over electronic media. The new standard, ISO 19092:2008, Financial services - Biometrics - Security framework, establishes the security requirements for the implementation and management of state-of-the-art biometric identification technology within the financial industry.

The development of computer-based technologies has brought about a revolution resulting in a proliferation of electronic transactions. This has produced a phenomenal reduction in costs and improved efficiency within the financial industry. Trillions of dollars in funds and securities are transferred daily on payment and other financial systems through telephone, wire services and other electronic communication mechanisms.

According to ISO 19092:2008, the sheer volume and value of such transactions exposes the financial community and its customers to severe risks from accidental or deliberate alteration, substitution or destruction of data. There is therefore a strong need for an ironclad authentication method.

Biometrics is increasingly considered as a reliable means of identification. It includes technologies such as finger image, voice identification, eye scan and facial image. Its advantage and appeal lies in its convenience and ease of use, its level of apparent security, performance and non-invasiveness.

A recently released analysis of worldwide market data from 2007 reveals a greater than 10 times increase in the number of new models of mobile phones launched that protect user data through fingerprint recognition. Just as fingerprint sensors became a standard feature in notebook PCs starting in 2005, a market inflection point has been reached in the mobile phone market, with more than 20 new fingerprint models introduced this past year.

“With mobile phones of all forms carrying ever-more sensitive data and now acting as wallets, it's clear that mobile users will want the combination of security and convenience inherent in fingerprint sensors,” says Craig Mathias, a principal at the wireless and mobile advisory firm Farpoint Group. “In 2007 we saw clear momentum as fingerprint sensors expanded from laptop to handset - and the beginnings of broad adoption in the mobile phone market.”

Evident from the 2007 figures is Atrua Technologies' position as the industry's leading provider of fingerprint recognition solutions for the mobile phone segment of the market. Atrua's fingerprint solution is referred to as a fingerprint touch control, because it is a dual functionality device providing both fingerprint authentication and touch navigation. Atrua's fingerprint sensors were the first specifically designed to serve the needs of mobile phones by providing important features such as low power consumption and the need for few host processor resources, while only requiring a few additional external passive components, seemingly key factors in their dominance of this demanding market.

ISO 19092:2008 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application.

The standard presents the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner. It promotes the integration of biometrics into the financial industry and the management of biometric information as part of the overall information security management programme of the organization.

“ISO 19092 offers a valuable international consensus-based tool to the financial industry that will encourage the secure implementation of biometrics as an authentication method within this sector. This standard is one step ahead, paving the way for the next generation of safer and more reliable financial transactions, increasingly important in today's electronic era,” comments Mark Lundin, chair of the ISO subcommittee who developed the standard (subcommittee SC 2, Security management and general banking operations from ISO technical committee ISO/TC 68, Financial services).